CVE-2023-1810
https://notcve.org/view.php?id=CVE-2023-1810
Heap buffer overflow in Visuals in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) • https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop.html https://crbug.com/1414018 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FG3CRADL7IL5IHK4NCHG4LAYLKHFXETX https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3QZY4UQFP4XNF43ILMVVOABMB7KAQ5 https://security.gentoo.org/glsa/202309-17 https://www.debian.org/security/2023/dsa-5386 • CWE-787: Out-of-bounds Write •
CVE-2023-26916
https://notcve.org/view.php?id=CVE-2023-26916
libyang from v2.0.164 to v2.1.30 was discovered to contain a NULL pointer dereference via the function lys_parse_mem at lys_parse_mem.c. • https://github.com/CESNET/libyang/issues/1979 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6NQZHCJG3SBMFOQNIPRZGKDK3ARHLTTB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U2VWGCMYKQH4BTFEHX5VYEXXOPIKKFHS • CWE-476: NULL Pointer Dereference •
CVE-2022-36440 – frr: Reachable assertion in peek_for_as4_capability function
https://notcve.org/view.php?id=CVE-2022-36440
A reachable assertion was found in Frrouting frr-bgpd 8.3.0 in the peek_for_as4_capability function. Attackers can maliciously construct BGP open packets and send them to BGP peers running frr-bgpd, resulting in DoS. Se encontró una afirmación accesible en Frrouting frr-bgpd 8.3.0 en la función peek_for_as4_capability. Los atacantes pueden construir maliciosamente paquetes abiertos BGP y enviarlos a pares BGP que ejecutan frr-bgpd, lo que resulta en DoS. A reachable assertion flaw was found in Frrouting frr-bgpd in the peek_for_as4_capability function. • https://github.com/spwpun/pocs https://github.com/spwpun/pocs/blob/main/frr-bgpd.md https://lists.debian.org/debian-lts-announce/2023/09/msg00020.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3HU4PKLUVB5CTMOVQ2GV33TNUNMJCBGD https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BBXEXL2ZQBWCBLNUP6P67FHECXQWSK3L https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GM66PNHGCXZU66LQCTP2FSJLFF6CVMSI https: • CWE-617: Reachable Assertion •
CVE-2023-1611
https://notcve.org/view.php?id=CVE-2023-1611
A use-after-free flaw was found in btrfs_search_slot in fs/btrfs/ctree.c in btrfs in the Linux Kernel.This flaw allows an attacker to crash the system and possibly cause a kernel information lea • https://bugzilla.redhat.com/show_bug.cgi?id=2181342 https://github.com/torvalds/linux/commit/2f1a6be12ab6c8470d5776e68644726c94257c54 https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5QCM6XO4HSPLGR3DFYWFRIA3GCBIHZR4 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZWECAZ7V7EPSXMINO6Q6KWNKDY2CO6ZW https://lore.kernel.org/linux-btrfs/35b9a70650ea947387cf352914a8774b4f7e8a6f.1679481128.git.fdmanana%40sus • CWE-416: Use After Free •
CVE-2023-28756 – ruby: ReDoS vulnerability in Time
https://notcve.org/view.php?id=CVE-2023-28756
A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2. A flaw was found in the Time gem and Time library of Ruby. • https://github.com/ruby/time/releases https://lists.debian.org/debian-lts-announce/2023/04/msg00033.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FFZANOQA4RYX7XCB42OO3P24DQKWHEKA https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G76GZG3RAGYF4P75YY7J7TGYAU7Z5E2T https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WMIOPLBAAM3FEQNAXA2L7BDKOGSVUT5Z https://security.gentoo.org/glsa/202401-27 https://secu • CWE-20: Improper Input Validation CWE-1333: Inefficient Regular Expression Complexity •