CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 1CVE-2023-46219 – curl: excessively long file name may lead to unknown HSTS status
https://notcve.org/view.php?id=CVE-2023-46219
07 Dec 2023 — When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS status they should otherwise use. Al guardar datos HSTS en un nombre de archivo excesivamente largo, curl podría terminar eliminando todo el contenido, haciendo que las solicitudes posteriores que utilicen ese archivo desconozcan el estado HSTS que de otro modo deberían usar. A security bypass flaw was found in Curl, which can be triggered by saving ... • https://curl.se/docs/CVE-2023-46219.html • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-6512 – Gentoo Linux Security Advisory 202402-14
https://notcve.org/view.php?id=CVE-2023-6512
06 Dec 2023 — Inappropriate implementation in Web Browser UI in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially spoof the contents of an iframe dialog context menu via a crafted HTML page. (Chromium security severity: Low) La implementación inapropiada en la interfaz de usuario del navegador web en Google Chrome anterior a 120.0.6099.62 permitía a un atacante remoto falsificar potencialmente el contenido de un menú contextual de diálogo iframe a través de una página HTML manipulada. (Severid... • https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop.html •
CVSS: 5.0EPSS: 0%CPEs: 5EXPL: 0CVE-2023-6511 – Gentoo Linux Security Advisory 202402-14
https://notcve.org/view.php?id=CVE-2023-6511
06 Dec 2023 — Inappropriate implementation in Autofill in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low) La implementación inapropiada de Autofill en Google Chrome anterior a 120.0.6099.62 permitió a un atacante remoto eludir las restricciones de Autocompletar a través de una página HTML manipulada. (Severidad de seguridad de Chrome: baja) Multiple vulnerabilities have been discovered in Chromium and its derivatives... • https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop.html •
CVSS: 10.0EPSS: 2%CPEs: 5EXPL: 0CVE-2023-6510 – Gentoo Linux Security Advisory 202402-14
https://notcve.org/view.php?id=CVE-2023-6510
06 Dec 2023 — Use after free in Media Capture in Google Chrome prior to 120.0.6099.62 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium) Use after free en Media Capture en Google Chrome anterior a 120.0.6099.62 permitía a un atacante remoto convencer a un usuario de participar en una interacción de interfaz de usuario específica para explotar potencialmente la corrupción del heap a tra... • https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop.html • CWE-416: Use After Free •
CVSS: 10.0EPSS: 1%CPEs: 5EXPL: 0CVE-2023-6509 – Gentoo Linux Security Advisory 202402-14
https://notcve.org/view.php?id=CVE-2023-6509
06 Dec 2023 — Use after free in Side Panel Search in Google Chrome prior to 120.0.6099.62 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: High) Use after free en Side Panel Search en Google Chrome anterior a 120.0.6099.62 permitía a un atacante remoto convencer a un usuario de participar en una interacción de interfaz de usuario específica para explotar potencialmente la corrupción del heap... • https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop.html • CWE-416: Use After Free •
CVSS: 10.0EPSS: 1%CPEs: 5EXPL: 0CVE-2023-6508 – Gentoo Linux Security Advisory 202402-14
https://notcve.org/view.php?id=CVE-2023-6508
06 Dec 2023 — Use after free in Media Stream in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Use after free en Media Stream en Google Chrome anterior a 120.0.6099.62 permitía a un atacante remoto explotar potencialmente la corrupción del heap a través de una página HTML manipulada. (Severidad de seguridad de Chrome: alta) Multiple vulnerabilities have been discovered in Chromium and its derivatives, the wo... • https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop.html • CWE-416: Use After Free •
CVSS: 10.0EPSS: 2%CPEs: 13EXPL: 0CVE-2023-42917 – Apple Multiple Products WebKit Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2023-42917
30 Nov 2023 — A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1. Se solucionó una vulnerabilidad de corrupción de memoria con un bloqueo mejorado. • http://seclists.org/fulldisclosure/2023/Dec/12 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 1%CPEs: 13EXPL: 0CVE-2023-42916 – Apple Multiple Products WebKit Out-of-Bounds Read Vulnerability
https://notcve.org/view.php?id=CVE-2023-42916
30 Nov 2023 — An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1. Se solucionó una lectura fuera de los límites con una validación de entrada mejorada. • http://seclists.org/fulldisclosure/2023/Dec/12 • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 17%CPEs: 7EXPL: 0CVE-2023-6345 – Google Skia Integer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2023-6345
29 Nov 2023 — Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High) El desbordamiento de enteros en Skia en Google Chrome anterior a 119.0.6045.199 permitió a un atacante remoto que había comprometido el proceso de renderizado realizar potencialmente un escape de la zona de pruebas a través de un archivo malicioso. (Severidad de seguridad de Chrome... • https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_28.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 1%CPEs: 5EXPL: 0CVE-2023-6351 – Gentoo Linux Security Advisory 202402-14
https://notcve.org/view.php?id=CVE-2023-6351
29 Nov 2023 — Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. (Chromium security severity: High) Use after free en libavif en Google Chrome anterior a 119.0.6045.199 permitía a un atacante remoto explotar potencialmente la corrupción del heap a través de un archivo avif manipulado. (Severidad de seguridad de Chrome: alta) Multiple vulnerabilities have been discovered in Chromium and its derivatives, the worst of w... • https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_28.html • CWE-416: Use After Free •