ISHACK AI BOT

Microsoft Edge Chromium: CVE-2023-4355 Out of bounds memory access in V8 Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/15/2023 Created 08/22/2023 Added 08/22/2023 Modified 01/28/2025 Description Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2023-4355 CVE - 2023-4355 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4355

VideoLAN-SB-VLC-3018: Multiple vulnerabilities fixed in VLC media player Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 08/15/2023 Created 08/17/2023 Added 08/15/2023 Modified 08/15/2023 Description A denial of service could be triggered with a wrong mp4 file (div by 0) (#27202) Solution(s) videolan-vlc-upgrade-3_0_18

VideoLAN-SB-VLC-3012: Multiple vulnerabilities fixed in VLC media player Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 08/15/2023 Created 08/17/2023 Added 08/15/2023 Modified 08/15/2023 Description A remote user could create a specifically crafted file that could trigger some various issues, notably 2 read buffer overflows, and some invalid pointers being dereferenced. Solution(s) videolan-vlc-upgrade-3_0_12

SUSE: CVE-2023-4352: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/15/2023 Created 08/22/2023 Added 08/22/2023 Modified 01/28/2025 Description Type confusion in V8 in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium suse-upgrade-opera References https://attackerkb.com/topics/cve-2023-4352 CVE - 2023-4352

SUSE: CVE-2023-4349: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/15/2023 Created 08/22/2023 Added 08/22/2023 Modified 01/28/2025 Description Use after free in Device Trust Connectors in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium suse-upgrade-opera References https://attackerkb.com/topics/cve-2023-4349 CVE - 2023-4349

SUSE: CVE-2023-4365: SUSE Linux Security Advisory Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 08/15/2023 Created 08/22/2023 Added 08/22/2023 Modified 01/28/2025 Description Inappropriate implementation in Fullscreen in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium suse-upgrade-opera References https://attackerkb.com/topics/cve-2023-4365 CVE - 2023-4365

Google Chrome Vulnerability: CVE-2023-4369 Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/15/2023 Created 08/24/2023 Added 08/24/2023 Modified 01/28/2025 Description Insufficient data validation in Systems Extensions in Google Chrome on ChromeOS prior to 116.0.5845.120 allowed an attacker who convinced a user to install a malicious extension to bypass file restrictions via a crafted HTML page. (Chromium security severity: Medium) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2023-4369 CVE - 2023-4369

Google Chrome Vulnerability: CVE-2023-4356 Use after free in Audio Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/15/2023 Created 08/23/2023 Added 08/23/2023 Modified 01/28/2025 Description Use after free in Audio in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who has convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2023-4356 CVE - 2023-4356 https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html

Google Chrome Vulnerability: CVE-2023-4358 Use after free in DNS Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/15/2023 Created 08/23/2023 Added 08/23/2023 Modified 01/28/2025 Description Use after free in DNS in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2023-4358 CVE - 2023-4358 https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html

SUSE: CVE-2023-4360: SUSE Linux Security Advisory Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 08/15/2023 Created 08/22/2023 Added 08/22/2023 Modified 01/28/2025 Description Inappropriate implementation in Color in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium suse-upgrade-opera References https://attackerkb.com/topics/cve-2023-4360 CVE - 2023-4360

Debian: CVE-2023-2312: chromium -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/15/2023 Created 08/21/2023 Added 08/21/2023 Modified 01/28/2025 Description Use after free in Offline in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2023-2312 CVE - 2023-2312 DSA-5479-1

Debian: CVE-2023-32006: nodejs -- security update Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 08/15/2023 Created 01/04/2024 Added 01/03/2024 Modified 01/28/2025 Description The use of `module.constructor.createRequire()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x, and, 20.x. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js. Solution(s) debian-upgrade-nodejs References https://attackerkb.com/topics/cve-2023-32006 CVE - 2023-32006 DSA-5589-1

Debian: CVE-2023-4350: chromium -- security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 08/15/2023 Created 08/21/2023 Added 08/21/2023 Modified 01/28/2025 Description Inappropriate implementation in Fullscreen in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2023-4350 CVE - 2023-4350 DSA-5479-1

SUSE: CVE-2023-4366: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/15/2023 Created 08/22/2023 Added 08/22/2023 Modified 01/28/2025 Description Use after free in Extensions in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium suse-upgrade-opera References https://attackerkb.com/topics/cve-2023-4366 CVE - 2023-4366

SUSE: CVE-2023-4354: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/15/2023 Created 08/22/2023 Added 08/22/2023 Modified 01/28/2025 Description Heap buffer overflow in Skia in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium suse-upgrade-opera References https://attackerkb.com/topics/cve-2023-4354 CVE - 2023-4354

SUSE: CVE-2023-4358: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/15/2023 Created 08/22/2023 Added 08/22/2023 Modified 01/28/2025 Description Use after free in DNS in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium suse-upgrade-opera References https://attackerkb.com/topics/cve-2023-4358 CVE - 2023-4358

Alma Linux: CVE-2023-32006: Important: nodejs:16 security, bug fix, and enhancement update (Multiple Advisories) Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 08/15/2023 Created 09/28/2023 Added 09/28/2023 Modified 01/28/2025 Description The use of `module.constructor.createRequire()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x, and, 20.x. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js. Solution(s) alma-upgrade-nodejs alma-upgrade-nodejs-devel alma-upgrade-nodejs-docs alma-upgrade-nodejs-full-i18n alma-upgrade-nodejs-libs alma-upgrade-nodejs-nodemon alma-upgrade-nodejs-packaging alma-upgrade-nodejs-packaging-bundler alma-upgrade-npm References https://attackerkb.com/topics/cve-2023-32006 CVE - 2023-32006 https://errata.almalinux.org/8/ALSA-2023-5360.html https://errata.almalinux.org/8/ALSA-2023-5362.html https://errata.almalinux.org/9/ALSA-2023-5363.html https://errata.almalinux.org/9/ALSA-2023-5532.html

SUSE: CVE-2023-4363: SUSE Linux Security Advisory Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 08/15/2023 Created 08/22/2023 Added 08/22/2023 Modified 01/28/2025 Description Inappropriate implementation in WebShare in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to spoof the contents of a dialog URL via a crafted HTML page. (Chromium security severity: Medium) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium suse-upgrade-opera References https://attackerkb.com/topics/cve-2023-4363 CVE - 2023-4363

Rocky Linux: CVE-2023-32006: nodejs (Multiple Advisories) Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 08/15/2023 Created 03/07/2024 Added 08/15/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Microsoft Edge Chromium: CVE-2023-2312 Use after free in Offline Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/15/2023 Created 08/22/2023 Added 08/22/2023 Modified 01/28/2025 Description Use after free in Offline in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2023-2312 CVE - 2023-2312 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2312

OS X update for Find My (CVE-2023-28199) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 08/14/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for DriverKit (CVE-2022-32876) Severity 2 CVSS (AV:L/AC:L/Au:S/C:P/I:N/A:N) Published 08/14/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Assets (CVE-2022-26699) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 08/14/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Beta Access Utility (CVE-2022-42828) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/14/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Boot Camp (CVE-2022-46725) Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 08/14/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)