| ID: CVE-2023-6858 |
Title: Firefox was susceptible to a heap buffer overflow in `nsTextFragment` due to insufficient OOM handling. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121. |
Type: Software |
Bulletins:
CVE-2023-6858 |
Severity: High |
| Description: Firefox was susceptible to a heap buffer overflow in `nsTextFragment` due to insufficient OOM handling. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121. | ||||
| Applies to: |
Created: 2023-12-19 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-6702 |
Title: Type confusion in V8 in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
Type: Software |
Bulletins:
CVE-2023-6702 |
Severity: High |
| Description: Type confusion in V8 in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| Applies to: |
Created: 2023-12-14 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-6346 |
Title: Use after free in WebAudio in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
Type: Software |
Bulletins:
CVE-2023-6346 |
Severity: High |
| Description: Use after free in WebAudio in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| Applies to: |
Created: 2023-11-29 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-6207 |
Title: Ownership mismanagement led to a use-after-free in ReadableByteStreams This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. |
Type: Software |
Bulletins:
CVE-2023-6207 |
Severity: High |
| Description: Ownership mismanagement led to a use-after-free in ReadableByteStreams This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. | ||||
| Applies to: |
Created: 2023-11-21 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-6213 |
Title: Memory safety bugs present in Firefox 119. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 120. |
Type: Software |
Bulletins:
CVE-2023-6213 |
Severity: High |
| Description: Memory safety bugs present in Firefox 119. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 120. | ||||
| Applies to: |
Created: 2023-11-21 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-6205 |
Title: It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to an exploitable crash. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. |
Type: Software |
Bulletins:
CVE-2023-6205 |
Severity: Medium |
| Description: It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to an exploitable crash. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. | ||||
| Applies to: |
Created: 2023-11-21 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-5722 |
Title: Using iterative requests an attacker was able to learn the size of an opaque response, as well as the contents of a server-supplied Vary header. This vulnerability affects Firefox < 119. |
Type: Software |
Bulletins:
CVE-2023-5722 |
Severity: Medium |
| Description: Using iterative requests an attacker was able to learn the size of an opaque response, as well as the contents of a server-supplied Vary header. This vulnerability affects Firefox < 119. | ||||
| Applies to: |
Created: 2023-10-25 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-5721 |
Title: It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an insufficient activation-delay. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. |
Type: Software |
Bulletins:
CVE-2023-5721 |
Severity: Medium |
| Description: It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an insufficient activation-delay. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. | ||||
| Applies to: |
Created: 2023-10-25 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-5728 |
Title: During garbage collection extra operations were performed on a object that should not be. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. |
Type: Software |
Bulletins:
CVE-2023-5728 |
Severity: High |
| Description: During garbage collection extra operations were performed on a object that should not be. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. | ||||
| Applies to: |
Created: 2023-10-25 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-5724 |
Title: Drivers are not always robust to extremely large draw calls and in some cases this scenario could have led to a crash. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. |
Type: Software |
Bulletins:
CVE-2023-5724 |
Severity: High |
| Description: Drivers are not always robust to extremely large draw calls and in some cases this scenario could have led to a crash. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. | ||||
| Applies to: |
Created: 2023-10-25 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-5723 |
Title: An attacker with temporary script access to a site could have set a cookie containing invalid characters using `document.cookie` that could have led to unknown errors. This vulnerability affects Firefox < 119. |
Type: Software |
Bulletins:
CVE-2023-5723 |
Severity: Medium |
| Description: An attacker with temporary script access to a site could have set a cookie containing invalid characters using `document.cookie` that could have led to unknown errors. This vulnerability affects Firefox < 119. | ||||
| Applies to: |
Created: 2023-10-25 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-5732 |
Title: An attacker could have created a malicious link using bidirectional characters to spoof the location in the address bar when visited. This vulnerability affects Firefox < 117, Firefox ESR < 115.4, and Thunderbird < 115.4.1. |
Type: Software |
Bulletins:
CVE-2023-5732 |
Severity: Medium |
| Description: An attacker could have created a malicious link using bidirectional characters to spoof the location in the address bar when visited. This vulnerability affects Firefox < 117, Firefox ESR < 115.4, and Thunderbird < 115.4.1. | ||||
| Applies to: |
Created: 2023-10-25 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-5729 |
Title: A malicious web site can enter fullscreen mode while simultaneously triggering a WebAuthn prompt. This could have obscured the fullscreen notification and could have been leveraged in a spoofing attack. This vulnerability affects Firefox < 119. |
Type: Software |
Bulletins:
CVE-2023-5729 |
Severity: Medium |
| Description: A malicious web site can enter fullscreen mode while simultaneously triggering a WebAuthn prompt. This could have obscured the fullscreen notification and could have been leveraged in a spoofing attack. This vulnerability affects Firefox < 119. | ||||
| Applies to: |
Created: 2023-10-25 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-5725 |
Title: A malicious installed WebExtension could open arbitrary URLs, which under the right circumstance could be leveraged to collect sensitive user data. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. |
Type: Software |
Bulletins:
CVE-2023-5725 |
Severity: Medium |
| Description: A malicious installed WebExtension could open arbitrary URLs, which under the right circumstance could be leveraged to collect sensitive user data. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. | ||||
| Applies to: |
Created: 2023-10-25 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-5346 |
