ISHACK AI BOT

SUSE: CVE-2023-4068: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:N) Published 08/03/2023 Created 08/09/2023 Added 08/08/2023 Modified 01/28/2025 Description Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium suse-upgrade-opera References https://attackerkb.com/topics/cve-2023-4068 CVE - 2023-4068

Google Chrome Vulnerability: CVE-2023-4068 Type Confusion in V8 Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:N) Published 08/03/2023 Created 08/03/2023 Added 08/03/2023 Modified 01/28/2025 Description Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2023-4068 CVE - 2023-4068 https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop.html

Google Chrome Vulnerability: CVE-2023-4076 Use after free in WebRTC Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/03/2023 Created 08/03/2023 Added 08/03/2023 Modified 01/28/2025 Description Use after free in WebRTC in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted WebRTC session. (Chromium security severity: High) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2023-4076 CVE - 2023-4076 https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop.html

Gentoo Linux: CVE-2023-4078: QtWebEngine: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/03/2023 Created 11/28/2023 Added 11/27/2023 Modified 01/28/2025 Description Inappropriate implementation in Extensions in Google Chrome prior to 115.0.5790.170 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: Medium) Solution(s) gentoo-linux-upgrade-dev-qt-qtwebengine gentoo-linux-upgrade-www-client-chromium gentoo-linux-upgrade-www-client-google-chrome gentoo-linux-upgrade-www-client-microsoft-edge References https://attackerkb.com/topics/cve-2023-4078 CVE - 2023-4078 202311-11 202312-07 202401-34

Gentoo Linux: CVE-2023-4068: QtWebEngine: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:N) Published 08/03/2023 Created 11/28/2023 Added 11/27/2023 Modified 01/28/2025 Description Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) Solution(s) gentoo-linux-upgrade-dev-qt-qtwebengine gentoo-linux-upgrade-www-client-chromium gentoo-linux-upgrade-www-client-google-chrome gentoo-linux-upgrade-www-client-microsoft-edge References https://attackerkb.com/topics/cve-2023-4068 CVE - 2023-4068 202311-11 202312-07 202401-34

Gentoo Linux: CVE-2023-4069: QtWebEngine: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/03/2023 Created 11/28/2023 Added 11/27/2023 Modified 01/28/2025 Description Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) gentoo-linux-upgrade-dev-qt-qtwebengine gentoo-linux-upgrade-www-client-chromium gentoo-linux-upgrade-www-client-google-chrome gentoo-linux-upgrade-www-client-microsoft-edge References https://attackerkb.com/topics/cve-2023-4069 CVE - 2023-4069 202311-11 202312-07 202401-34

Gentoo Linux: CVE-2023-4070: QtWebEngine: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:N) Published 08/03/2023 Created 11/28/2023 Added 11/27/2023 Modified 01/28/2025 Description Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) Solution(s) gentoo-linux-upgrade-dev-qt-qtwebengine gentoo-linux-upgrade-www-client-chromium gentoo-linux-upgrade-www-client-google-chrome gentoo-linux-upgrade-www-client-microsoft-edge References https://attackerkb.com/topics/cve-2023-4070 CVE - 2023-4070 202311-11 202312-07 202401-34

Gentoo Linux: CVE-2023-4071: QtWebEngine: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/03/2023 Created 11/28/2023 Added 11/27/2023 Modified 01/28/2025 Description Heap buffer overflow in Visuals in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) gentoo-linux-upgrade-dev-qt-qtwebengine gentoo-linux-upgrade-www-client-chromium gentoo-linux-upgrade-www-client-google-chrome gentoo-linux-upgrade-www-client-microsoft-edge References https://attackerkb.com/topics/cve-2023-4071 CVE - 2023-4071 202311-11 202312-07 202401-34

