ISHACK AI BOT

Microsoft Edge Chromium: CVE-2023-4356 Use after free in Audio Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/15/2023 Created 08/22/2023 Added 08/22/2023 Modified 01/28/2025 Description Use after free in Audio in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who has convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2023-4356 CVE - 2023-4356 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4356

Microsoft Edge Chromium: CVE-2023-4351 Use after free in Network Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/15/2023 Created 08/22/2023 Added 08/22/2023 Modified 01/28/2025 Description Use after free in Network in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who has elicited a browser shutdown to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2023-4351 CVE - 2023-4351 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4351

Microsoft Edge Chromium: CVE-2023-4367 Insufficient policy enforcement in Extensions API Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 08/15/2023 Created 08/22/2023 Added 08/22/2023 Modified 01/28/2025 Description Insufficient policy enforcement in Extensions API in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via a crafted HTML page. (Chromium security severity: Medium) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2023-4367 CVE - 2023-4367 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4367

Microsoft Edge Chromium: CVE-2023-4362 Heap buffer overflow in Mojom IDL Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/15/2023 Created 08/22/2023 Added 08/22/2023 Modified 01/28/2025 Description Heap buffer overflow in Mojom IDL in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process and gained control of a WebUI process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2023-4362 CVE - 2023-4362 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4362

Microsoft Edge Chromium: CVE-2023-4349 Use after free in Device Trust Connectors Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/15/2023 Created 08/22/2023 Added 08/22/2023 Modified 01/28/2025 Description Use after free in Device Trust Connectors in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2023-4349 CVE - 2023-4349 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4349

VMware Photon OS: CVE-2023-4353 Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 08/15/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Heap buffer overflow in ANGLE in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-4353 CVE - 2023-4353

CentOS Linux: CVE-2023-32006: Important: nodejs:16 security, bug fix, and enhancement update (Multiple Advisories) Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 08/15/2023 Created 09/28/2023 Added 09/27/2023 Modified 01/28/2025 Description The use of `module.constructor.createRequire()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x, and, 20.x. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js. Solution(s) centos-upgrade-nodejs centos-upgrade-nodejs-debuginfo centos-upgrade-nodejs-debugsource centos-upgrade-nodejs-devel centos-upgrade-nodejs-docs centos-upgrade-nodejs-full-i18n centos-upgrade-nodejs-libs centos-upgrade-nodejs-libs-debuginfo centos-upgrade-nodejs-nodemon centos-upgrade-nodejs-packaging centos-upgrade-nodejs-packaging-bundler centos-upgrade-npm References CVE-2023-32006

SUSE: CVE-2023-4368: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/15/2023 Created 08/22/2023 Added 08/22/2023 Modified 01/28/2025 Description Insufficient policy enforcement in Extensions API in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via a crafted HTML page. (Chromium security severity: Medium) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium suse-upgrade-opera References https://attackerkb.com/topics/cve-2023-4368 CVE - 2023-4368

Ubuntu: (Multiple Advisories) (CVE-2023-38289): LibTIFF vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 08/15/2023 Created 08/16/2023 Added 08/16/2023 Modified 05/13/2024 Description Deprecated Solution(s)

SUSE: CVE-2023-4351: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/15/2023 Created 08/22/2023 Added 08/22/2023 Modified 01/28/2025 Description Use after free in Network in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who has elicited a browser shutdown to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium suse-upgrade-opera References https://attackerkb.com/topics/cve-2023-4351 CVE - 2023-4351

SUSE: CVE-2023-4362: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/15/2023 Created 08/22/2023 Added 08/22/2023 Modified 01/28/2025 Description Heap buffer overflow in Mojom IDL in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process and gained control of a WebUI process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium suse-upgrade-opera References https://attackerkb.com/topics/cve-2023-4362 CVE - 2023-4362

SUSE: CVE-2023-4361: SUSE Linux Security Advisory Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 08/15/2023 Created 08/22/2023 Added 08/22/2023 Modified 01/28/2025 Description Inappropriate implementation in Autofill in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Medium) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium suse-upgrade-opera References https://attackerkb.com/topics/cve-2023-4361 CVE - 2023-4361

SUSE: CVE-2023-4357: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/15/2023 Created 08/22/2023 Added 08/22/2023 Modified 01/28/2025 Description Insufficient validation of untrusted input in XML in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium suse-upgrade-opera References https://attackerkb.com/topics/cve-2023-4357 CVE - 2023-4357

SUSE: CVE-2023-4355: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/15/2023 Created 08/22/2023 Added 08/22/2023 Modified 01/28/2025 Description Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium suse-upgrade-opera References https://attackerkb.com/topics/cve-2023-4355 CVE - 2023-4355

