blob: 09cea7b7fea11d3827f71af7e3f2211fb37a4d11 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
|
<vuln vid="3ee577a9-aad4-11ee-86bb-a8a1599412c6">
<topic>chromium -- multiple security fixes</topic>
<affects>
<package>
<name>chromium</name>
<range><lt>120.0.6099.199</lt></range>
</package>
<package>
<name>ungoogled-chromium</name>
<range><lt>120.0.6099.199</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Chrome Releases reports:</p>
<blockquote cite="https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop.html">
<p>This update includes 6 security fixes:</p>
<ul>
<li>[1501798] High CVE-2024-0222: Use after free in ANGLE. Reported by Toan (suto) Pham of Qrious Secure on 2023-11-13</li>
<li>[1505009] High CVE-2024-0223: Heap buffer overflow in ANGLE. Reported by Toan (suto) Pham and Tri Dang of Qrious Secure on 2023-11-24</li>
<li>[1505086] High CVE-2024-0224: Use after free in WebAudio. Reported by Huang Xilin of Ant Group Light-Year Security Lab on 2023-11-25</li>
<li>[1506923] High CVE-2024-0225: Use after free in WebGPU. Reported by Anonymous on 2023-12-01</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-0222</cvename>
<cvename>CVE-2024-0223</cvename>
<cvename>CVE-2024-0224</cvename>
<cvename>CVE-2024-0225</cvename>
<url>https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop.html</url>
</references>
<dates>
<discovery>2024-01-03</discovery>
<entry>2024-01-04</entry>
</dates>
</vuln>
<vuln vid="d1b20e09-dbdf-432b-83c7-89f0af76324a">
<topic>electron27 -- multiple vulnerabilities</topic>
<affects>
<package>
<name>electron27</name>
<range><lt>27.2.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Electron developers report:</p>
<blockquote cite="https://github.com/electron/electron/releases/tag/v27.2.1">
<p>This update fixes the following vulnerabilities:</p>
<ul>
<li>Security: backported fix for CVE-2023-6706.</li>
<li>Security: backported fix for CVE-2023-6705.</li>
<li>Security: backported fix for CVE-2023-6703.</li>
<li>Security: backported fix for CVE-2023-6702.</li>
<li>Security: backported fix for CVE-2023-6704.</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2023-6706</cvename>
<url>https://github.com/advisories/GHSA-jqrg-rvpw-5fw5</url>
<cvename>CVE-2023-6705</cvename>
<url>https://github.com/advisories/GHSA-h27f-fw5q-c2gh</url>
<cvename>CVE-2023-6703</cvename>
<url>https://github.com/advisories/GHSA-9v72-359m-2vx4</url>
<cvename>CVE-2023-6702</cvename>
<url>https://github.com/advisories/GHSA-7hjc-c62g-4w73</url>
<cvename>CVE-2023-6704</cvename>
<url>https://github.com/advisories/GHSA-587x-fmc5-99p9</url>
</references>
<dates>
<discovery>2024-01-04</discovery>
<entry>2024-01-04</entry>
</dates>
</vuln>
<vuln vid="0cee4f9c-5efb-4770-b917-f4e4569e8bec">
<topic>electron26 -- multiple vulnerabilities</topic>
<affects>
<package>
<name>electron26</name>
<range><lt>26.6.4</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Electron developers report:</p>
<blockquote cite="https://github.com/electron/electron/releases/tag/v26.6.4">
<p>This update fixes the following vulnerabilities:</p>
<ul>
<li>Security: backported fix for CVE-2023-6704.</li>
<li>Security: backported fix for CVE-2023-6705.</li>
<li>Security: backported fix for CVE-2023-6703.</li>
<li>Security: backported fix for CVE-2023-6702.</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2023-6704</cvename>
<url>https://github.com/advisories/GHSA-587x-fmc5-99p9</url>
<cvename>CVE-2023-6705</cvename>
<url>https://github.com/advisories/GHSA-h27f-fw5q-c2gh</url>
<cvename>CVE-2023-6703</cvename>
<url>https://github.com/advisories/GHSA-9v72-359m-2vx4</url>
<cvename>CVE-2023-6702</cvename>
<url>https://github.com/advisories/GHSA-7hjc-c62g-4w73</url>
</references>
<dates>
<discovery>2024-01-04</discovery>
<entry>2024-01-04</entry>
</dates>
</vuln>
<vuln vid="13d83980-9f18-11ee-8e38-002590c1f29c">
<topic>FreeBSD -- Prefix Truncation Attack in the SSH protocol</topic>
<affects>
<package>
<name>FreeBSD</name>
<range><ge>14.0</ge><lt>14.0_4</lt></range>
<range><ge>13.2</ge><lt>13.2_9</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<h1>Problem Description:</h1>
<p>The SSH protocol executes an initial handshake between the
server and the client. This protocol handshake includes the
possibility of several extensions allowing different options to be
selected. Validation of the packets in the handshake is done through
sequence numbers.</p>
<h1>Impact:</h1>
<p>A man in the middle attacker can silently manipulate handshake
messages to truncate extension negotiation messages potentially
leading to less secure client authentication algorithms or deactivating
keystroke timing attack countermeasures.</p>
</body>
</description>
<references>
<cvename>CVE-2023-48795</cvename>
<freebsdsa>SA-23:19.openssh</freebsdsa>
</references>
<dates>
<discovery>2023-12-19</discovery>
<entry>2024-01-02</entry>
</dates>
</vuln>
|