VYPR

rpm package

opensuse/nodejs-electron&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/nodejs-electron&distro=openSUSE%20Tumbleweed

Vulnerabilities (125)

  • CVE-2024-6291Jun 24, 2024
    affected < 30.2.0-1.1fixed 30.2.0-1.1

    Use after free in Swiftshader in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-6100Jun 19, 2024
    affected < 29.4.3-1.1fixed 29.4.3-1.1

    Type Confusion in V8 in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-5499May 30, 2024
    affected < 29.4.3-1.1fixed 29.4.3-1.1

    Out of bounds write in Streams API in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-5493May 30, 2024
    affected < 30.2.0-1.1fixed 30.2.0-1.1

    Heap buffer overflow in WebRTC in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-5158May 22, 2024
    affected < 29.4.3-1.1fixed 29.4.3-1.1

    Type Confusion in V8 in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to potentially perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-4558May 7, 2024
    affected < 29.3.3-1.1fixed 29.3.3-1.1

    Use after free in ANGLE in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-4058May 1, 2024
    affected < 29.3.2~20240430g19f0abd6-1.1fixed 29.3.2~20240430g19f0abd6-1.1

    Type confusion in ANGLE in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

  • CVE-2024-3914Apr 17, 2024
    affected < 29.3.3-1.1fixed 29.3.3-1.1

    Use after free in V8 in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-3516Apr 10, 2024
    affected < 29.3.1-1.1fixed 29.3.1-1.1

    Heap buffer overflow in ANGLE in Google Chrome prior to 123.0.6312.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-3159Apr 6, 2024
    affected < 28.3.0-1.1fixed 28.3.0-1.1

    Out of bounds memory access in V8 in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-30260Apr 4, 2024
    affected < 28.2.10-2.1fixed 28.2.10-2.1

    Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and Proxy-Authorization headers for `fetch()`, but did not clear them for `undici.request()`. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.

  • CVE-2024-30261Apr 4, 2024
    affected < 28.2.10-3.1fixed 28.2.10-3.1

    Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the `integrity` option passed to `fetch()`, allowing `fetch()` to accept requests as valid even if they have been tampered. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.

  • CVE-2024-2887Mar 26, 2024
    affected < 28.2.10-1.1fixed 28.2.10-1.1

    Type Confusion in WebAssembly in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-2886Mar 26, 2024
    affected < 28.2.10-1.1fixed 28.2.10-1.1

    Use after free in WebCodecs in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-2883Mar 26, 2024
    affected < 28.2.10-1.1fixed 28.2.10-1.1

    Use after free in ANGLE in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

  • CVE-2024-2625Mar 20, 2024
    affected < 28.2.9-1.1fixed 28.2.9-1.1

    Object lifecycle issue in V8 in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-22017HigMar 19, 2024
    affected < 29.4.0-1.1fixed 29.4.0-1.1

    setuid() does not affect libuv's internal io_uring operations if initialized before the call to setuid(). This allows the process to perform privileged operations despite presumably having dropped such privileges through a call to setuid(). This vulnerability affects all users us

  • CVE-2024-2173Mar 6, 2024
    affected < 28.2.7-1.1fixed 28.2.7-1.1

    Out of bounds memory access in V8 in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-1670Feb 21, 2024
    affected < 28.2.5-1.1fixed 28.2.5-1.1

    Use after free in Mojo in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-1283Feb 6, 2024
    affected < 27.3.3-1.1fixed 27.3.3-1.1

    Heap buffer overflow in Skia in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Page 2 of 7