CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-3422
https://notcve.org/view.php?id=CVE-2023-3422
Use after free in Guest View in Google Chrome prior to 114.0.5735.198 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) • https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop_26.html https://crbug.com/1450397 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KREKCQTJDVI2AEBG5ECZPSOQXIC2L5XL https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBAHED5YFJPRGSEKNZIYHZBGSVHGEHOH https://security.gentoo.org/glsa/202401-34 https://www.debian.org/security/2023/dsa-5440 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 1%CPEs: 3EXPL: 0CVE-2023-3421
https://notcve.org/view.php?id=CVE-2023-3421
Use after free in Media in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) • https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop_26.html https://crbug.com/1447568 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KREKCQTJDVI2AEBG5ECZPSOQXIC2L5XL https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBAHED5YFJPRGSEKNZIYHZBGSVHGEHOH https://security.gentoo.org/glsa/202401-34 https://www.debian.org/security/2023/dsa-5440 https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1751 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 1%CPEs: 3EXPL: 0CVE-2023-3420
https://notcve.org/view.php?id=CVE-2023-3420
Type Confusion in V8 in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) • https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop_26.html https://crbug.com/1452137 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KREKCQTJDVI2AEBG5ECZPSOQXIC2L5XL https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBAHED5YFJPRGSEKNZIYHZBGSVHGEHOH https://security.gentoo.org/glsa/202401-34 https://www.debian.org/security/2023/dsa-5440 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 8.4EPSS: 0%CPEs: 5EXPL: 3CVE-2023-36664 – ghostscript: vulnerable to OS command injection due to mishandles permission validation for pipe devices
https://notcve.org/view.php?id=CVE-2023-36664
Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix). Artifex Ghostscript a través de 10.01.2 maneja mal la validación de permisos para dispositivos pipe (con el prefijo %pipe% o el prefijo | pipe character). A vulnerability was found in Ghostscript. This flaw occurs due to a mishandled permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix). • https://github.com/jakabakos/CVE-2023-36664-Ghostscript-command-injection https://github.com/jeanchpt/CVE-2023-36664 https://github.com/churamanib/CVE-2023-36664-Ghostscript-command-injection https://bugs.ghostscript.com/show_bug.cgi?id=706761 https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=0974e4f2ac0005d3731e0b5c13ebc7e965540f4d https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=505eab7782b429017eb434b2b95120855f2b0e3c https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/ • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-36661 – Ivanti Connect Secure Unauthenticated Remote Code Execution
https://notcve.org/view.php?id=CVE-2023-36661
Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allows SSRF via a crafted KeyInfo element. (This is fixed in, for example, Shibboleth Service Provider 3.4.1.3 on Windows.) • https://shibboleth.net/community/advisories/secadv_20230612.txt https://www.debian.org/security/2023/dsa-5432 • CWE-918: Server-Side Request Forgery (SSRF) •