Title: Type confusion in V8 in Google Chrome prior to 117.0.5938.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
Type: Software |
Bulletins:
CVE-2023-5346 |
Severity: High |
| Description: Type confusion in V8 in Google Chrome prior to 117.0.5938.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| Applies to: |
Created: 2023-10-05 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-5186 |
Title: Use after free in Passwords in Google Chrome prior to 117.0.5938.132 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. |
Type: Software |
Bulletins:
CVE-2023-5186 |
Severity: High |
| Description: Use after free in Passwords in Google Chrome prior to 117.0.5938.132 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. (Chromium security severity: High) | ||||
| Applies to: |
Created: 2023-09-28 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-5217 |
Title: Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
Type: Software |
Bulletins:
CVE-2023-5217 |
Severity: High |
| Description: Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| Applies to: |
Created: 2023-09-28 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-4863 |
Title: Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. |
Type: Software |
Bulletins:
CVE-2023-4863 |
Severity: High |
| Description: Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical) | ||||
| Applies to: |
Created: 2023-09-12 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-4580 |
Title: Push notifications stored on disk in private browsing mode were not being encrypted potentially allowing the leak of sensitive information. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2. |
Type: Software |
Bulletins:
CVE-2023-4580 |
Severity: Medium |
| Description: Push notifications stored on disk in private browsing mode were not being encrypted potentially allowing the leak of sensitive information. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2. | ||||
| Applies to: |
Created: 2023-09-11 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-4762 |
Title: Type Confusion in V8 in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. |
Type: Software |
Bulletins:
CVE-2023-4762 |
Severity: High |
| Description: Type Confusion in V8 in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) | ||||
| Applies to: Google Chrome |
Created: 2023-09-05 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-4761 |
Title: Out of bounds memory access in FedCM in Google Chrome prior to 116.0.5845.179 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page. |
Type: Software |
Bulletins:
CVE-2023-4761 |
Severity: High |
| Description: Out of bounds memory access in FedCM in Google Chrome prior to 116.0.5845.179 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) | ||||
| Applies to: Google Chrome |
Created: 2023-09-05 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-4572 |
Title: Use after free in MediaStream in Google Chrome prior to 116.0.5845.140 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
Type: Software |
Bulletins:
CVE-2023-4572 |
Severity: High |
| Description: Use after free in MediaStream in Google Chrome prior to 116.0.5845.140 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| Applies to: |
Created: 2023-08-29 |
Updated: 2024-09-07 |
||
| ID: CVE-2022-4452 |
Title: Insufficient data validation in crosvm in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. |
Type: Software |
Bulletins:
CVE-2022-4452 |
Severity: High |
| Description: Insufficient data validation in crosvm in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| Applies to: |
Created: 2023-08-25 |
Updated: 2024-09-07 |
||
| ID: CVE-2019-13689 |
Title: Inappropriate implementation in OS in Google Chrome on ChromeOS prior to 75.0.3770.80 allowed a remote attacker to perform arbitrary read/write via a malicious file. |
Type: Software |
Bulletins:
CVE-2019-13689 |
Severity: High |
| Description: Inappropriate implementation in OS in Google Chrome on ChromeOS prior to 75.0.3770.80 allowed a remote attacker to perform arbitrary read/write via a malicious file. (Chromium security severity: Critical) | ||||
| Applies to: |
Created: 2023-08-25 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-4430 |
Title: Use after free in Vulkan in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
Type: Software |
Bulletins:
CVE-2023-4430 |
Severity: High |
| Description: Use after free in Vulkan in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| Applies to: |
Created: 2023-08-23 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-4429 |
Title: Use after free in Loader in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
Type: Software |
Bulletins:
CVE-2023-4429 |
Severity: High |
| Description: Use after free in Loader in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| Applies to: |
Created: 2023-08-23 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-4427 |
Title: Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. |
Type: Software |
Bulletins:
CVE-2023-4427 |
Severity: High |
| Description: Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) | ||||
| Applies to: |
Created: 2023-08-23 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-4431 |
Title: Out of bounds memory access in Fonts in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. |
Type: Software |
Bulletins:
CVE-2023-4431 |
Severity: High |
| Description: Out of bounds memory access in Fonts in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium) | ||||
| Applies to: |
Created: 2023-08-23 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-4428 |
Title: Out of bounds memory access in CSS in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. |
Type: Software |
Bulletins:
CVE-2023-4428 |
Severity: High |
| Description: Out of bounds memory access in CSS in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) | ||||
| Applies to: |
Created: 2023-08-23 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-2312 |
Title: Use after free in Offline in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. |
Type: Software |
Bulletins:
CVE-2023-2312 |
Severity: High |
| Description: Use after free in Offline in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| Applies to: |
Created: 2023-08-15 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-4351 |
Title: Use after free in Network in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who has elicited a browser shutdown to potentially exploit heap corruption via a crafted HTML page. |
Type: Software |
Bulletins:
CVE-2023-4351 |
Severity: High |
| Description: Use after free in Network in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who has elicited a browser shutdown to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| Applies to: |
Created: 2023-08-15 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-4366 |
Title: Use after free in Extensions in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. |
Type: Software |
Bulletins:
CVE-2023-4366 |
Severity: High |
| Description: Use after free in Extensions in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | ||||
