Debian Linux vulnerabilities

CVE-2023-4362 [HIGH] CWE-787 CVE-2023-4362: Heap buffer overflow in Mojom IDL in Google Chrome prior to 116.0.5845.96 allowed a remote attacker Heap buffer overflow in Mojom IDL in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process and gained control of a WebUI process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

CVE-2023-4349 [HIGH] CWE-416 CVE-2023-4349: Use after free in Device Trust Connectors in Google Chrome prior to 116.0.5845.96 allowed a remote a Use after free in Device Trust Connectors in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2023-4354 [HIGH] CWE-787 CVE-2023-4354: Heap buffer overflow in Skia in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who h Heap buffer overflow in Skia in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2023-4352 [HIGH] CWE-843 CVE-2023-4352: Type confusion in V8 in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentiall Type confusion in V8 in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2023-4353 [HIGH] CWE-787 CVE-2023-4353: Heap buffer overflow in ANGLE in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to p Heap buffer overflow in ANGLE in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2023-4358 [HIGH] CWE-416 CVE-2023-4358: Use after free in DNS in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potential Use after free in DNS in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

CVE-2023-4368 [HIGH] CVE-2023-4368: Insufficient policy enforcement in Extensions API in Google Chrome prior to 116.0.5845.96 allowed an Insufficient policy enforcement in Extensions API in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via a crafted HTML page. (Chromium security severity: Medium)

CVE-2023-4366 [HIGH] CWE-416 CVE-2023-4366: Use after free in Extensions in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinc Use after free in Extensions in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

CVE-2023-4356 [HIGH] CWE-416 CVE-2023-4356: Use after free in Audio in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who has co Use after free in Audio in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who has convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

CVE-2023-4364 [MEDIUM] CVE-2023-4364: Inappropriate implementation in Permission Prompts in Google Chrome prior to 116.0.5845.96 allowed a Inappropriate implementation in Permission Prompts in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)

CVE-2023-4365 [MEDIUM] CVE-2023-4365: Inappropriate implementation in Fullscreen in Google Chrome prior to 116.0.5845.96 allowed a remote Inappropriate implementation in Fullscreen in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)

CVE-2023-4350 [MEDIUM] CVE-2023-4350: Inappropriate implementation in Fullscreen in Google Chrome on Android prior to 116.0.5845.96 allowe Inappropriate implementation in Fullscreen in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High)

CVE-2023-4363 [MEDIUM] CVE-2023-4363: Inappropriate implementation in WebShare in Google Chrome on Android prior to 116.0.5845.96 allowed Inappropriate implementation in WebShare in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to spoof the contents of a dialog URL via a crafted HTML page. (Chromium security severity: Medium)

CVE-2023-4360 [MEDIUM] CVE-2023-4360: Inappropriate implementation in Color in Google Chrome prior to 116.0.5845.96 allowed a remote attac Inappropriate implementation in Color in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)

CVE-2023-4361 [MEDIUM] CVE-2023-4361: Inappropriate implementation in Autofill in Google Chrome on Android prior to 116.0.5845.96 allowed Inappropriate implementation in Autofill in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Medium)

CVE-2023-4367 [MEDIUM] CVE-2023-4367: Insufficient policy enforcement in Extensions API in Google Chrome prior to 116.0.5845.96 allowed an Insufficient policy enforcement in Extensions API in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via a crafted HTML page. (Chromium security severity: Medium)

CVE-2023-4359 [MEDIUM] CVE-2023-4359: Inappropriate implementation in App Launcher in Google Chrome on iOS prior to 116.0.5845.96 allowed Inappropriate implementation in App Launcher in Google Chrome on iOS prior to 116.0.5845.96 allowed a remote attacker to potentially spoof elements of the security UI via a crafted HTML page. (Chromium security severity: Medium)

CVE-2023-40283 [HIGH] CWE-416 CVE-2023-40283: An issue was discovered in l2cap_sock_release in net/bluetooth/l2cap_sock.c in the Linux kernel befo An issue was discovered in l2cap_sock_release in net/bluetooth/l2cap_sock.c in the Linux kernel before 6.4.10. There is a use-after-free because the children of an sk are mishandled.

CVE-2023-3824 [CRITICAL] CWE-119 CVE-2023-3824: In PHP version 8.0.* before 8.0.30,  8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE.

CVE-2023-39534 [HIGH] CWE-617 CVE-2023-39534: eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Ma eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.10.0, 2.9.2, and 2.6.5, a malformed GAP submessage can trigger assertion failure, crashing FastDDS. Version 2.10.0, 2.9.2, and 2.6.5 contain a patch for this issue.