Fedoraproject Fedora vulnerabilities

CVE-2023-4355 [HIGH] CWE-787 CVE-2023-4355: Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.96 allowed a remote attacker Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2023-4357 [HIGH] CWE-20 CVE-2023-4357: Insufficient validation of untrusted input in XML in Google Chrome prior to 116.0.5845.96 allowed a Insufficient validation of untrusted input in XML in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium)

CVE-2023-4351 [HIGH] CWE-416 CVE-2023-4351: Use after free in Network in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who has Use after free in Network in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who has elicited a browser shutdown to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2023-4349 [HIGH] CWE-416 CVE-2023-4349: Use after free in Device Trust Connectors in Google Chrome prior to 116.0.5845.96 allowed a remote a Use after free in Device Trust Connectors in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2023-32006 [HIGH] CWE-693 CVE-2023-32006: The use of `module.constructor.createRequire()` can bypass the policy mechanism and require modules The use of `module.constructor.createRequire()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x, and, 20.x. Please note that at the time this CVE was issued, the policy is a

CVE-2023-4354 [HIGH] CWE-787 CVE-2023-4354: Heap buffer overflow in Skia in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who h Heap buffer overflow in Skia in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2023-4352 [HIGH] CWE-843 CVE-2023-4352: Type confusion in V8 in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentiall Type confusion in V8 in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2023-4353 [HIGH] CWE-787 CVE-2023-4353: Heap buffer overflow in ANGLE in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to p Heap buffer overflow in ANGLE in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2023-4358 [HIGH] CWE-416 CVE-2023-4358: Use after free in DNS in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potential Use after free in DNS in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

CVE-2023-4366 [HIGH] CWE-416 CVE-2023-4366: Use after free in Extensions in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinc Use after free in Extensions in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

CVE-2023-32004 [HIGH] CWE-22 CVE-2023-32004: A vulnerability has been discovered in Node.js version 20, specifically within the experimental perm A vulnerability has been discovered in Node.js version 20, specifically within the experimental permission model. This flaw relates to improper handling of Buffers in file system APIs causing a traversal path to bypass when verifying file permissions. This vulnerability affects all users using the experimental permission model in Node.js 20. Please n

CVE-2023-4356 [HIGH] CWE-416 CVE-2023-4356: Use after free in Audio in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who has co Use after free in Audio in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who has convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

CVE-2023-4364 [MEDIUM] CVE-2023-4364: Inappropriate implementation in Permission Prompts in Google Chrome prior to 116.0.5845.96 allowed a Inappropriate implementation in Permission Prompts in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)

CVE-2023-4365 [MEDIUM] CVE-2023-4365: Inappropriate implementation in Fullscreen in Google Chrome prior to 116.0.5845.96 allowed a remote Inappropriate implementation in Fullscreen in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)

CVE-2023-4350 [MEDIUM] CVE-2023-4350: Inappropriate implementation in Fullscreen in Google Chrome on Android prior to 116.0.5845.96 allowe Inappropriate implementation in Fullscreen in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High)

CVE-2023-4363 [MEDIUM] CVE-2023-4363: Inappropriate implementation in WebShare in Google Chrome on Android prior to 116.0.5845.96 allowed Inappropriate implementation in WebShare in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to spoof the contents of a dialog URL via a crafted HTML page. (Chromium security severity: Medium)

CVE-2023-4360 [MEDIUM] CVE-2023-4360: Inappropriate implementation in Color in Google Chrome prior to 116.0.5845.96 allowed a remote attac Inappropriate implementation in Color in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)

CVE-2023-4361 [MEDIUM] CVE-2023-4361: Inappropriate implementation in Autofill in Google Chrome on Android prior to 116.0.5845.96 allowed Inappropriate implementation in Autofill in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Medium)

CVE-2023-32003 [MEDIUM] CWE-22 CVE-2023-32003: `fs.mkdtemp()` and `fs.mkdtempSync()` can be used to bypass the permission model check using a path `fs.mkdtemp()` and `fs.mkdtempSync()` can be used to bypass the permission model check using a path traversal attack. This flaw arises from a missing check in the fs.mkdtemp() API and the impact is a malicious actor could create an arbitrary directory. This vulnerability affects all users using the experimental permission model in Node.js 20. Please

CVE-2023-4367 [MEDIUM] CVE-2023-4367: Insufficient policy enforcement in Extensions API in Google Chrome prior to 116.0.5845.96 allowed an Insufficient policy enforcement in Extensions API in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via a crafted HTML page. (Chromium security severity: Medium)