| Applies to: |
Created: 2023-08-15 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-4358 |
Title: Use after free in DNS in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
Type: Software |
Bulletins:
CVE-2023-4358 |
Severity: High |
| Description: Use after free in DNS in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | ||||
| Applies to: |
Created: 2023-08-15 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-4349 |
Title: Use after free in Device Trust Connectors in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
Type: Software |
Bulletins:
CVE-2023-4349 |
Severity: High |
| Description: Use after free in Device Trust Connectors in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| Applies to: |
Created: 2023-08-15 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-4356 |
Title: Use after free in Audio in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who has convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. |
Type: Software |
Bulletins:
CVE-2023-4356 |
Severity: High |
| Description: Use after free in Audio in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who has convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | ||||
| Applies to: |
Created: 2023-08-15 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-4352 |
Title: Type confusion in V8 in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
Type: Software |
Bulletins:
CVE-2023-4352 |
Severity: High |
| Description: Type confusion in V8 in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| Applies to: |
Created: 2023-08-15 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-4355 |
Title: Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
Type: Software |
Bulletins:
CVE-2023-4355 |
Severity: High |
| Description: Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| Applies to: |
Created: 2023-08-15 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-4357 |
Title: Insufficient validation of untrusted input in XML in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to bypass file access restrictions via a crafted HTML page. |
Type: Software |
Bulletins:
CVE-2023-4357 |
Severity: High |
| Description: Insufficient validation of untrusted input in XML in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium) | ||||
| Applies to: |
Created: 2023-08-15 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-4363 |
Title: Inappropriate implementation in WebShare in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to spoof the contents of a dialog URL via a crafted HTML page. |
Type: Software |
Bulletins:
CVE-2023-4363 |
Severity: Medium |
| Description: Inappropriate implementation in WebShare in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to spoof the contents of a dialog URL via a crafted HTML page. (Chromium security severity: Medium) | ||||
| Applies to: |
Created: 2023-08-15 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-4364 |
Title: Inappropriate implementation in Permission Prompts in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. |
Type: Software |
Bulletins:
CVE-2023-4364 |
Severity: Medium |
| Description: Inappropriate implementation in Permission Prompts in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium) | ||||
| Applies to: |
Created: 2023-08-15 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-4365 |
Title: Inappropriate implementation in Fullscreen in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. |
Type: Software |
Bulletins:
CVE-2023-4365 |
Severity: Medium |
| Description: Inappropriate implementation in Fullscreen in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium) | ||||
| Applies to: |
Created: 2023-08-15 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-4350 |
Title: Inappropriate implementation in Fullscreen in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to potentially spoof the contents of the Omnibox |
Type: Software |
Bulletins:
CVE-2023-4350 |
Severity: Medium |
| Description: Inappropriate implementation in Fullscreen in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High) | ||||
| Applies to: |
Created: 2023-08-15 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-4360 |
Title: Inappropriate implementation in Color in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. |
Type: Software |
Bulletins:
CVE-2023-4360 |
Severity: Medium |
| Description: Inappropriate implementation in Color in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium) | ||||
| Applies to: |
Created: 2023-08-15 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-4361 |
Title: Inappropriate implementation in Autofill in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. |
Type: Software |
Bulletins:
CVE-2023-4361 |
Severity: Medium |
| Description: Inappropriate implementation in Autofill in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Medium) | ||||
| Applies to: |
Created: 2023-08-15 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-4359 |
Title: Inappropriate implementation in App Launcher in Google Chrome on iOS prior to 116.0.5845.96 allowed a remote attacker to potentially spoof elements of the security UI via a crafted HTML page. |
Type: Software |
Bulletins:
CVE-2023-4359 |
Severity: Medium |
| Description: Inappropriate implementation in App Launcher in Google Chrome on iOS prior to 116.0.5845.96 allowed a remote attacker to potentially spoof elements of the security UI via a crafted HTML page. (Chromium security severity: Medium) | ||||
| Applies to: |
Created: 2023-08-15 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-4354 |
Title: Heap buffer overflow in Skia in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. |
Type: Software |
Bulletins:
CVE-2023-4354 |
Severity: High |
| Description: Heap buffer overflow in Skia in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| Applies to: |
Created: 2023-08-15 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-4353 |
Title: Heap buffer overflow in ANGLE in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
Type: Software |
Bulletins:
CVE-2023-4353 |
Severity: High |
| Description: Heap buffer overflow in ANGLE in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| Applies to: |
Created: 2023-08-15 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-32681 |
Title: RHSA-2023:4350: python-requests security update |
Type: Software |
Bulletins:
CVE-2023-32681 |
Severity: Medium |
| Description: The python-requests package contains a library designed to make HTTP requests easy for developers. Security Fix(es): * python-requests: Unintended leak of Proxy-Authorization header (CVE-2023-32681) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. | ||||
| Applies to: |
Created: 2023-08-01 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-28484,CVE-2023-29469 |
Title: RHSA-2023:4349: libxml2 security update |
Type: Software |
Bulletins:
CVE-2023-28484,CVE-2023-29469 |
Severity: Medium |
| Description: The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix(es): * libxml2: NULL dereference in xmlSchemaFixupComplexType (CVE-2023-28484) * libxml2: Hashing of empty dict strings isn't deterministic (CVE-2023-29469) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. | ||||
