CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-2134
https://notcve.org/view.php?id=CVE-2023-2134
Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) • https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_18.html https://crbug.com/1429201 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4AOSGAOPXLBK4A5ZRTVZ4M6QKVLSWMWG https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ES2CDRHR2Y4WY6DNDIAPYZFXJU3ZBFAV https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FEJZMAUB4XP44HSHEBDWEKFGA7DUHY42 https://lists.fedoraproject.org/archives/list/package-announce@l • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-2133
https://notcve.org/view.php?id=CVE-2023-2133
Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) • https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_18.html https://crbug.com/1429197 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4AOSGAOPXLBK4A5ZRTVZ4M6QKVLSWMWG https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ES2CDRHR2Y4WY6DNDIAPYZFXJU3ZBFAV https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FEJZMAUB4XP44HSHEBDWEKFGA7DUHY42 https://lists.fedoraproject.org/archives/list/package-announce@l • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-30608 – Parser contains an inefficient regular expression in sqlparse
https://notcve.org/view.php?id=CVE-2023-30608
sqlparse is a non-validating SQL parser module for Python. In affected versions the SQL parser contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service). This issue was introduced by commit `e75e358`. The vulnerability may lead to Denial of Service (DoS). This issues has been fixed in sqlparse 0.4.4 by commit `c457abd5f`. • https://github.com/andialbrecht/sqlparse/commit/c457abd5f097dd13fb21543381e7cfafe7d31cfb https://github.com/andialbrecht/sqlparse/commit/e75e35869473832a1eb67772b1adfee2db11b85a https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2 https://lists.debian.org/debian-lts-announce/2023/05/msg00017.html https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS https://access.redhat.com/security/cve/CVE-2023-30608 https://bugzilla.redhat.com/show_bug.cgi?id=2187903 • CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-28856 – `HINCRBYFLOAT` can be used to crash a redis-server process
https://notcve.org/view.php?id=CVE-2023-28856
Redis is an open source, in-memory database that persists on disk. Authenticated users can use the `HINCRBYFLOAT` command to create an invalid hash field that will crash Redis on access in affected versions. This issue has been addressed in in versions 7.0.11, 6.2.12, and 6.0.19. Users are advised to upgrade. There are no known workarounds for this issue. • https://github.com/redis/redis/commit/bc7fe41e5857a0854d524e2a63a028e9394d2a5c https://github.com/redis/redis/pull/11149 https://github.com/redis/redis/security/advisories/GHSA-hjv8-vjf6-wcr6 https://lists.debian.org/debian-lts-announce/2023/04/msg00023.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EQ4DJSO4DMR55AWK6OPVJH5UTEB35R2Z https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LPUTH7NBQTZDVJWFNUD24ZCS6NDUFYS6 https://lists.fedoraproject. • CWE-20: Improper Input Validation CWE-617: Reachable Assertion •
CVSS: 5.3EPSS: 0%CPEs: 14EXPL: 0CVE-2023-26049 – Cookie parsing of quoted values can exfiltrate values from other cookies in Eclipse Jetty
https://notcve.org/view.php?id=CVE-2023-26049
Jetty is a java based web server and servlet engine. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE="b; JSESSIONID=1337; c=d"` will be parsed as one cookie, with the name DISPLAY_LANGUAGE and a value of b; JSESSIONID=1337; c=d instead of 3 separate cookies. This has security implications because if, say, JSESSIONID is an HttpOnly cookie, and the DISPLAY_LANGUAGE cookie value is rendered on the page, an attacker can smuggle the JSESSIONID cookie into the DISPLAY_LANGUAGE cookie and thereby exfiltrate it. • https://github.com/eclipse/jetty.project/pull/9339 https://github.com/eclipse/jetty.project/pull/9352 https://github.com/eclipse/jetty.project/security/advisories/GHSA-p26g-97m4-6q7c https://lists.debian.org/debian-lts-announce/2023/09/msg00039.html https://security.netapp.com/advisory/ntap-20230526-0001 https://www.debian.org/security/2023/dsa-5507 https://www.rfc-editor.org/rfc/rfc2965 https://www.rfc-editor.org/rfc/rfc6265 https://access.redhat.com/security/cve/CVE-2023 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-1286: Improper Validation of Syntactic Correctness of Input •