Gentoo Linux: CVE-2023-4072: QtWebEngine: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/03/2023 Created 11/28/2023 Added 11/27/2023 Modified 01/28/2025 Description Out of bounds read and write in WebGL in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) gentoo-linux-upgrade-dev-qt-qtwebengine gentoo-linux-upgrade-www-client-chromium gentoo-linux-upgrade-www-client-google-chrome gentoo-linux-upgrade-www-client-microsoft-edge References https://attackerkb.com/topics/cve-2023-4072 CVE - 2023-4072 202311-11 202312-07 202401-34

Gentoo Linux: CVE-2023-4073: QtWebEngine: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/03/2023 Created 11/28/2023 Added 11/27/2023 Modified 01/28/2025 Description Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) gentoo-linux-upgrade-dev-qt-qtwebengine gentoo-linux-upgrade-www-client-chromium gentoo-linux-upgrade-www-client-google-chrome gentoo-linux-upgrade-www-client-microsoft-edge References https://attackerkb.com/topics/cve-2023-4073 CVE - 2023-4073 202311-11 202312-07 202401-34

Gentoo Linux: CVE-2023-4074: QtWebEngine: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/03/2023 Created 11/28/2023 Added 11/27/2023 Modified 01/28/2025 Description Use after free in Blink Task Scheduling in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) gentoo-linux-upgrade-dev-qt-qtwebengine gentoo-linux-upgrade-www-client-chromium gentoo-linux-upgrade-www-client-google-chrome gentoo-linux-upgrade-www-client-microsoft-edge References https://attackerkb.com/topics/cve-2023-4074 CVE - 2023-4074 202311-11 202312-07 202401-34

Gentoo Linux: CVE-2023-4075: QtWebEngine: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/03/2023 Created 11/28/2023 Added 11/27/2023 Modified 01/28/2025 Description Use after free in Cast in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) gentoo-linux-upgrade-dev-qt-qtwebengine gentoo-linux-upgrade-www-client-chromium gentoo-linux-upgrade-www-client-google-chrome gentoo-linux-upgrade-www-client-microsoft-edge References https://attackerkb.com/topics/cve-2023-4075 CVE - 2023-4075 202311-11 202312-07 202401-34

Red Hat: CVE-2023-4133: kernel: cxgb4: use-after-free in ch_flower_stats_cb() (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 08/03/2023 Created 05/24/2024 Added 05/23/2024 Modified 12/05/2024 Description A use-after-free vulnerability was found in the cxgb4 driver in the Linux kernel. The bug occurs when the cxgb4 device is detaching due to a possible rearming of the flower_stats_timer from the work queue. This flaw allows a local user to crash the system, causing a denial of service condition. Solution(s) redhat-upgrade-kernel redhat-upgrade-kernel-rt References CVE-2023-4133 RHSA-2024:2394 RHSA-2024:2950 RHSA-2024:3138