| Applies to: |
Created: 2023-08-01 |
Updated: 2023-08-01 |
||
| ID: CVE-2023-30581,CVE-2023-30588,CVE-2023-30589,CVE-2023-30590 |
Title: RHSA-2023:4331: nodejs security, bug fix, and enhancement update |
Type: Software |
Bulletins:
CVE-2023-30581,CVE-2023-30588,CVE-2023-30589,CVE-2023-30590 |
Severity: Medium |
| Description: Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The package has been upgraded to a later upstream version: nodejs (16.20.1). (BZ#2223334, BZ#2223336, BZ#2223338, BZ#2223340, BZ#2223342, BZ#2223344) Security Fix(es): * nodejs: mainModule.proto bypass experimental policy mechanism (CVE-2023-30581) * nodejs: process interuption due to invalid Public Key information in x509 certificates (CVE-2023-30588) * nodejs: HTTP Request Smuggling via Empty headers separated by CR (CVE-2023-30589) * nodejs: DiffieHellman do not generate keys after setting a private key (CVE-2023-30590) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. | ||||
| Applies to: |
Created: 2023-07-31 |
Updated: 2023-07-31 |
||
| ID: CVE-2023-3347 |
Title: RHSA-2023:4325: samba security and bug fix update |
Type: Software |
Bulletins:
CVE-2023-3347 |
Severity: Medium |
| Description: Samba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix(es): * samba: SMB2 packet signing is not enforced when " server signing = required " is set (CVE-2023-3347) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * The trust relationship between this workstation and the primary domain failed (BZ#2223600) | ||||
| Applies to: |
Created: 2023-07-31 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-22045,CVE-2023-22049 |
Title: RHSA-2023:4178: java-1.8.0-openjdk security and bug fix update |
Type: Software |
Bulletins:
CVE-2023-22045,CVE-2023-22049 |
Severity: Medium |
| Description: The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): * OpenJDK: improper handling of slash characters in URI-to-path conversion (8305312) (CVE-2023-22049) * OpenJDK: array indexing integer overflow issue (8304468) (CVE-2023-22045) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Prepare for the next quarterly OpenJDK upstream release (2023-07, 8u382) [rhel-9] (BZ#2220662) | ||||
| Applies to: |
Created: 2023-07-20 |
Updated: 2023-07-20 |
||
| ID: CVE-2023-22006,CVE-2023-22036,CVE-2023-22041,CVE-2023-22044,CVE-2023-22045,CVE-2023-22049,CVE-2023-25193 |
Title: RHSA-2023:4177: java-17-openjdk security and bug fix update |
Type: Software |
Bulletins:
CVE-2023-22006,CVE-2023-22036,CVE-2023-22041,CVE-2023-22044,CVE-2023-22045,CVE-2023-22049,CVE-2023-25193 |
Severity: Medium |
| Description: The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fix(es): * OpenJDK: ZIP file parsing infinite loop (8302483) (CVE-2023-22036) * OpenJDK: weakness in AES implementation (8308682) (CVE-2023-22041) * OpenJDK: improper handling of slash characters in URI-to-path conversion (8305312) (CVE-2023-22049) * harfbuzz: OpenJDK: O(n^2) growth via consecutive marks (CVE-2023-25193) * OpenJDK: HTTP client insufficient file name validation (8302475) (CVE-2023-22006) * OpenJDK: modulo operator array indexing issue (8304460) (CVE-2023-22044) * OpenJDK: array indexing integer overflow issue (8304468) (CVE-2023-22045) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Installing the same java-17-openjdk-headless package on two different systems resulted in distinct classes.jsa files getting generated. This was because the CDS archive was being generated by a post script action of the java-17-openjdk-headless package. This prevented the use of the dynamic dump feature, as the checksum in the archive would be different on each system. This is resolved in this release by using the .jsa files generated during the initial build. (RHBZ#2221653) * Prepare for the next quarterly OpenJDK upstream release (2023-07, 17.0.8) [rhel-9] (BZ#2222852) | ||||
| Applies to: |
Created: 2023-07-20 |
Updated: 2023-07-20 |
||
| ID: CVE-2023-22006,CVE-2023-22036,CVE-2023-22041,CVE-2023-22045,CVE-2023-22049,CVE-2023-25193 |
Title: RHSA-2023:4158: java-11-openjdk security and bug fix update |
Type: Software |
Bulletins:
CVE-2023-22006,CVE-2023-22036,CVE-2023-22041,CVE-2023-22045,CVE-2023-22049,CVE-2023-25193 |
Severity: Medium |
| Description: The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix(es): * OpenJDK: ZIP file parsing infinite loop (8302483) (CVE-2023-22036) * OpenJDK: weakness in AES implementation (8308682) (CVE-2023-22041) * OpenJDK: improper handling of slash characters in URI-to-path conversion (8305312) (CVE-2023-22049) * harfbuzz: OpenJDK: O(n^2) growth via consecutive marks (CVE-2023-25193) * OpenJDK: HTTP client insufficient file name validation (8302475) (CVE-2023-22006) * OpenJDK: array indexing integer overflow issue (8304468) (CVE-2023-22045) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Prepare for the next quarterly OpenJDK upstream release (2023-07, 11.0.20) [rhel-9] (BZ#2223100) | ||||
| Applies to: |
Created: 2023-07-20 |
Updated: 2023-07-20 |
||
| ID: CVE-2023-32435,CVE-2023-32439,CVE-2023-37450 |
Title: RHSA-2023:4201: webkit2gtk3 security update |
Type: Software |
Bulletins:
CVE-2023-32435,CVE-2023-32439,CVE-2023-37450 |
Severity: High |
| Description: WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fix(es): * webkitgtk: memory corruption issue leading to arbitrary code execution (CVE-2023-32435) * webkitgtk: type confusion issue leading to arbitrary code execution (CVE-2023-32439) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. | ||||
| Applies to: |
Created: 2023-07-18 |
Updated: 2023-07-18 |
||
| ID: CVE-2023-2828 |
Title: RHSA-2023:4099: bind security update |
Type: Software |
Bulletins:
CVE-2023-2828 |
Severity: High |
| Description: The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * bind: named's configured cache size limit can be significantly exceeded (CVE-2023-2828) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. | ||||
| Applies to: |
Created: 2023-07-17 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-37201,CVE-2023-37202,CVE-2023-37207,CVE-2023-37208,CVE-2023-37211 |
Title: RHSA-2023:4071: firefox security update |
Type: Software |
Bulletins:
CVE-2023-37201,CVE-2023-37202,CVE-2023-37207,CVE-2023-37208,CVE-2023-37211 |
Severity: High |
| Description: Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.13.0 ESR. Security Fix(es): * Mozilla: Use-after-free in WebRTC certificate generation (CVE-2023-37201) * Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey (CVE-2023-37202) * Mozilla: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13 (CVE-2023-37211) * Mozilla: Fullscreen notification obscured (CVE-2023-37207) * Mozilla: Lack of warning when opening Diagcab files (CVE-2023-37208) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. | ||||
| Applies to: |
Created: 2023-07-13 |
Updated: 2023-07-13 |
||
| ID: CVE-2023-37201,CVE-2023-37202,CVE-2023-37207,CVE-2023-37208,CVE-2023-37211 |
Title: RHSA-2023:4064: thunderbird security update |
