Search Results (120836 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-4359 4 Apple, Debian, Fedoraproject and 1 more 4 Iphone Os, Debian Linux, Fedora and 1 more 2025-02-13 5.3 Medium
Inappropriate implementation in App Launcher in Google Chrome on iOS prior to 116.0.5845.96 allowed a remote attacker to potentially spoof elements of the security UI via a crafted HTML page. (Chromium security severity: Medium)
CVE-2023-4357 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2025-02-13 8.8 High
Insufficient validation of untrusted input in XML in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium)
CVE-2023-4356 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2025-02-13 8.8 High
Use after free in Audio in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who has convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
CVE-2023-4353 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2025-02-13 8.8 High
Heap buffer overflow in ANGLE in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2023-4351 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2025-02-13 8.8 High
Use after free in Network in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who has elicited a browser shutdown to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2023-4350 3 Debian, Fedoraproject, Google 4 Debian Linux, Fedora, Android and 1 more 2025-02-13 6.5 Medium
Inappropriate implementation in Fullscreen in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High)
CVE-2023-4349 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2025-02-13 8.8 High
Use after free in Device Trust Connectors in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2023-42787 1 Fortinet 2 Fortianalyzer, Fortimanager 2025-02-13 6.2 Medium
A client-side enforcement of server-side security [CWE-602] vulnerability in Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortiAnalyzer version 7.4.0 and before 7.2.3 may allow a remote attacker with low privileges to access a privileged web console via client side code execution.
CVE-2024-13830 1 Ivanti 2 Connect Secure, Policy Secure 2025-02-13 6.1 Medium
Reflected XSS in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required.
CVE-2023-41834 1 Apache 1 Flink Stateful Functions 2025-02-13 6.1 Medium
Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Flink Stateful Functions 3.1.0, 3.1.1 and 3.2.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted HTTP requests. Attackers could potentially inject malicious content into the HTTP response that is sent to the user's browser. Users should upgrade to Apache Flink Stateful Functions version 3.3.0.
CVE-2023-4076 1 Google 1 Chrome 2025-02-13 8.8 High
Use after free in WebRTC in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted WebRTC session. (Chromium security severity: High)
CVE-2023-4075 1 Google 1 Chrome 2025-02-13 8.8 High
Use after free in Cast in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2023-4074 1 Google 1 Chrome 2025-02-13 8.8 High
Use after free in Blink Task Scheduling in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2023-4073 4 Apple, Debian, Fedoraproject and 1 more 4 Macos, Debian Linux, Fedora and 1 more 2025-02-13 8.8 High
Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2023-4072 1 Google 1 Chrome 2025-02-13 8.8 High
Out of bounds read and write in WebGL in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2023-4071 1 Google 1 Chrome 2025-02-13 8.8 High
Heap buffer overflow in Visuals in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2023-4070 1 Google 1 Chrome 2025-02-13 8.1 High
Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)
CVE-2023-4069 1 Google 1 Chrome 2025-02-13 8.8 High
Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2023-4068 1 Google 1 Chrome 2025-02-13 8.1 High
Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)
CVE-2023-40576 1 Freerdp 1 Freerdp 2025-02-13 5.3 Medium
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the `RleDecompress` function. This Out-Of-Bounds Read occurs because FreeRDP processes the `pbSrcBuffer` variable without checking if it contains data of sufficient length. Insufficient data in the `pbSrcBuffer` variable may cause errors or crashes. This issue has been addressed in version 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue.