Page 65 of 8983 results (0.007 seconds)

CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0

CVE-2023-37207 – Mozilla: Fullscreen notification obscured

https://notcve.org/view.php?id=CVE-2023-37207

A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13. The Mozilla Foundation Security Advisory describes this flaw as: A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. • https://bugzilla.mozilla.org/show_bug.cgi?id=1816287 https://lists.debian.org/debian-lts-announce/2023/07/msg00006.html https://lists.debian.org/debian-lts-announce/2023/07/msg00015.html https://www.debian.org/security/2023/dsa-5450 https://www.debian.org/security/2023/dsa-5451 https://www.mozilla.org/security/advisories/mfsa2023-22 https://www.mozilla.org/security/advisories/mfsa2023-23 https://www.mozilla.org/security/advisories/mfsa2023-24 https://access.redhat.com/security • CWE-290: Authentication Bypass by Spoofing CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') •

CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0

CVE-2023-37202 – Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey

https://notcve.org/view.php?id=CVE-2023-37202

Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13. The Mozilla Foundation Security Advisory describes this flaw as: Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free. • https://bugzilla.mozilla.org/show_bug.cgi?id=1834711 https://lists.debian.org/debian-lts-announce/2023/07/msg00006.html https://lists.debian.org/debian-lts-announce/2023/07/msg00015.html https://www.debian.org/security/2023/dsa-5450 https://www.debian.org/security/2023/dsa-5451 https://www.mozilla.org/security/advisories/mfsa2023-22 https://www.mozilla.org/security/advisories/mfsa2023-23 https://www.mozilla.org/security/advisories/mfsa2023-24 https://access.redhat.com/security • CWE-416: Use After Free •

CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0

CVE-2023-37201 – Mozilla: Use-after-free in WebRTC certificate generation

https://notcve.org/view.php?id=CVE-2023-37201

An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13. The Mozilla Foundation Security Advisory describes this flaw as: An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS. • https://bugzilla.mozilla.org/show_bug.cgi?id=1826002 https://lists.debian.org/debian-lts-announce/2023/07/msg00006.html https://lists.debian.org/debian-lts-announce/2023/07/msg00015.html https://www.debian.org/security/2023/dsa-5450 https://www.debian.org/security/2023/dsa-5451 https://www.mozilla.org/security/advisories/mfsa2023-22 https://www.mozilla.org/security/advisories/mfsa2023-23 https://www.mozilla.org/security/advisories/mfsa2023-24 https://access.redhat.com/security • CWE-416: Use After Free •

CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0

CVE-2023-36053 – python-django: Potential regular expression denial of service vulnerability in EmailValidator/URLValidator

https://notcve.org/view.php?id=CVE-2023-36053

In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very large number of domain name labels of emails and URLs. A regular expression denial of service vulnerability has been found in Django. Email and URL validators are vulnerable to this flaw when processing a very large number of domain name labels of emails and URLs. • https://docs.djangoproject.com/en/4.2/releases/security https://groups.google.com/forum/#%21forum/django-announce https://lists.debian.org/debian-lts-announce/2023/07/msg00022.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NRDGTUN4LTI6HG4TWR3JYLSFVXPZT42A https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XG5DYKPNDCEHJQ3TKPJQO7QGSR4FAYMS https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJO • CWE-1333: Inefficient Regular Expression Complexity •

CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 2

CVE-2023-3338 – Crash due to a null pointer dereference in the dn_nsp_send function

https://notcve.org/view.php?id=CVE-2023-3338

A null pointer dereference flaw was found in the Linux kernel's DECnet networking protocol. This issue could allow a remote user to crash the system. • https://github.com/TurtleARM/CVE-2023-3338-DECPwn https://access.redhat.com/security/cve/CVE-2023-3338 https://bugzilla.redhat.com/show_bug.cgi?id=2218618 https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html https://seclists.org/oss-sec/2023/q2/276 https://security.netapp.com/advisory/ntap-20230824-0005 https://www.debian.org/security/2023/dsa-5480 • CWE-476: NULL Pointer Dereference •