Type: Software |
Bulletins:
CVE-2023-37201,CVE-2023-37202,CVE-2023-37207,CVE-2023-37208,CVE-2023-37211 |
Severity: High |
| Description: Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.13.0. Security Fix(es): * Mozilla: Use-after-free in WebRTC certificate generation (CVE-2023-37201) * Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey (CVE-2023-37202) * Mozilla: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13 (CVE-2023-37211) * Mozilla: Fullscreen notification obscured (CVE-2023-37207) * Mozilla: Lack of warning when opening Diagcab files (CVE-2023-37208) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. | ||||
| Applies to: |
Created: 2023-07-13 |
Updated: 2023-07-13 |
||
| ID: CVE-2023-33170 |
Title: RHSA-2023:4060: .NET 6.0 security, bug fix, and enhancement update |
Type: Software |
Bulletins:
CVE-2023-33170 |
Severity: High |
| Description: .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. The following packages have been upgraded to a later upstream version: dotnet6.0 (SDK 6.0.120, Runtime 6.0.20). (BZ#2219640) Security Fix(es): * dotnet: race condition in Core SignInManager < TUser > PasswordSignInAsync method (CVE-2023-33170) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. | ||||
| Applies to: |
Created: 2023-07-13 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-33170 |
Title: RHSA-2023:4057: .NET 7.0 security, bug fix, and enhancement update |
Type: Software |
Bulletins:
CVE-2023-33170 |
Severity: High |
| Description: .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. The following packages have been upgraded to a later upstream version: dotnet7.0 (SDK 7.0.109, Runtime 7.0.9). (BZ#2219634) Security Fix(es): * dotnet: race condition in Core SignInManager < TUser > PasswordSignInAsync method (CVE-2023-33170) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. | ||||
| Applies to: |
Created: 2023-07-13 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-3128 |
Title: RHSA-2023:4030: grafana security update |
Type: Software |
Bulletins:
CVE-2023-3128 |
Severity: High |
| Description: Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fix(es): * grafana: account takeover possible when using Azure AD OAuth (CVE-2023-3128) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. | ||||
| Applies to: |
Created: 2023-07-12 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-2721 |
Title: Use after free in Navigation in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
Type: Software |
Bulletins:
CVE-2023-2721 |
Severity: High |
| Description: Use after free in Navigation in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) | ||||
| Applies to: Google Chrome |
Created: 2023-05-16 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-2725 |
Title: Use after free in Guest View in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. |
Type: Software |
Bulletins:
CVE-2023-2725 |
Severity: High |
| Description: Use after free in Guest View in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| Applies to: Google Chrome |
Created: 2023-05-16 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-2723 |
Title: Use after free in DevTools in Google Chrome prior to 113.0.5672.126 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. |
Type: Software |
Bulletins:
CVE-2023-2723 |
Severity: High |
| Description: Use after free in DevTools in Google Chrome prior to 113.0.5672.126 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| Applies to: Google Chrome |
Created: 2023-05-16 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-2722 |
Title: Use after free in Autofill UI in Google Chrome on Android prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
Type: Software |
Bulletins:
CVE-2023-2722 |
Severity: High |
| Description: Use after free in Autofill UI in Google Chrome on Android prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| Applies to: Google Chrome |
Created: 2023-05-16 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-2724 |
Title: Type confusion in V8 in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
Type: Software |
Bulletins:
CVE-2023-2724 |
Severity: High |
| Description: Type confusion in V8 in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| Applies to: Google Chrome |
Created: 2023-05-16 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-2726 |
Title: Inappropriate implementation in WebApp Installs in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious web app to bypass install dialog via a crafted HTML page. |
Type: Software |
Bulletins:
CVE-2023-2726 |
Severity: High |
| Description: Inappropriate implementation in WebApp Installs in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious web app to bypass install dialog via a crafted HTML page. (Chromium security severity: Medium) | ||||
| Applies to: Google Chrome |
Created: 2023-05-16 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-2466 |
Title: Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to spoof the contents of the security UI via a crafted HTML page. |
Type: Software |
Bulletins:
CVE-2023-2466 |
Severity: Medium |
| Description: Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to spoof the contents of the security UI via a crafted HTML page. (Chromium security severity: Low) | ||||
| Applies to: Google Chrome |
Created: 2023-05-03 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-2462 |
Title: Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to obfuscate main origin data via a crafted HTML page. |
Type: Software |
Bulletins:
CVE-2023-2462 |
Severity: Medium |
| Description: Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to obfuscate main origin data via a crafted HTML page. (Chromium security severity: Medium) | ||||
| Applies to: Google Chrome |
Created: 2023-05-03 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-2459 |
Title: Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to bypass permission restrictions via a crafted HTML page. |
Type: Software |
Bulletins:
CVE-2023-2459 |
Severity: Medium |
| Description: Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to bypass permission restrictions via a crafted HTML page. (Chromium security severity: Medium) | ||||
| Applies to: Google Chrome |
Created: 2023-05-03 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-2467 |
Title: Inappropriate implementation in Prompts in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to bypass permissions restrictions via a crafted HTML page. |
Type: Software |
Bulletins:
CVE-2023-2467 |
Severity: Medium |
| Description: Inappropriate implementation in Prompts in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to bypass permissions restrictions via a crafted HTML page. (Chromium security severity: Low) | ||||
| Applies to: Google Chrome |
Created: 2023-05-03 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-2468 |
Title: Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed a remote attacker who had compromised the renderer process to obfuscate the security UI via a crafted HTML page. |
Type: Software |
Bulletins:
CVE-2023-2468 |
Severity: Medium |
