CVE-2023-1901
published 2023-07-10CVE-2023-1901: The bluetooth HCI host layer logic not clearing a global reference to a semaphore after synchronously sending HCI commands may allow a malicious HCI Controller…
PriorityP340high8CVSS 3.1
AVAACLPRLUINSUCHIHAH
EPSS
0.51%
39.8th percentile
The bluetooth HCI host layer logic not clearing a global reference to a semaphore after synchronously sending HCI commands may allow a malicious HCI Controller to cause the use of a dangling reference in the host layer, leading to a crash (DoS) or potential RCE on the Host layer.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| msrc | microsoft_edge | — | — |
| msrc | microsoft_edge_extended_stable | — | — |
| zephyrproject-rtos | zephyr | * – 3.3 | — |
| zephyrproject | zephyr | <= 3.3.0 | — |
CVSS provenance
nvdv3.18.0HIGHCVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
ghsa6.5MEDIUM
vendor_msrc8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
Chromium: CVE-2023-3728 Use after free in WebRTC
vendor_msrc·2023-07-11·CVSS 8.8
CVE-2023-3728 [HIGH] Chromium: CVE-2023-3728 Use after free in WebRTC
Chromium: CVE-2023-3728 Use after free in WebRTC
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Channel
Microsoft Edge Version
Based on Chromium Version
Date Released
Stable
115.0.1901.183
115.0.5790.98/99
7/21/2023
Extended Stable
114.0.1901.183
114.0.5735.243
7/21/2023
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge
Microsoft
Chromium: CVE-2023-3730 Use after free in Tab Groups
vendor_msrc·2023-07-11·CVSS 8.8
CVE-2023-3730 [HIGH] Chromium: CVE-2023-3730 Use after free in Tab Groups
Chromium: CVE-2023-3730 Use after free in Tab Groups
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Channel
Microsoft Edge Version
Based on Chromium Version
Date Released
Stable
115.0.1901.183
115.0.5790.98/99
7/21/2023
Extended Stable
114.0.1901.183
114.0.5735.243
7/21/2023
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft
Microsoft
Chromium: CVE-2023-3727 Use after free in WebRTC
vendor_msrc·2023-07-11·CVSS 8.8
CVE-2023-3727 [HIGH] Chromium: CVE-2023-3727 Use after free in WebRTC
Chromium: CVE-2023-3727 Use after free in WebRTC
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Channel
Microsoft Edge Version
Based on Chromium Version
Date Released
Stable
115.0.1901.183
115.0.5790.98/99
7/21/2023
Extended Stable
114.0.1901.183
114.0.5735.243
7/21/2023
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge
Microsoft
Chromium: CVE-2023-3740 Insufficient validation of untrusted input in Themes
vendor_msrc·2023-07-11·CVSS 4.3
CVE-2023-3740 [MEDIUM] Chromium: CVE-2023-3740 Insufficient validation of untrusted input in Themes
Chromium: CVE-2023-3740 Insufficient validation of untrusted input in Themes
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Channel
Microsoft Edge Version
Based on Chromium Version
Date Released
Stable
115.0.1901.183
115.0.5790.98/99
7/21/2023
Extended Stable
114.0.1901.183
114.0.5735.243
7/21/2023
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the late
Microsoft
Chromium: CVE-2023-3737 Inappropriate implementation in Notifications
vendor_msrc·2023-07-11·CVSS 4.3
CVE-2023-3737 [MEDIUM] Chromium: CVE-2023-3737 Inappropriate implementation in Notifications
Chromium: CVE-2023-3737 Inappropriate implementation in Notifications
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Channel
Microsoft Edge Version
Based on Chromium Version
Date Released
Stable
115.0.1901.183
115.0.5790.98/99
7/21/2023
Extended Stable
114.0.1901.183
114.0.5735.243
7/21/2023
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest vers
Microsoft
Chromium: CVE-2023-3738 Inappropriate implementation in Autofill
vendor_msrc·2023-07-11·CVSS 4.3
CVE-2023-3738 [MEDIUM] Chromium: CVE-2023-3738 Inappropriate implementation in Autofill
Chromium: CVE-2023-3738 Inappropriate implementation in Autofill
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Channel
Microsoft Edge Version
Based on Chromium Version
Date Released
Stable
115.0.1901.183
115.0.5790.98/99
7/21/2023
Extended Stable
114.0.1901.183
114.0.5735.243
7/21/2023
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version o
Microsoft
Chromium: CVE-2023-3736 Inappropriate implementation in Custom Tabs
vendor_msrc·2023-07-11·CVSS 4.3
