CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 1CVE-2023-42754 – Kernel: ipv4: null pointer dereference in ipv4_send_dest_unreach()
https://notcve.org/view.php?id=CVE-2023-42754
05 Oct 2023 — A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack. The socket buffer (skb) was assumed to be associated with a device before calling __ip_options_compile, which is not always the case if the skb is re-routed by ipvs. This issue may allow a local user with CAP_NET_ADMIN privileges to crash the system. Se encontró una falla de desreferencia del puntero NULL en la pila ipv4 del kernel de Linux. Se suponía que el búfer de socket (skb) estaba asociado con un dispositivo antes de llamar a _... • https://access.redhat.com/errata/RHSA-2024:2394 • CWE-476: NULL Pointer Dereference •
CVSS: 10.0EPSS: 1%CPEs: 4EXPL: 0CVE-2023-5346 – Debian Security Advisory 5515-1
https://notcve.org/view.php?id=CVE-2023-5346
05 Oct 2023 — Type confusion in V8 in Google Chrome prior to 117.0.5938.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) La confusión de tipos en V8 de Google Chrome anterior a 117.0.5938.149 permitía a un atacante remoto explotar potencialmente la corrupción del "heap" a través de una página HTML manipulada. (Severidad de seguridad de Chrome: alta) Multiple vulnerabilities have been discovered in Chromium and its derivatives, the worst of wh... • https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop.html • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 8.5EPSS: 0%CPEs: 6EXPL: 1CVE-2023-43804 – `Cookie` HTTP header isn't stripped on cross-origin redirects
https://notcve.org/view.php?id=CVE-2023-43804
04 Oct 2023 — urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. This issue has been patched in urllib3 version 1.26.17 or 2.0.5. urllib3 es una librería cliente HTTP fácil de usa... • https://github.com/JawadPy/CVE-2023-43804-Exploit • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 89%CPEs: 18EXPL: 27CVE-2023-4911 – GNU C Library Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2023-4911
03 Oct 2023 — A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges. Se descubrió un desbordamiento del búfer en el cargador dinámico ld.so de la librería GNU C mientras se procesaba la variable de entorno GLIBC_TUNABLES. Este problema podría permitir que... • https://packetstorm.news/files/id/176288 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2023-5345 – Use-after-free in Linux kernel's fs/smb/client component
https://notcve.org/view.php?id=CVE-2023-5345
03 Oct 2023 — A use-after-free vulnerability in the Linux kernel's fs/smb/client component can be exploited to achieve local privilege escalation. In case of an error in smb3_fs_context_parse_param, ctx->password was freed but the field was not set to NULL which could lead to double free. We recommend upgrading past commit e6e43b8aa7cd3c3af686caf0c2e11819a886d705. Se puede explotar una vulnerabilidad de use-after-free en el componente fs/smb/client del kernel de Linux para lograr una escalada de privilegios local. En cas... • http://packetstormsecurity.com/files/177029/Kernel-Live-Patch-Security-Notice-LSN-0100-1.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2023-5344 – Heap-based Buffer Overflow in vim/vim
https://notcve.org/view.php?id=CVE-2023-5344
02 Oct 2023 — Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1969. Desbordamiento de búfer basado en montón en el repositorio de GitHub vim/vim anterior a 9.0.1969. macOS Sonoma 14.2 addresses code execution, out of bounds read, and spoofing vulnerabilities. • http://seclists.org/fulldisclosure/2023/Dec/10 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 3%CPEs: 7EXPL: 0CVE-2023-44488 – libvpx: crash related to VP9 encoding in libvpx
https://notcve.org/view.php?id=CVE-2023-44488
30 Sep 2023 — VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding. VP9 en libvpx anterior a 1.13.1 maneja mal las anchuras, lo que provoca un bloqueo relacionado con la codificación. A heap-based buffer overflow flaw was found in libvpx, a library used to process VP9 video codecs data. This issue occurs when processing certain specially formatted video data via a crafted HTML page, allowing an attacker to crash or remotely execute arbitrary code in an application, such as a web browser t... • http://www.openwall.com/lists/oss-security/2023/09/30/4 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 9.0EPSS: 3%CPEs: 5EXPL: 0CVE-2023-43655 – Remote Code Execution via web-accessible composer.phar
https://notcve.org/view.php?id=CVE-2023-43655
29 Sep 2023 — Composer is a dependency manager for PHP. Users publishing a composer.phar to a public web-accessible server where the composer.phar can be executed as a php file may be subject to a remote code execution vulnerability if PHP also has `register_argc_argv` enabled in php.ini. Versions 2.6.4, 2.2.22 and 1.10.27 patch this vulnerability. Users are advised to upgrade. Users unable to upgrade should make sure `register_argc_argv` is disabled in php.ini, and avoid publishing composer.phar to the web as this is no... • https://github.com/composer/composer/commit/4fce14795aba98e40b6c4f5047305aba17a6120d • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2023-5187 – Debian Security Advisory 5508-1
https://notcve.org/view.php?id=CVE-2023-5187
28 Sep 2023 — Use after free in Extensions in Google Chrome prior to 117.0.5938.132 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) El use after free en Extensiones de Google Chrome anteriores a 117.0.5938.132 permitió a un atacante convencer a un usuario de instalar una extensión maliciosa para explotar potencialmente la corrupción del montón a través de una página HTML manipulada. (Severidad de s... • https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html • CWE-416: Use After Free •
CVSS: 10.0EPSS: 1%CPEs: 6EXPL: 0CVE-2023-5186 – Debian Security Advisory 5508-1
https://notcve.org/view.php?id=CVE-2023-5186
28 Sep 2023 — Use after free in Passwords in Google Chrome prior to 117.0.5938.132 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. (Chromium security severity: High) El use after free en Contraseñas en Google Chrome anterior a 117.0.5938.132 permitía a un atacante remoto convencer a un usuario de participar en una interacción de interfaz de usuario específica para explotar potencialmente la corrupción del montón a travé... • https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html • CWE-416: Use After Free •