| Description: Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed a remote attacker who had compromised the renderer process to obfuscate the security UI via a crafted HTML page. (Chromium security severity: Low) | ||||
| Applies to: Google Chrome |
Created: 2023-05-03 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-2463 |
Title: Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to hide the contents of the Omnibox |
Type: Software |
Bulletins:
CVE-2023-2463 |
Severity: Medium |
| Description: Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium) | ||||
| Applies to: Google Chrome |
Created: 2023-05-03 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-2135 |
Title: Use after free in DevTools in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who convinced a user to enable specific preconditions to potentially exploit heap corruption via a crafted HTML page. |
Type: Software |
Bulletins:
CVE-2023-2135 |
Severity: High |
| Description: Use after free in DevTools in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who convinced a user to enable specific preconditions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| Applies to: Google Chrome |
Created: 2023-04-19 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-2134 |
Title: Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
Type: Software |
Bulletins:
CVE-2023-2134 |
Severity: High |
| Description: Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| Applies to: Google Chrome |
Created: 2023-04-19 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-2137 |
Title: Heap buffer overflow in sqlite in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
Type: Software |
Bulletins:
CVE-2023-2137 |
Severity: High |
| Description: Heap buffer overflow in sqlite in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | ||||
| Applies to: Google Chrome |
Created: 2023-04-19 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-2033 |
Title: Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
Type: Software |
Bulletins:
CVE-2023-2033 |
Severity: High |
| Description: Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| Applies to: Google Chrome |
Created: 2023-04-14 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-1818 |
Title: Use after free in Vulkan in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
Type: Software |
Bulletins:
CVE-2023-1818 |
Severity: High |
| Description: Use after free in Vulkan in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | ||||
| Applies to: Google Chrome |
Created: 2023-04-04 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-1811 |
Title: Use after free in Frames in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. |
Type: Software |
Bulletins:
CVE-2023-1811 |
Severity: High |
| Description: Use after free in Frames in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| Applies to: Google Chrome |
Created: 2023-04-04 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-1393 |
Title: RHSA-2023:1594: tigervnc and xorg-x11-server security update |
Type: Software |
Bulletins:
CVE-2023-1393 |
Severity: High |
| Description: For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. | ||||
| Applies to: |
Created: 2023-04-04 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-25690 |
Title: RHSA-2023:1593: httpd security update |
Type: Software |
Bulletins:
CVE-2023-25690 |
Severity: High |
| Description: For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. | ||||
| Applies to: |
Created: 2023-04-04 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-1393 |
Title: RHSA-2023:1592: tigervnc security update |
Type: Software |
Bulletins:
CVE-2023-1393 |
Severity: High |
| Description: For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. | ||||
| Applies to: |
Created: 2023-04-04 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-28154 |
Title: RHSA-2023:1591: pcs security update |
Type: Software |
Bulletins:
CVE-2023-28154 |
Severity: High |
| Description: For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. | ||||
| Applies to: |
Created: 2023-04-04 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-1819 |
Title: Out of bounds read in Accessibility in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. |
Type: Software |
Bulletins:
CVE-2023-1819 |
Severity: Medium |
| Description: Out of bounds read in Accessibility in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium) | ||||
| Applies to: Google Chrome |
Created: 2023-04-04 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-1812 |
Title: Out of bounds memory access in DOM Bindings in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. |
Type: Software |
Bulletins:
CVE-2023-1812 |
Severity: High |
| Description: Out of bounds memory access in DOM Bindings in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium) | ||||
| Applies to: Google Chrome |
Created: 2023-04-04 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-1814 |
Title: Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass download checking via a crafted HTML page. |
Type: Software |
Bulletins:
CVE-2023-1814 |
Severity: Medium |
| Description: Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass download checking via a crafted HTML page. (Chromium security severity: Medium) | ||||
| Applies to: Google Chrome |
Created: 2023-04-04 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-1817 |
Title: Insufficient policy enforcement in Intents in Google Chrome on Android prior to 112.0.5615.49 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. |
Type: Software |
Bulletins:
CVE-2023-1817 |
Severity: Medium |
| Description: Insufficient policy enforcement in Intents in Google Chrome on Android prior to 112.0.5615.49 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) | ||||
| Applies to: Google Chrome |
Created: 2023-04-04 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-1816 |
Title: Incorrect security UI in Picture In Picture in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially perform navigation spoofing via a crafted HTML page. |
Type: Software |
Bulletins:
CVE-2023-1816 |
Severity: Medium |
| Description: Incorrect security UI in Picture In Picture in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially perform navigation spoofing via a crafted HTML page. (Chromium security severity: Medium) | ||||
| Applies to: Google Chrome |
Created: 2023-04-04 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-1822 |
Title: Incorrect security UI in Navigation in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform domain spoofing via a crafted HTML page. |
Type: Software |
Bulletins:
CVE-2023-1822 |
Severity: Medium |
| Description: Incorrect security UI in Navigation in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low) | ||||
| Applies to: Google Chrome |
Created: 2023-04-04 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-1821 |
Title: Inappropriate implementation in WebShare in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially hide the contents of the Omnibox |
Type: Software |
Bulletins:
CVE-2023-1821 |
Severity: Medium |