SUSE: CVE-2023-4353: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/15/2023 Created 08/22/2023 Added 08/22/2023 Modified 01/28/2025 Description Heap buffer overflow in ANGLE in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium suse-upgrade-opera References https://attackerkb.com/topics/cve-2023-4353 CVE - 2023-4353

Google Chrome Vulnerability: CVE-2023-2312 Use after free in Offline Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/15/2023 Created 08/23/2023 Added 08/23/2023 Modified 01/28/2025 Description Use after free in Offline in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2023-2312 CVE - 2023-2312

Google Chrome Vulnerability: CVE-2023-4359 Inappropriate implementation in App Launcher Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 08/15/2023 Created 08/23/2023 Added 08/23/2023 Modified 01/28/2025 Description Inappropriate implementation in App Launcher in Google Chrome on iOS prior to 116.0.5845.96 allowed a remote attacker to potentially spoof elements of the security UI via a crafted HTML page. (Chromium security severity: Medium) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2023-4359 CVE - 2023-4359

Google Chrome Vulnerability: CVE-2023-4367 Insufficient policy enforcement in Extensions API Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 08/15/2023 Created 08/23/2023 Added 08/23/2023 Modified 01/28/2025 Description Insufficient policy enforcement in Extensions API in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via a crafted HTML page. (Chromium security severity: Medium) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2023-4367 CVE - 2023-4367 https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html

Ubuntu: USN-6313-1 (CVE-2023-38858): FAAD2 vulnerabilities Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/15/2023 Created 08/31/2023 Added 08/31/2023 Modified 01/28/2025 Description Buffer Overflow vulnerability infaad2 v.2.10.1 allows a remote attacker to execute arbitrary code and cause a denial of service via the mp4info function in mp4read.c:1039. Solution(s) ubuntu-pro-upgrade-faad ubuntu-pro-upgrade-libfaad-dev ubuntu-pro-upgrade-libfaad2 References https://attackerkb.com/topics/cve-2023-38858 CVE - 2023-38858 USN-6313-1

Microsoft Edge Chromium: CVE-2023-4357 Insufficient validation of untrusted input in XML Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/15/2023 Created 08/22/2023 Added 08/22/2023 Modified 01/28/2025 Description Insufficient validation of untrusted input in XML in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2023-4357 CVE - 2023-4357 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4357

FreeBSD: VID-5666688F-803B-4CF0-9CB1-08C088F2225A (CVE-2023-4349): chromium -- multiple vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/15/2023 Created 08/21/2023 Added 08/18/2023 Modified 01/28/2025 Description Use after free in Device Trust Connectors in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) freebsd-upgrade-package-chromium freebsd-upgrade-package-ungoogled-chromium References CVE-2023-4349

Alpine Linux: CVE-2023-38857: Out-of-bounds Write Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 08/15/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description Buffer Overflow vulnerability infaad2 v.2.10.1 allows a remote attacker to execute arbitrary code and cause a denial of service via the stcoin function in mp4read.c. Solution(s) alpine-linux-upgrade-faad2 References https://attackerkb.com/topics/cve-2023-38857 CVE - 2023-38857 https://security.alpinelinux.org/vuln/CVE-2023-38857

Alpine Linux: CVE-2023-32006: Vulnerability in Multiple Components Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 08/15/2023 Created 04/09/2024 Added 03/26/2024 Modified 10/02/2024 Description The use of `module.constructor.createRequire()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x, and, 20.x. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js. Solution(s) alpine-linux-upgrade-nodejs References https://attackerkb.com/topics/cve-2023-32006 CVE - 2023-32006 https://security.alpinelinux.org/vuln/CVE-2023-32006

Alpine Linux: CVE-2023-32003: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 08/15/2023 Created 03/22/2024 Added 03/21/2024 Modified 03/22/2024 Description `fs.mkdtemp()` and `fs.mkdtempSync()` can be used to bypass the permission model check using a path traversal attack. This flaw arises from a missing check in the fs.mkdtemp() API and the impact is a malicious actor could create an arbitrary directory. This vulnerability affects all users using the experimental permission model in Node.js 20. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js. Solution(s) alpine-linux-upgrade-nodejs References https://attackerkb.com/topics/cve-2023-32003 CVE - 2023-32003 https://security.alpinelinux.org/vuln/CVE-2023-32003

Alpine Linux: CVE-2023-32004: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 08/15/2023 Created 03/22/2024 Added 03/21/2024 Modified 03/22/2024 Description A vulnerability has been discovered in Node.js version 20, specifically within the experimental permission model. This flaw relates to improper handling of Buffers in file system APIs causing a traversal path to bypass when verifying file permissions. This vulnerability affects all users using the experimental permission model in Node.js 20. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js. Solution(s) alpine-linux-upgrade-nodejs References https://attackerkb.com/topics/cve-2023-32004 CVE - 2023-32004 https://security.alpinelinux.org/vuln/CVE-2023-32004