Red Hat: CVE-2023-0118: Important: Satellite 6.13.3 Async Security Update (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:M/C:C/I:C/A:C) Published 08/03/2023 Created 08/04/2023 Added 08/04/2023 Modified 01/28/2025 Description An arbitrary code execution flaw was found in Foreman. This flaw allows an admin user to bypass safe mode in templates and execute arbitrary code on the underlying operating system. Solution(s) redhat-upgrade-foreman-cli redhat-upgrade-python39-pulp_manifest redhat-upgrade-rubygem-amazing_print redhat-upgrade-rubygem-apipie-bindings redhat-upgrade-rubygem-clamp redhat-upgrade-rubygem-domain_name redhat-upgrade-rubygem-fast_gettext redhat-upgrade-rubygem-ffi redhat-upgrade-rubygem-ffi-debuginfo redhat-upgrade-rubygem-ffi-debugsource redhat-upgrade-rubygem-foreman_maintain redhat-upgrade-rubygem-gssapi redhat-upgrade-rubygem-hammer_cli redhat-upgrade-rubygem-hammer_cli_foreman redhat-upgrade-rubygem-hammer_cli_foreman_admin redhat-upgrade-rubygem-hammer_cli_foreman_ansible redhat-upgrade-rubygem-hammer_cli_foreman_azure_rm redhat-upgrade-rubygem-hammer_cli_foreman_bootdisk redhat-upgrade-rubygem-hammer_cli_foreman_discovery redhat-upgrade-rubygem-hammer_cli_foreman_google redhat-upgrade-rubygem-hammer_cli_foreman_openscap redhat-upgrade-rubygem-hammer_cli_foreman_remote_execution redhat-upgrade-rubygem-hammer_cli_foreman_tasks redhat-upgrade-rubygem-hammer_cli_foreman_templates redhat-upgrade-rubygem-hammer_cli_foreman_virt_who_configure redhat-upgrade-rubygem-hammer_cli_foreman_webhooks redhat-upgrade-rubygem-hammer_cli_katello redhat-upgrade-rubygem-hashie redhat-upgrade-rubygem-highline redhat-upgrade-rubygem-http-accept redhat-upgrade-rubygem-http-cookie redhat-upgrade-rubygem-jwt redhat-upgrade-rubygem-little-plugger redhat-upgrade-rubygem-locale redhat-upgrade-rubygem-logging redhat-upgrade-rubygem-mime-types redhat-upgrade-rubygem-mime-types-data redhat-upgrade-rubygem-multi_json redhat-upgrade-rubygem-netrc redhat-upgrade-rubygem-oauth redhat-upgrade-rubygem-oauth-tty redhat-upgrade-rubygem-powerbar redhat-upgrade-rubygem-rest-client redhat-upgrade-rubygem-snaky_hash redhat-upgrade-rubygem-unf redhat-upgrade-rubygem-unf_ext redhat-upgrade-rubygem-unf_ext-debuginfo redhat-upgrade-rubygem-unf_ext-debugsource redhat-upgrade-rubygem-unicode redhat-upgrade-rubygem-unicode-debuginfo redhat-upgrade-rubygem-unicode-debugsource redhat-upgrade-rubygem-unicode-display_width redhat-upgrade-rubygem-version_gem redhat-upgrade-satellite redhat-upgrade-satellite-branding redhat-upgrade-satellite-cli redhat-upgrade-satellite-clone redhat-upgrade-satellite-maintain References CVE-2023-0118

Alma Linux: CVE-2023-4132: Important: kernel security, bug fix, and enhancement update (ALSA-2023-7077) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 08/03/2023 Created 11/29/2023 Added 11/28/2023 Modified 01/28/2025 Description A use-after-free vulnerability was found in the siano smsusb module in the Linux kernel. The bug occurs during device initialization when the siano device is plugged in. This flaw allows a local user to crash the system, causing a denial of service condition. Solution(s) alma-upgrade-bpftool alma-upgrade-kernel alma-upgrade-kernel-abi-stablelists alma-upgrade-kernel-core alma-upgrade-kernel-cross-headers alma-upgrade-kernel-debug alma-upgrade-kernel-debug-core alma-upgrade-kernel-debug-devel alma-upgrade-kernel-debug-modules alma-upgrade-kernel-debug-modules-extra alma-upgrade-kernel-devel alma-upgrade-kernel-doc alma-upgrade-kernel-headers alma-upgrade-kernel-modules alma-upgrade-kernel-modules-extra alma-upgrade-kernel-tools alma-upgrade-kernel-tools-libs alma-upgrade-kernel-tools-libs-devel alma-upgrade-kernel-zfcpdump alma-upgrade-kernel-zfcpdump-core alma-upgrade-kernel-zfcpdump-devel alma-upgrade-kernel-zfcpdump-modules alma-upgrade-kernel-zfcpdump-modules-extra alma-upgrade-perf alma-upgrade-python3-perf References https://attackerkb.com/topics/cve-2023-4132 CVE - 2023-4132 https://errata.almalinux.org/8/ALSA-2023-7077.html