| Description: Inappropriate implementation in WebShare in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially hide the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low) | ||||
| Applies to: Google Chrome |
Created: 2023-04-04 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-1823 |
Title: Inappropriate implementation in FedCM in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. |
Type: Software |
Bulletins:
CVE-2023-1823 |
Severity: Medium |
| Description: Inappropriate implementation in FedCM in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low) | ||||
| Applies to: Google Chrome |
Created: 2023-04-04 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-1813 |
Title: Inappropriate implementation in Extensions in Google Chrome prior to 112.0.5615.49 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted HTML page. |
Type: Software |
Bulletins:
CVE-2023-1813 |
Severity: Medium |
| Description: Inappropriate implementation in Extensions in Google Chrome prior to 112.0.5615.49 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium) | ||||
| Applies to: Google Chrome |
Created: 2023-04-04 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-1810 |
Title: Heap buffer overflow in Visuals in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. |
Type: Software |
Bulletins:
CVE-2023-1810 |
Severity: High |
| Description: Heap buffer overflow in Visuals in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| Applies to: Google Chrome |
Created: 2023-04-04 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-1533 |
Title: Use after free in WebProtect in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
Type: Software |
Bulletins:
CVE-2023-1533 |
Severity: High |
| Description: Use after free in WebProtect in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| Applies to: Google Chrome |
Created: 2023-03-21 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-1530 |
Title: Use after free in PDF in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
Type: Software |
Bulletins:
CVE-2023-1530 |
Severity: High |
| Description: Use after free in PDF in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| Applies to: Google Chrome |
Created: 2023-03-21 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-1528 |
Title: Use after free in Passwords in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. |
Type: Software |
Bulletins:
CVE-2023-1528 |
Severity: High |
| Description: Use after free in Passwords in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| Applies to: Google Chrome |
Created: 2023-03-21 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-1531 |
Title: Use after free in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
Type: Software |
Bulletins:
CVE-2023-1531 |
Severity: High |
| Description: Use after free in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| Applies to: Google Chrome |
Created: 2023-03-21 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-1532 |
Title: Out of bounds read in GPU Video in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
Type: Software |
Bulletins:
CVE-2023-1532 |
Severity: High |
| Description: Out of bounds read in GPU Video in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| Applies to: Google Chrome |
Created: 2023-03-21 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-1534 |
Title: Out of bounds read in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. |
Type: Software |
Bulletins:
CVE-2023-1534 |
Severity: High |
| Description: Out of bounds read in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| Applies to: Google Chrome |
Created: 2023-03-21 |
Updated: 2024-09-07 |
||
| ID: CISEC:9468 |
Title: Multiple vulnerabilities on Adobe Animate 2022, Adobe Animate 2023 |
Type: Software |
Bulletins:
CISEC:9468 |
Severity: Low |
| Description: Adobe Animate versions 22.0.8 (and earlier) and 23.0.0 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2023-22236) Adobe Animate versions 22.0.8 (and earlier) and 23.0.0 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2023-22243) Adobe Animate versions 22.0.8 (and earlier) and 23.0.0 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2023-22246) | ||||
| Applies to: Adobe Animate |
Created: 2023-03-02 |
Updated: 2023-04-21 |
||
| ID: CISEC:9470 |
Title: Adobe InDesign versions ID18.1 (and earlier) and ID17.4 (and earlier) are affected by a NULL Pointer Dereference vulnerability. |
Type: Software |
Bulletins:
CISEC:9470 |
Severity: Low |
| Description: Adobe InDesign versions ID18.1 (and earlier) and ID17.4 (and earlier) are affected by a NULL Pointer Dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2023-21593) | ||||
| Applies to: Adobe InDesign |
Created: 2023-03-02 |
Updated: 2023-04-21 |
||
| ID: CISEC:9466 |
Title: Multiple vulnerabilities on Adobe Media Encoder |
Type: Software |
Bulletins:
CISEC:9466 |
Severity: Low |
| Description: Adobe Media Encoder version 13.0.2 has a use-after-free vulnerability (CVE-2019-7842) and an out-of-bounds read vulnerability (CVE-2019-7844). Successful exploitation could lead to remote code execution. | ||||
| Applies to: Adobe Media Encoder |
Created: 2023-03-01 |
Updated: 2023-04-21 |
||
| ID: CISEC:9469 |
Title: Multiple vulnerabilities on Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 |
Type: Software |
Bulletins:
CISEC:9469 |
Severity: Low |
| Description: Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2023-21583) Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2023-22226) Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2023-22227) Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2023-22228) Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2023-22229) Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2023-22230) Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2023-22231) | ||||
| Applies to: Adobe Bridge |
Created: 2023-03-01 |
Updated: 2023-04-21 |
||
| ID: CISEC:9471 |
Title: Multiple vulnerabilites on Photoshop version 23.5.3 |
Type: Software |
Bulletins:
CISEC:9471 |
Severity: Low |
| Description: Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2023-21574) Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2023-21575) Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2023-21576) Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2023-21577) Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2023-21578) | ||||
| Applies to: Adobe Photoshop |
Created: 2023-03-01 |
Updated: 2023-04-21 |
||
| ID: CISEC:9467 |
Title: Adobe InDesign versions 14.0.1 and below have an unsafe hyperlink processing vulnerability. |
Type: Software |
Bulletins:
CISEC:9467 |
Severity: Low |
| Description: Adobe InDesign versions 14.0.1 and below have an unsafe hyperlink processing vulnerability. Successful exploitation could lead to arbitrary code execution. Fixed in versions 13.1.1 and 14.0.2. (CVE-2019-7107) | ||||
| Applies to: Adobe InDesign |
Created: 2023-03-01 |
Updated: 2023-04-21 |
||
| ID: CISEC:9472 |
Title: Adobe Digital Editions versions 4.5.10.185749 and below have a heap overflow vulnerability. |
Type: Software |
