ISHACK AI BOT

Microsoft Edge Chromium: CVE-2023-4359 Inappropriate implementation in App Launcher Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 08/15/2023 Created 08/22/2023 Added 08/22/2023 Modified 01/28/2025 Description Inappropriate implementation in App Launcher in Google Chrome on iOS prior to 116.0.5845.96 allowed a remote attacker to potentially spoof elements of the security UI via a crafted HTML page. (Chromium security severity: Medium) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2023-4359 CVE - 2023-4359 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4359

Microsoft Edge Chromium: CVE-2023-4364 Inappropriate implementation in Permission Prompts Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 08/15/2023 Created 08/22/2023 Added 08/22/2023 Modified 01/28/2025 Description Inappropriate implementation in Permission Prompts in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2023-4364 CVE - 2023-4364 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4364

Microsoft Edge Chromium: CVE-2023-4350 Inappropriate implementation in Fullscreen Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 08/15/2023 Created 08/22/2023 Added 08/22/2023 Modified 01/28/2025 Description Inappropriate implementation in Fullscreen in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2023-4350 CVE - 2023-4350 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4350

Microsoft Edge Chromium: CVE-2023-4358 Use after free in DNS Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/15/2023 Created 08/22/2023 Added 08/22/2023 Modified 01/28/2025 Description Use after free in DNS in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2023-4358 CVE - 2023-4358 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4358

Ubuntu: USN-6822-1 (CVE-2023-32006): Node.js vulnerabilities Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 08/15/2023 Created 07/02/2024 Added 07/01/2024 Modified 01/28/2025 Description The use of `module.constructor.createRequire()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x, and, 20.x. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js. Solution(s) ubuntu-upgrade-libnode108 ubuntu-upgrade-libnode72 ubuntu-upgrade-nodejs References https://attackerkb.com/topics/cve-2023-32006 CVE - 2023-32006 USN-6822-1

Ubuntu: (Multiple Advisories) (CVE-2023-38288): LibTIFF vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 08/15/2023 Created 08/16/2023 Added 08/16/2023 Modified 05/13/2024 Description Deprecated Solution(s)

Ubuntu: USN-6313-1 (CVE-2023-38857): FAAD2 vulnerabilities Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 08/15/2023 Created 08/31/2023 Added 08/31/2023 Modified 01/28/2025 Description Buffer Overflow vulnerability infaad2 v.2.10.1 allows a remote attacker to execute arbitrary code and cause a denial of service via the stcoin function in mp4read.c. Solution(s) ubuntu-pro-upgrade-faad ubuntu-pro-upgrade-libfaad-dev ubuntu-pro-upgrade-libfaad2 References https://attackerkb.com/topics/cve-2023-38857 CVE - 2023-38857 USN-6313-1

Debian: CVE-2023-4349: chromium -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/15/2023 Created 08/21/2023 Added 08/21/2023 Modified 01/28/2025 Description Use after free in Device Trust Connectors in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2023-4349 CVE - 2023-4349 DSA-5479-1

Debian: CVE-2023-4367: chromium -- security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 08/15/2023 Created 08/21/2023 Added 08/21/2023 Modified 01/28/2025 Description Insufficient policy enforcement in Extensions API in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via a crafted HTML page. (Chromium security severity: Medium) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2023-4367 CVE - 2023-4367 DSA-5479-1

Debian: CVE-2023-4366: chromium -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/15/2023 Created 08/21/2023 Added 08/21/2023 Modified 01/28/2025 Description Use after free in Extensions in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2023-4366 CVE - 2023-4366 DSA-5479-1

Debian: CVE-2023-4359: chromium -- security update Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 08/15/2023 Created 08/21/2023 Added 08/21/2023 Modified 01/28/2025 Description Inappropriate implementation in App Launcher in Google Chrome on iOS prior to 116.0.5845.96 allowed a remote attacker to potentially spoof elements of the security UI via a crafted HTML page. (Chromium security severity: Medium) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2023-4359 CVE - 2023-4359 DSA-5479-1

Debian: CVE-2023-4357: chromium -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/15/2023 Created 08/21/2023 Added 08/21/2023 Modified 01/28/2025 Description Insufficient validation of untrusted input in XML in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2023-4357 CVE - 2023-4357 DSA-5479-1

Gentoo Linux: CVE-2023-4351: Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/15/2023 Created 02/02/2024 Added 02/01/2024 Modified 01/28/2025 Description Use after free in Network in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who has elicited a browser shutdown to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) gentoo-linux-upgrade-www-client-chromium gentoo-linux-upgrade-www-client-google-chrome gentoo-linux-upgrade-www-client-microsoft-edge References https://attackerkb.com/topics/cve-2023-4351 CVE - 2023-4351 202401-34