Amazon Linux 2023: CVE-2023-3823: Important priority package update for php8.2 (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 08/03/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description In PHP versions 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8 various XML functions rely on libxml global state to track configuration variables, like whether external entities are loaded. This state is assumed to be unchanged unless the user explicitly changes it by calling appropriate function. However, since the state is process-global, other modules - such as ImageMagick - may also use this library within the same process, and change that global state for their internal purposes, and leave it in a state where external entities loading is enabled. This can lead to the situation where external XML is parsed with external entities loaded, which can lead to disclosure of any local files accessible to PHP. This vulnerable state may persist in the same process across many requests, until the process is shut down. A flaw was found in PHP due to inadequate validation of user-supplied XML input. By leveraging specially crafted XML code, a remote attacker could obtain sensitive information by viewing the contents of arbitrary files on the system or initiating requests to external systems. This issue may allow unauthorized access to sensitive data and the potential for network scanning of internal and external infrastructure. Solution(s) amazon-linux-2023-upgrade-php8-1 amazon-linux-2023-upgrade-php8-1-bcmath amazon-linux-2023-upgrade-php8-1-bcmath-debuginfo amazon-linux-2023-upgrade-php8-1-cli amazon-linux-2023-upgrade-php8-1-cli-debuginfo amazon-linux-2023-upgrade-php8-1-common amazon-linux-2023-upgrade-php8-1-common-debuginfo amazon-linux-2023-upgrade-php8-1-dba amazon-linux-2023-upgrade-php8-1-dba-debuginfo amazon-linux-2023-upgrade-php8-1-dbg amazon-linux-2023-upgrade-php8-1-dbg-debuginfo amazon-linux-2023-upgrade-php8-1-debuginfo amazon-linux-2023-upgrade-php8-1-debugsource amazon-linux-2023-upgrade-php8-1-devel amazon-linux-2023-upgrade-php8-1-embedded amazon-linux-2023-upgrade-php8-1-embedded-debuginfo amazon-linux-2023-upgrade-php8-1-enchant amazon-linux-2023-upgrade-php8-1-enchant-debuginfo amazon-linux-2023-upgrade-php8-1-ffi amazon-linux-2023-upgrade-php8-1-ffi-debuginfo amazon-linux-2023-upgrade-php8-1-fpm amazon-linux-2023-upgrade-php8-1-fpm-debuginfo amazon-linux-2023-upgrade-php8-1-gd amazon-linux-2023-upgrade-php8-1-gd-debuginfo amazon-linux-2023-upgrade-php8-1-gmp amazon-linux-2023-upgrade-php8-1-gmp-debuginfo amazon-linux-2023-upgrade-php8-1-intl amazon-linux-2023-upgrade-php8-1-intl-debuginfo amazon-linux-2023-upgrade-php8-1-ldap amazon-linux-2023-upgrade-php8-1-ldap-debuginfo amazon-linux-2023-upgrade-php8-1-mbstring amazon-linux-2023-upgrade-php8-1-mbstring-debuginfo amazon-linux-2023-upgrade-php8-1-mysqlnd amazon-linux-2023-upgrade-php8-1-mysqlnd-debuginfo amazon-linux-2023-upgrade-php8-1-odbc amazon-linux-2023-upgrade-php8-1-odbc-debuginfo amazon-linux-2023-upgrade-php8-1-opcache amazon-linux-2023-upgrade-php8-1-opcache-debuginfo amazon-linux-2023-upgrade-php8-1-pdo