Bulletins:
CISEC:9472 |
Severity: Low |
| Description: Adobe Digital Editions versions 4.5.10.185749 and below have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. (CVE-2019-7095) | ||||
| Applies to: Adobe Digital Editions |
Created: 2023-03-01 |
Updated: 2023-04-21 |
||
| ID: CVE-2023-0927 |
Title: Use after free in Web Payments API in Google Chrome on Android prior to 110.0.5481.177 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. |
Type: Software |
Bulletins:
CVE-2023-0927 |
Severity: High |
| Description: Use after free in Web Payments API in Google Chrome on Android prior to 110.0.5481.177 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| Applies to: Google Chrome |
Created: 2023-02-22 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-0929 |
Title: Use after free in Vulkan in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
Type: Software |
Bulletins:
CVE-2023-0929 |
Severity: High |
| Description: Use after free in Vulkan in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| Applies to: Google Chrome |
Created: 2023-02-22 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-0931 |
Title: Use after free in Video in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
Type: Software |
Bulletins:
CVE-2023-0931 |
Severity: High |
| Description: Use after free in Video in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| Applies to: Google Chrome |
Created: 2023-02-22 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-0928 |
Title: Use after free in SwiftShader in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
Type: Software |
Bulletins:
CVE-2023-0928 |
Severity: High |
| Description: Use after free in SwiftShader in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| Applies to: Google Chrome |
Created: 2023-02-22 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-0941 |
Title: Use after free in Prompts in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
Type: Software |
Bulletins:
CVE-2023-0941 |
Severity: High |
| Description: Use after free in Prompts in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) | ||||
| Applies to: Google Chrome |
Created: 2023-02-22 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-0933 |
Title: Integer overflow in PDF in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. |
Type: Software |
Bulletins:
CVE-2023-0933 |
Severity: High |
| Description: Integer overflow in PDF in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium) | ||||
| Applies to: Google Chrome |
Created: 2023-02-22 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-0930 |
Title: Heap buffer overflow in Video in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
Type: Software |
Bulletins:
CVE-2023-0930 |
Severity: High |
| Description: Heap buffer overflow in Video in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| Applies to: Google Chrome |
Created: 2023-02-22 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-0699 |
Title: Use after free in GPU in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page and browser shutdown. |
Type: Software |
Bulletins:
CVE-2023-0699 |
Severity: High |
| Description: Use after free in GPU in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page and browser shutdown. (Chromium security severity: Medium) | ||||
| Applies to: Google Chrome |
Created: 2023-02-07 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-0696 |
Title: Type confusion in V8 in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
Type: Software |
Bulletins:
CVE-2023-0696 |
Severity: High |
| Description: Type confusion in V8 in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| Applies to: Google Chrome |
Created: 2023-02-07 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-0703 |
Title: Type confusion in DevTools in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI interactions. |
Type: Software |
Bulletins:
CVE-2023-0703 |
Severity: High |
| Description: Type confusion in DevTools in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI interactions. (Chromium security severity: Medium) | ||||
| Applies to: Google Chrome |
Created: 2023-02-07 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-0698 |
Title: Out of bounds read in WebRTC in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. |
Type: Software |
Bulletins:
CVE-2023-0698 |
Severity: High |
| Description: Out of bounds read in WebRTC in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) | ||||
| Applies to: Google Chrome |
Created: 2023-02-07 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-0705 |
Title: Integer overflow in Core in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who had one a race condition to potentially exploit heap corruption via a crafted HTML page. |
Type: Software |
Bulletins:
CVE-2023-0705 |
Severity: High |
| Description: Integer overflow in Core in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who had one a race condition to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low) | ||||
| Applies to: Google Chrome |
Created: 2023-02-07 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-0704 |
Title: Insufficient policy enforcement in DevTools in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to bypass same origin policy and proxy settings via a crafted HTML page. |
Type: Software |
Bulletins:
CVE-2023-0704 |
Severity: Medium |
| Description: Insufficient policy enforcement in DevTools in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to bypass same origin policy and proxy settings via a crafted HTML page. (Chromium security severity: Low) | ||||
| Applies to: Google Chrome |
Created: 2023-02-07 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-0697 |
Title: Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 110.0.5481.77 allowed a remote attacker to spoof the contents of the security UI via a crafted HTML page. |
Type: Software |
Bulletins:
CVE-2023-0697 |
Severity: Medium |
| Description: Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 110.0.5481.77 allowed a remote attacker to spoof the contents of the security UI via a crafted HTML page. (Chromium security severity: High) | ||||
| Applies to: Google Chrome |
Created: 2023-02-07 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-0700 |
Title: Inappropriate implementation in Download in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially spoof the contents of the Omnibox |
Type: Software |
Bulletins:
CVE-2023-0700 |
Severity: Medium |
| Description: Inappropriate implementation in Download in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium) | ||||
| Applies to: Google Chrome |
Created: 2023-02-07 |
Updated: 2024-09-07 |
||
| ID: CVE-2023-0701 |
Title: Heap buffer overflow in WebUI in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI interaction . |
Type: Software |
Bulletins:
CVE-2023-0701 |
Severity: High |
| Description: Heap buffer overflow in WebUI in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI interaction . (Chromium security severity: Medium) | ||||
| Applies to: Google Chrome |
Created: 2023-02-07 |
Updated: 2024-09-07 |
||