CVE-2023-3736 [MEDIUM] Chromium: CVE-2023-3736 Inappropriate implementation in Custom Tabs
Chromium: CVE-2023-3736 Inappropriate implementation in Custom Tabs
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Channel
Microsoft Edge Version
Based on Chromium Version
Date Released
Stable
115.0.1901.183
115.0.5790.98/99
7/21/2023
Extended Stable
114.0.1901.183
114.0.5735.243
7/21/2023
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest versio
Microsoft
Chromium: CVE-2023-3735 Inappropriate implementation in Web API Permission Prompts
vendor_msrc·2023-07-11·CVSS 4.3
CVE-2023-3735 [MEDIUM] Chromium: CVE-2023-3735 Inappropriate implementation in Web API Permission Prompts
Chromium: CVE-2023-3735 Inappropriate implementation in Web API Permission Prompts
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Channel
Microsoft Edge Version
Based on Chromium Version
Date Released
Stable
115.0.1901.183
115.0.5790.98/99
7/21/2023
Extended Stable
114.0.1901.183
114.0.5735.243
7/21/2023
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that th
Microsoft
Chromium: CVE-2023-3732 Out of bounds memory access in Mojo
vendor_msrc·2023-07-11·CVSS 8.8
CVE-2023-3732 [HIGH] Chromium: CVE-2023-3732 Out of bounds memory access in Mojo
Chromium: CVE-2023-3732 Out of bounds memory access in Mojo
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Channel
Microsoft Edge Version
Based on Chromium Version
Date Released
Stable
115.0.1901.183
115.0.5790.98/99
7/21/2023
Extended Stable
114.0.1901.183
114.0.5735.243
7/21/2023
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Mic
Microsoft
Chromium: CVE-2023-3734 Inappropriate implementation in Picture In Picture
vendor_msrc·2023-07-11·CVSS 4.3
CVE-2023-3734 [MEDIUM] Chromium: CVE-2023-3734 Inappropriate implementation in Picture In Picture
Chromium: CVE-2023-3734 Inappropriate implementation in Picture In Picture
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Channel
Microsoft Edge Version
Based on Chromium Version
Date Released
Stable
115.0.1901.183
115.0.5790.98/99
7/21/2023
Extended Stable
114.0.1901.183
114.0.5735.243
7/21/2023
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest
Microsoft
Chromium: CVE-2023-3733 Inappropriate implementation in WebApp Installs
vendor_msrc·2023-07-11·CVSS 4.3
CVE-2023-3733 [MEDIUM] Chromium: CVE-2023-3733 Inappropriate implementation in WebApp Installs
Chromium: CVE-2023-3733 Inappropriate implementation in WebApp Installs
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Channel
Microsoft Edge Version
Based on Chromium Version
Date Released
Stable
115.0.1901.183
115.0.5790.98/99
7/21/2023
Extended Stable
114.0.1901.183
114.0.5735.243
7/21/2023
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest ve
Microsoft
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
vendor_msrc·2023-07-11·CVSS 6.5
CVE-2023-38187 [MEDIUM] Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
FAQ: What is the version information for this release?
Microsoft Edge Channel
Microsoft Edge Version
Based on Chromium Version
Date Released
Stable
115.0.1901.183
115.0.5790.98/99
7/21/2023
Extended Stable
114.0.1901.183
114.0.5735.243
7/21/2023
FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?
Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.
FAQ: According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?
The attacker is only able to modify li
GHSA
OpenRefine vulnerable to zip slip in project import
ghsa·2023-07-18·CVSS 6.5
CVE-2023-37476 [MEDIUM] CWE-22 OpenRefine vulnerable to zip slip in project import
OpenRefine vulnerable to zip slip in project import
### Impact
A carefully crafted malicious OpenRefine project tar file can be used to trigger arbitrary code execution if a user can be convinced to import it.
### Patches
The vulnerability exists in all versions of OpenRefine up to and including 3.7.3. Users should update to OpenRefine 3.7.4 as soon as possible.
### Workarounds
Only import OpenRefine projects from trusted sources.
### References
A similar [issue](https://github.com/OpenRefine/OpenRefine/issues/1840) existed in the Create Project feature ([CVE-2018-19859](https://nvd.nist.gov/vuln/detail/CVE-2018-19859)), which was fixed by PR [#1901](https://github.com/OpenRefine/OpenRefine/pull/1901).
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-07-10
Published