Gentoo Linux: CVE-2023-4368: Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/15/2023 Created 02/02/2024 Added 02/01/2024 Modified 01/28/2025 Description Insufficient policy enforcement in Extensions API in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via a crafted HTML page. (Chromium security severity: Medium) Solution(s) gentoo-linux-upgrade-www-client-chromium gentoo-linux-upgrade-www-client-google-chrome gentoo-linux-upgrade-www-client-microsoft-edge References https://attackerkb.com/topics/cve-2023-4368 CVE - 2023-4368 202401-34

Gentoo Linux: CVE-2023-38858: FAAD2: Multiple Vulnerabilities Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/15/2023 Created 01/12/2024 Added 01/11/2024 Modified 01/28/2025 Description Buffer Overflow vulnerability infaad2 v.2.10.1 allows a remote attacker to execute arbitrary code and cause a denial of service via the mp4info function in mp4read.c:1039. Solution(s) gentoo-linux-upgrade-media-libs-faad2 References https://attackerkb.com/topics/cve-2023-38858 CVE - 2023-38858 202401-13

Gentoo Linux: CVE-2023-4350: Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 08/15/2023 Created 02/02/2024 Added 02/01/2024 Modified 01/28/2025 Description Inappropriate implementation in Fullscreen in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High) Solution(s) gentoo-linux-upgrade-www-client-chromium gentoo-linux-upgrade-www-client-google-chrome gentoo-linux-upgrade-www-client-microsoft-edge References https://attackerkb.com/topics/cve-2023-4350 CVE - 2023-4350 202401-34

Gentoo Linux: CVE-2023-4356: Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/15/2023 Created 02/02/2024 Added 02/01/2024 Modified 01/28/2025 Description Use after free in Audio in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who has convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Solution(s) gentoo-linux-upgrade-www-client-chromium gentoo-linux-upgrade-www-client-google-chrome gentoo-linux-upgrade-www-client-microsoft-edge References https://attackerkb.com/topics/cve-2023-4356 CVE - 2023-4356 202401-34

Gentoo Linux: CVE-2023-4367: Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 08/15/2023 Created 02/02/2024 Added 02/01/2024 Modified 01/28/2025 Description Insufficient policy enforcement in Extensions API in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via a crafted HTML page. (Chromium security severity: Medium) Solution(s) gentoo-linux-upgrade-www-client-chromium gentoo-linux-upgrade-www-client-google-chrome gentoo-linux-upgrade-www-client-microsoft-edge References https://attackerkb.com/topics/cve-2023-4367 CVE - 2023-4367 202401-34

SUSE: CVE-2023-4364: SUSE Linux Security Advisory Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 08/15/2023 Created 08/22/2023 Added 08/22/2023 Modified 01/28/2025 Description Inappropriate implementation in Permission Prompts in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium suse-upgrade-opera References https://attackerkb.com/topics/cve-2023-4364 CVE - 2023-4364

SUSE: CVE-2023-4350: SUSE Linux Security Advisory Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 08/15/2023 Created 08/22/2023 Added 08/22/2023 Modified 01/28/2025 Description Inappropriate implementation in Fullscreen in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium suse-upgrade-opera References https://attackerkb.com/topics/cve-2023-4350 CVE - 2023-4350

SUSE: CVE-2023-4359: SUSE Linux Security Advisory Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 08/15/2023 Created 08/22/2023 Added 08/22/2023 Modified 01/28/2025 Description Inappropriate implementation in App Launcher in Google Chrome on iOS prior to 116.0.5845.96 allowed a remote attacker to potentially spoof elements of the security UI via a crafted HTML page. (Chromium security severity: Medium) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium suse-upgrade-opera References https://attackerkb.com/topics/cve-2023-4359 CVE - 2023-4359

Microsoft Edge Chromium: CVE-2023-4353 Heap buffer overflow in ANGLE Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/15/2023 Created 08/22/2023 Added 08/22/2023 Modified 01/28/2025 Description Heap buffer overflow in ANGLE in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2023-4353 CVE - 2023-4353 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4353

Microsoft Edge Chromium: CVE-2023-4365 Inappropriate implementation in Fullscreen Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 08/15/2023 Created 08/22/2023 Added 08/22/2023 Modified 01/28/2025 Description Inappropriate implementation in Fullscreen in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2023-4365 CVE - 2023-4365 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4365

CVE-2023-36895: Microsoft Outlook Remote Code Execution Vulnerability [Office for Mac] Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 08/15/2023 Created 11/15/2023 Added 11/10/2023 Modified 01/28/2025 Description CVE-2023-36895: Microsoft Outlook Remote Code Execution Vulnerability [Office for Mac] Solution(s) office-for-mac-upgrade-16_76_0 References https://attackerkb.com/topics/cve-2023-36895 CVE - 2023-36895 https://learn.microsoft.com/en-us/officeupdates/release-notes-office-for-mac#august-15-2023

Microsoft Edge Chromium: CVE-2023-4366 Use after free in Extensions Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/15/2023 Created 08/22/2023 Added 08/22/2023 Modified 01/28/2025 Description Use after free in Extensions in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2023-4366 CVE - 2023-4366 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4366