CVSS: 7.8EPSS: 3%CPEs: 11EXPL: 0CVE-2023-41983 – webkitgtk: Processing web content may lead to a denial of service
https://notcve.org/view.php?id=CVE-2023-41983
25 Oct 2023 — The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.1, Safari 17.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. Processing web content may lead to a denial-of-service. El problema se solucionó mejorando el manejo de la memoria. Este problema se solucionó en macOS Sonoma 14.1, Safari 17.1, iOS 16.7.2 y iPadOS 16.7.2, iOS 17.1 y iPadOS 17.1. • http://seclists.org/fulldisclosure/2023/Oct/19 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 1%CPEs: 4EXPL: 0CVE-2023-5472 – Debian Security Advisory 5536-1
https://notcve.org/view.php?id=CVE-2023-5472
25 Oct 2023 — Use after free in Profiles in Google Chrome prior to 118.0.5993.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Use after free en perfiles de Google Chrome anteriores a 118.0.5993.117 permitía a un atacante remoto explotar potencialmente la corrupción del montón a través de una página HTML manipulada. (Severidad de seguridad de Chrome: Alta) Multiple vulnerabilities have been discovered in Chromium and its derivatives, the wors... • https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_24.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 5%CPEs: 13EXPL: 0CVE-2023-5363 – Incorrect cipher key & IV length processing
https://notcve.org/view.php?id=CVE-2023-5363
24 Oct 2023 — Issue summary: A bug has been identified in the processing of key and initialisation vector (IV) lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in non-uniqueness, which could result in loss of confidentiality for some cipher modes. When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or EVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after the key and IV have been establish... • http://www.openwall.com/lists/oss-security/2023/10/24/1 • CWE-325: Missing Cryptographic Step CWE-684: Incorrect Provision of Specified Functionality •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2023-46316 – traceroute: improper command line parsing
https://notcve.org/view.php?id=CVE-2023-46316
24 Oct 2023 — In buc Traceroute 2.0.12 through 2.1.2 before 2.1.3, the wrapper scripts do not properly parse command lines. En buc Traceroute 2.0.12 a 2.1.2 anterior a 2.1.3, los scripts contenedores no analizan correctamente las líneas de comando. A vulnerability was found in traceroute. This security issue is caused by wrapper scripts that do not properly parse command lines. In Traceroute versions 2.0.12 through to 2.1.2, the wrapper scripts mishandle shell metacharacters, which can lead to privilege escalation if the... • https://packetstorm.news/files/id/176660 • CWE-214: Invocation of Process Using Visible Sensitive Information CWE-234: Failure to Handle Missing Parameter •
CVSS: 6.1EPSS: 63%CPEs: 7EXPL: 2CVE-2023-5631 – Roundcube Webmail Persistent Cross-Site Scripting (XSS) Vulnerability
https://notcve.org/view.php?id=CVE-2023-5631
18 Oct 2023 — Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of program/lib/Roundcube/rcube_washtml.php behavior. This could allow a remote attacker to load arbitrary JavaScript code. Roundcube anterior a 1.4.15, 1.5.x anterior a 1.5.5 y 1.6.x anterior a 1.6.4 permiten almacenar XSS a través de un mensaje de correo electrónico HTML con un documento SVG manipulado debido al comportamiento de program/lib/Roundcube/rcube_wa... • https://github.com/soreta2/CVE-2023-5631-POC • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 0%CPEs: 15EXPL: 0CVE-2023-45133 – Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code
https://notcve.org/view.php?id=CVE-2023-45133
12 Oct 2023 — Babel is a compiler for writingJavaScript. In `@babel/traverse` prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of `babel-traverse`, using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that rely on the `path.evaluate()`or `path.evaluateTruthy()` internal Babel methods. Known affected plugins are `@babel/plugin-transform-runtime`; `@babel/preset-env` when using its `useBuiltIns` option; and any "polyf... • https://github.com/babel/babel/commit/b13376b346946e3f62fc0848c1d2a23223314c82 • CWE-184: Incomplete List of Disallowed Inputs CWE-697: Incorrect Comparison •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0CVE-2023-5473 – Gentoo Linux Security Advisory 202311-11
https://notcve.org/view.php?id=CVE-2023-5473
11 Oct 2023 — Use after free in Cast in Google Chrome prior to 118.0.5993.70 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low) El use after free en Cast en Google Chrome anterior a 118.0.5993.70 permitía a un atacante remoto que había comprometido el proceso de renderizado explotar potencialmente la corrupción del montón a través de una página HTML manipulada. (Severidad de seguridad de Chrome: Baja) Multipl... • https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_10.html • CWE-416: Use After Free •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2023-5486 – Gentoo Linux Security Advisory 202311-11
https://notcve.org/view.php?id=CVE-2023-5486
11 Oct 2023 — Inappropriate implementation in Input in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Low) La implementación inadecuada de Input en Google Chrome anterior a 118.0.5993.70 permitió a un atacante remoto falsificar la interfaz de usuario de seguridad a través de una página HTML manipulada. (Severidad de seguridad de Chrome: Baja) Multiple vulnerabilities have been discovered in Chromium and its derivatives, the worst o... • https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_10.html •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2023-5477 – Gentoo Linux Security Advisory 202311-11
https://notcve.org/view.php?id=CVE-2023-5477
11 Oct 2023 — Inappropriate implementation in Installer in Google Chrome prior to 118.0.5993.70 allowed a local attacker to bypass discretionary access control via a crafted command. (Chromium security severity: Low) La implementación inadecuada en el instalador de Google Chrome anterior a 118.0.5993.70 permitió a un atacante local eludir el control de acceso discrecional mediante un comando manipulado. (Severidad de seguridad de Chrome: Baja) Multiple vulnerabilities have been discovered in Chromium and its derivatives,... • https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_10.html •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2023-5478 – Gentoo Linux Security Advisory 202311-11
https://notcve.org/view.php?id=CVE-2023-5478
11 Oct 2023 — Inappropriate implementation in Autofill in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) La implementación inadecuada de Autocompletar en Google Chrome anterior a 118.0.5993.70 permitió a un atacante remoto filtrar datos de orígenes cruzados a través de una página HTML manipulada. (Severidad de seguridad de Chrome: Baja) Multiple vulnerabilities have been discovered in Chromium and its derivatives, the wor... • https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_10.html •