CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2023-5485 – Gentoo Linux Security Advisory 202311-11
https://notcve.org/view.php?id=CVE-2023-5485
11 Oct 2023 — Inappropriate implementation in Autofill in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to bypass autofill restrictions via a crafted HTML page. (Chromium security severity: Low) La implementación inapropiada de Autocompletar en Google Chrome anterior a 118.0.5993.70 permitió a un atacante remoto evitar las restricciones de autocompletar a través de una página HTML manipulada. (Severidad de seguridad de Chrome: Baja) Multiple vulnerabilities have been discovered in Chromium and its deriva... • https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_10.html •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-5479 – Gentoo Linux Security Advisory 202311-11
https://notcve.org/view.php?id=CVE-2023-5479
11 Oct 2023 — Inappropriate implementation in Extensions API in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via a crafted HTML page. (Chromium security severity: Medium) La implementación inadecuada en la API de Extensiones en Google Chrome anterior a 118.0.5993.70 permitió a un atacante que convenció a un usuario de instalar una extensión maliciosa para eludir una política empresarial a través de una página HTML manipulada.... • https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_10.html •
CVSS: 10.0EPSS: 2%CPEs: 3EXPL: 0CVE-2023-5474 – Gentoo Linux Security Advisory 202311-11
https://notcve.org/view.php?id=CVE-2023-5474
11 Oct 2023 — Heap buffer overflow in PDF in Google Chrome prior to 118.0.5993.70 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium) El desbordamiento del búfer en PDF en Google Chrome anterior a 118.0.5993.70 permitía a un atacante remoto que convenciese a un usuario de participar en interacciones específicas explotar potencialmente la corrupción del montón a través de un archivo PDF ma... • https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_10.html • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 2%CPEs: 3EXPL: 0CVE-2023-5476 – Gentoo Linux Security Advisory 202311-11
https://notcve.org/view.php?id=CVE-2023-5476
11 Oct 2023 — Use after free in Blink History in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Use after free de Blink History en Google Chrome anterior a 118.0.5993.70 permitía a un atacante remoto explotar potencialmente la corrupción del montón a través de una página HTML manipulada. (Severidad de seguridad de Chromium: Media) Multiple vulnerabilities have been discovered in Chromium and its derivative... • https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_10.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-5481 – Gentoo Linux Security Advisory 202311-11
https://notcve.org/view.php?id=CVE-2023-5481
11 Oct 2023 — Inappropriate implementation in Downloads in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium) La implementación inadecuada de Descargas en Google Chrome anterior a 118.0.5993.70 permitió a un atacante remoto falsificar la interfaz de usuario de seguridad a través de una página HTML manipulada. (Severidad de seguridad de Chromium: Media) Multiple vulnerabilities have been discovered in Chromium and its derivative... • https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_10.html •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-5483 – Gentoo Linux Security Advisory 202311-11
https://notcve.org/view.php?id=CVE-2023-5483
11 Oct 2023 — Inappropriate implementation in Intents in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium) La implementación inadecuada de Intents en Google Chrome anteriores a 118.0.5993.70 permitió a un atacante remoto eludir la política de seguridad de contenido a través de una página HTML manipulada. (Severidad de seguridad de Chromium: Media) Multiple vulnerabilities have been discovered in Chromium and its d... • https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_10.html •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-5475 – Gentoo Linux Security Advisory 202311-11
https://notcve.org/view.php?id=CVE-2023-5475
11 Oct 2023 — Inappropriate implementation in DevTools in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted Chrome Extension. (Chromium security severity: Medium) La implementación inadecuada de DevTools en Google Chrome anterior a 118.0.5993.70 permitió a un atacante que convenció a un usuario de instalar una extensión maliciosa para evitar el control de acceso discrecional a través de una extensión de Chrom... • https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_10.html •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-5484 – Gentoo Linux Security Advisory 202311-11
https://notcve.org/view.php?id=CVE-2023-5484
11 Oct 2023 — Inappropriate implementation in Navigation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium) La implementación inadecuada de la navegación en Google Chrome anterior a 118.0.5993.70 permitió a un atacante remoto falsificar la interfaz de usuario de seguridad a través de una página HTML manipulada. (Severidad de seguridad de Chromium: Media) Multiple vulnerabilities have been discovered in Chromium and its deriv... • https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_10.html •
CVSS: 10.0EPSS: 3%CPEs: 5EXPL: 0CVE-2023-5218 – Gentoo Linux Security Advisory 202311-11
https://notcve.org/view.php?id=CVE-2023-5218
11 Oct 2023 — Use after free in Site Isolation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) Use after free de Site Isolation en Google Chrome anterior a 118.0.5993.70 permitía a un atacante remoto explotar potencialmente la corrupción del montón a través de una página HTML manipulada. (Severidad de seguridad de Chromium: Crítica) Multiple vulnerabilities have been discovered in Chromium and its deri... • https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_10.html • CWE-416: Use After Free •
CVSS: 9.4EPSS: 0%CPEs: 6EXPL: 0CVE-2023-44981 – Apache ZooKeeper: Authorization bypass in SASL Quorum Peer Authentication
https://notcve.org/view.php?id=CVE-2023-44981
11 Oct 2023 — Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum Peer authentication is enabled in ZooKeeper (quorum.auth.enableSasl=true), the authorization is done by verifying that the instance part in SASL authentication ID is listed in zoo.cfg server list. The instance part in SASL auth ID is optional and if it's missing, like 'eve@EXAMPLE.COM', the authorization check will be skipped. As a result an arbitrary endpoint could join the cluster and begin propagating count... • http://www.openwall.com/lists/oss-security/2023/10/11/4 • CWE-639: Authorization Bypass Through User-Controlled Key •