CVSS: 4.3EPSS: 0%CPEs: 9EXPL: 0CVE-2023-28336 – Moodle: teacher can access names of users they do not have permission to access
https://notcve.org/view.php?id=CVE-2023-28336
23 Mar 2023 — Insufficient filtering of grade report history made it possible for teachers to access the names of users they could not otherwise access. • https://bugzilla.redhat.com/show_bug.cgi?id=2179426 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 1CVE-2023-1289 – Debian Security Advisory 5628-1
https://notcve.org/view.php?id=CVE-2023-1289
23 Mar 2023 — A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to a segmentation fault, generating many trash files in "/tmp," resulting in a denial of service. When ImageMagick crashes, it generates a lot of trash files. These trash files can be large if the SVG file contains many render actions. In a denial of service attack, if a remote attacker uploads an SVG... • https://bugzilla.redhat.com/show_bug.cgi?id=2176858 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 2CVE-2023-1534 – Chrome GL_ShaderBinary Untrusted Process Exposure
https://notcve.org/view.php?id=CVE-2023-1534
21 Mar 2023 — Out of bounds read in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) It was discovered that Chromium did not properly manage memory in several components. A remote attacker could possibly use this issue to corrupt memory via a crafted HTML page, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that Chromiu... • https://packetstorm.news/files/id/171961 • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-1533 – Debian Security Advisory 5377-1
https://notcve.org/view.php?id=CVE-2023-1533
21 Mar 2023 — Use after free in WebProtect in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) It was discovered that Chromium did not properly manage memory in several components. A remote attacker could possibly use this issue to corrupt memory via a crafted HTML page, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that Chromium could be made to access memory out of ... • https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop_21.html • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 1CVE-2023-1532 – Debian Security Advisory 5377-1
https://notcve.org/view.php?id=CVE-2023-1532
21 Mar 2023 — Out of bounds read in GPU Video in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) It was discovered that Chromium did not properly manage memory in several components. A remote attacker could possibly use this issue to corrupt memory via a crafted HTML page, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that Chromium could be made to access memory out ... • https://packetstorm.news/files/id/171959 • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2023-1531 – Debian Security Advisory 5377-1
https://notcve.org/view.php?id=CVE-2023-1531
21 Mar 2023 — Use after free in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) It was discovered that Chromium did not properly manage memory in several components. A remote attacker could possibly use this issue to corrupt memory via a crafted HTML page, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that Chromium could be made to access memory out of bound... • https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop_21.html • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-1530 – Debian Security Advisory 5377-1
https://notcve.org/view.php?id=CVE-2023-1530
21 Mar 2023 — Use after free in PDF in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution. Versions greater than or equal to 113.0.5672.126 are affected. • https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop_21.html • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-1529 – Debian Security Advisory 5377-1
https://notcve.org/view.php?id=CVE-2023-1529
21 Mar 2023 — Out of bounds memory access in WebHID in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a malicious HID device. (Chromium security severity: High) It was discovered that Chromium did not properly manage memory in several components. A remote attacker could possibly use this issue to corrupt memory via a crafted HTML page, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that Chromium could be made to access me... • https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop_21.html • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-1528 – Debian Security Advisory 5377-1
https://notcve.org/view.php?id=CVE-2023-1528
21 Mar 2023 — Use after free in Passwords in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) It was discovered that Chromium did not properly manage memory in several components. A remote attacker could possibly use this issue to corrupt memory via a crafted HTML page, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that Chromiu... • https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop_21.html • CWE-416: Use After Free •
CVSS: 10.0EPSS: 3%CPEs: 15EXPL: 1CVE-2023-27533 – curl: TELNET option IAC injection
https://notcve.org/view.php?id=CVE-2023-27533
21 Mar 2023 — A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system. Harry Sintonen discov... • https://hackerone.com/reports/1891474 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-75: Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) •