Fedoraproject: >> Fedora >> 39 Security Vulnerabilities
In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because they can switch to the IJS device, or change the IjsServer parameter, after SAFER has been activated. NOTE: it is a documented risk that the IJS server can be specified on a gs command line (the IJS device inherently must execute a command to start the IJS server).
CVSS Score
8.8
EPSS Score
0.201
Published
2023-09-18
When curl retrieves an HTTP response, it stores the incoming headers so that
they can be accessed later via the libcurl headers API.
However, curl did not have a limit in how many or how large headers it would
accept in a response, allowing a malicious server to stream an endless series
of headers and eventually cause curl to run out of heap memory.
CVSS Score
7.5
EPSS Score
0.178
Published
2023-09-15
Inappropriate implementation in Picture in Picture in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Low)
CVSS Score
4.3
EPSS Score
0.002
Published
2023-09-12
Inappropriate implementation in Interstitials in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low)
CVSS Score
4.3
EPSS Score
0.002
Published
2023-09-12
Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to obfuscate a permission prompt via a crafted HTML page. (Chromium security severity: Medium)
CVSS Score
4.3
EPSS Score
0.002
Published
2023-09-12
Inappropriate implementation in Prompts in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. (Chromium security severity: Medium)
CVSS Score
4.3
EPSS Score
0.002
Published
2023-09-12
Inappropriate implementation in Input in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium)
CVSS Score
4.3
EPSS Score
0.002
Published
2023-09-12
Inappropriate implementation in Custom Mobile Tabs in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium)
CVSS Score
4.3
EPSS Score
0.002
Published
2023-09-12
Insufficient policy enforcement in Downloads in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to bypass Enterprise policy restrictions via a crafted download. (Chromium security severity: Medium)
CVSS Score
4.3
EPSS Score
0.0
Published
2023-09-12
Inappropriate implementation in Prompts in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium)
CVSS Score
4.3
EPSS Score
0.002
Published
2023-09-12