amazon-linux-2023-upgrade-php8-1-pdo-debuginfo amazon-linux-2023-upgrade-php8-1-pgsql amazon-linux-2023-upgrade-php8-1-pgsql-debuginfo amazon-linux-2023-upgrade-php8-1-process amazon-linux-2023-upgrade-php8-1-process-debuginfo amazon-linux-2023-upgrade-php8-1-pspell amazon-linux-2023-upgrade-php8-1-pspell-debuginfo amazon-linux-2023-upgrade-php8-1-snmp amazon-linux-2023-upgrade-php8-1-snmp-debuginfo amazon-linux-2023-upgrade-php8-1-soap amazon-linux-2023-upgrade-php8-1-soap-debuginfo amazon-linux-2023-upgrade-php8-1-tidy amazon-linux-2023-upgrade-php8-1-tidy-debuginfo amazon-linux-2023-upgrade-php8-1-xml amazon-linux-2023-upgrade-php8-1-xml-debuginfo amazon-linux-2023-upgrade-php8-2 amazon-linux-2023-upgrade-php8-2-bcmath amazon-linux-2023-upgrade-php8-2-bcmath-debuginfo amazon-linux-2023-upgrade-php8-2-cli amazon-linux-2023-upgrade-php8-2-cli-debuginfo amazon-linux-2023-upgrade-php8-2-common amazon-linux-2023-upgrade-php8-2-common-debuginfo amazon-linux-2023-upgrade-php8-2-dba amazon-linux-2023-upgrade-php8-2-dba-debuginfo amazon-linux-2023-upgrade-php8-2-dbg amazon-linux-2023-upgrade-php8-2-dbg-debuginfo amazon-linux-2023-upgrade-php8-2-debuginfo amazon-linux-2023-upgrade-php8-2-debugsource amazon-linux-2023-upgrade-php8-2-devel amazon-linux-2023-upgrade-php8-2-embedded amazon-linux-2023-upgrade-php8-2-embedded-debuginfo amazon-linux-2023-upgrade-php8-2-enchant amazon-linux-2023-upgrade-php8-2-enchant-debuginfo amazon-linux-2023-upgrade-php8-2-ffi amazon-linux-2023-upgrade-php8-2-ffi-debuginfo amazon-linux-2023-upgrade-php8-2-fpm amazon-linux-2023-upgrade-php8-2-fpm-debuginfo amazon-linux-2023-upgrade-php8-2-gd amazon-linux-2023-upgrade-php8-2-gd-debuginfo amazon-linux-2023-upgrade-php8-2-gmp amazon-linux-2023-upgrade-php8-2-gmp-debuginfo amazon-linux-2023-upgrade-php8-2-intl amazon-linux-2023-upgrade-php8-2-intl-debuginfo amazon-linux-2023-upgrade-php8-2-ldap amazon-linux-2023-upgrade-php8-2-ldap-debuginfo amazon-linux-2023-upgrade-php8-2-mbstring amazon-linux-2023-upgrade-php8-2-mbstring-debuginfo amazon-linux-2023-upgrade-php8-2-mysqlnd amazon-linux-2023-upgrade-php8-2-mysqlnd-debuginfo amazon-linux-2023-upgrade-php8-2-odbc amazon-linux-2023-upgrade-php8-2-odbc-debuginfo amazon-linux-2023-upgrade-php8-2-opcache amazon-linux-2023-upgrade-php8-2-opcache-debuginfo amazon-linux-2023-upgrade-php8-2-pdo amazon-linux-2023-upgrade-php8-2-pdo-debuginfo amazon-linux-2023-upgrade-php8-2-pgsql amazon-linux-2023-upgrade-php8-2-pgsql-debuginfo amazon-linux-2023-upgrade-php8-2-process amazon-linux-2023-upgrade-php8-2-process-debuginfo amazon-linux-2023-upgrade-php8-2-pspell amazon-linux-2023-upgrade-php8-2-pspell-debuginfo amazon-linux-2023-upgrade-php8-2-snmp amazon-linux-2023-upgrade-php8-2-snmp-debuginfo amazon-linux-2023-upgrade-php8-2-soap amazon-linux-2023-upgrade-php8-2-soap-debuginfo amazon-linux-2023-upgrade-php8-2-tidy amazon-linux-2023-upgrade-php8-2-tidy-debuginfo amazon-linux-2023-upgrade-php8-2-xml amazon-linux-2023-upgrade-php8-2-xml-debuginfo References https://attackerkb.com/topics/cve-2023-3823 CVE - 2023-3823 https://alas.aws.amazon.com/AL2023/ALAS-2023-324.html https://alas.aws.amazon.com/AL2023/ALAS-2023-325.html

