CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-30631 – Apache Traffic Server: Configuration option to block the PUSH method in ATS didn't work
https://notcve.org/view.php?id=CVE-2023-30631
Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server. The configuration option proxy.config.http.push_method_enabled didn't function. However, by default the PUSH method is blocked in the ip_allow configuration file.This issue affects Apache Traffic Server: from 8.0.0 through 9.2.0. 8.x users should upgrade to 8.1.7 or later versions 9.x users should upgrade to 9.2.1 or later versions • https://lists.apache.org/thread/tns2b4khyyncgs5v5p9y35pobg9z2bvs https://lists.debian.org/debian-lts-announce/2023/06/msg00037.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6GDCBNFDDW6ULW7CACJCPENI7BVDHM5O https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FGWXNAEEVRUZ5JG4EJAIIFC3CI7LFETV https://www.debian.org/security/2023/dsa-5435 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-47184 – Apache Traffic Server: The TRACE method can be use to disclose network information
https://notcve.org/view.php?id=CVE-2022-47184
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: 8.0.0 to 9.2.0. • https://lists.apache.org/thread/tns2b4khyyncgs5v5p9y35pobg9z2bvs https://lists.debian.org/debian-lts-announce/2023/06/msg00037.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6GDCBNFDDW6ULW7CACJCPENI7BVDHM5O https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FGWXNAEEVRUZ5JG4EJAIIFC3CI7LFETV https://www.debian.org/security/2023/dsa-5435 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-3217 – Chrome device::OpenXrApiWrapper::InitSession Heap Use-After-Free
https://notcve.org/view.php?id=CVE-2023-3217
Use after free in WebXR in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Chrome suffers from a heap use-after-free vulnerability in device::OpenXrApiWrapper::InitSession. Versions affected include Google Chrome 114.0.5735.45 (Official Build) and Chromium 116.0.5806.0 (Developer Build). • http://packetstormsecurity.com/files/173495/Chrome-device-OpenXrApiWrapper-InitSession-Heap-Use-After-Free.html https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop_13.html https://crbug.com/1450601 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEH75UOM7FAXDUPC37YHP7ONL2HSDIJR https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O362DC3ZCFRXVHOXMPIL73YOWABQEUYD https://security.gentoo.org/glsa/202311-11 https://security.gento • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-3216
https://notcve.org/view.php?id=CVE-2023-3216
Type confusion in V8 in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) • https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop_13.html https://crbug.com/1450114 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEH75UOM7FAXDUPC37YHP7ONL2HSDIJR https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O362DC3ZCFRXVHOXMPIL73YOWABQEUYD https://security.gentoo.org/glsa/202311-11 https://security.gentoo.org/glsa/202401-34 https://www.debian.org/security/2023/dsa-5428 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-3215
https://notcve.org/view.php?id=CVE-2023-3215
Use after free in WebRTC in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) • https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop_13.html https://crbug.com/1446274 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEH75UOM7FAXDUPC37YHP7ONL2HSDIJR https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O362DC3ZCFRXVHOXMPIL73YOWABQEUYD https://security.gentoo.org/glsa/202311-11 https://security.gentoo.org/glsa/202401-34 https://www.debian.org/security/2023/dsa-5428 • CWE-416: Use After Free •