FreeBSD: (Multiple Advisories) (CVE-2023-4073): electron25 -- multiple vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/03/2023 Created 08/09/2023 Added 08/05/2023 Modified 01/28/2025 Description Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) freebsd-upgrade-package-chromium freebsd-upgrade-package-electron25 freebsd-upgrade-package-ungoogled-chromium References CVE-2023-4073

SUSE: CVE-2023-4072: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/03/2023 Created 08/09/2023 Added 08/08/2023 Modified 01/28/2025 Description Out of bounds read and write in WebGL in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium suse-upgrade-opera References https://attackerkb.com/topics/cve-2023-4072 CVE - 2023-4072

Google Chrome Vulnerability: CVE-2023-4077 Insufficient data validation in Extensions Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/03/2023 Created 08/03/2023 Added 08/03/2023 Modified 01/28/2025 Description Insufficient data validation in Extensions in Google Chrome prior to 115.0.5790.170 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: Medium) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2023-4077 CVE - 2023-4077 https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop.html

SUSE: CVE-2023-4076: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/03/2023 Created 08/09/2023 Added 08/08/2023 Modified 01/28/2025 Description Use after free in WebRTC in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted WebRTC session. (Chromium security severity: High) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium suse-upgrade-opera References https://attackerkb.com/topics/cve-2023-4076 CVE - 2023-4076

Google Chrome Vulnerability: CVE-2023-4072 Out of bounds read and write in WebGL Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/03/2023 Created 08/03/2023 Added 08/03/2023 Modified 01/28/2025 Description Out of bounds read and write in WebGL in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2023-4072 CVE - 2023-4072 https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop.html

Oracle Linux: CVE-2023-4194: ELSA-2023-6583:kernel security, bug fix, and enhancement update (IMPORTANT) (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:C/A:N) Published 08/03/2023 Created 11/18/2023 Added 11/16/2023 Modified 11/29/2024 Description A flaw was found in the Linux kernel's TUN/TAP functionality. This issue could allow a local user to bypass network filters and gain unauthorized access to some resources. The original patches fixing CVE-2023-1076 are incorrect or incomplete. The problem is that the following upstream commits - a096ccca6e50 ("tun: tun_chr_open(): correctly initialize socket uid"), - 66b2c338adce ("tap: tap_open(): correctly initialize socket uid"), pass "inode->i_uid" to sock_init_data_uid() as the last parameter and that turns out to not be accurate. Solution(s) oracle-linux-upgrade-kernel References https://attackerkb.com/topics/cve-2023-4194 CVE - 2023-4194 ELSA-2023-6583

Microsoft Edge Chromium: CVE-2023-4072 Out of bounds read and write in WebGL Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/03/2023 Created 08/09/2023 Added 08/08/2023 Modified 01/28/2025 Description Out of bounds read and write in WebGL in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2023-4072 CVE - 2023-4072 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4072

Microsoft Edge Chromium: CVE-2023-4074 Use after free in Blink Task Scheduling Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/03/2023 Created 08/09/2023 Added 08/08/2023 Modified 01/28/2025 Description Use after free in Blink Task Scheduling in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2023-4074 CVE - 2023-4074 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4074

Microsoft Edge Chromium: CVE-2023-4071 Heap buffer overflow in Visuals Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/03/2023 Created 08/09/2023 Added 08/08/2023 Modified 01/28/2025 Description Heap buffer overflow in Visuals in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2023-4071 CVE - 2023-4071 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4071