rpm package
opensuse/nodejs-electron&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/nodejs-electron&distro=openSUSE%20Tumbleweed
Vulnerabilities (125)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-6291 | — | < 30.2.0-1.1 | 30.2.0-1.1 | Jun 24, 2024 | Use after free in Swiftshader in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2024-6100 | — | < 29.4.3-1.1 | 29.4.3-1.1 | Jun 19, 2024 | Type Confusion in V8 in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2024-5499 | — | < 29.4.3-1.1 | 29.4.3-1.1 | May 30, 2024 | Out of bounds write in Streams API in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2024-5493 | — | < 30.2.0-1.1 | 30.2.0-1.1 | May 30, 2024 | Heap buffer overflow in WebRTC in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2024-5158 | — | < 29.4.3-1.1 | 29.4.3-1.1 | May 22, 2024 | Type Confusion in V8 in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to potentially perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2024-4558 | — | < 29.3.3-1.1 | 29.3.3-1.1 | May 7, 2024 | Use after free in ANGLE in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2024-4058 | — | < 29.3.2~20240430g19f0abd6-1.1 | 29.3.2~20240430g19f0abd6-1.1 | May 1, 2024 | Type confusion in ANGLE in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) | ||
| CVE-2024-3914 | — | < 29.3.3-1.1 | 29.3.3-1.1 | Apr 17, 2024 | Use after free in V8 in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2024-3516 | — | < 29.3.1-1.1 | 29.3.1-1.1 | Apr 10, 2024 | Heap buffer overflow in ANGLE in Google Chrome prior to 123.0.6312.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2024-3159 | — | < 28.3.0-1.1 | 28.3.0-1.1 | Apr 6, 2024 | Out of bounds memory access in V8 in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2024-30260 | — | < 28.2.10-2.1 | 28.2.10-2.1 | Apr 4, 2024 | Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and Proxy-Authorization headers for `fetch()`, but did not clear them for `undici.request()`. This vulnerability was patched in version(s) 5.28.4 and 6.11.1. | ||
| CVE-2024-30261 | — | < 28.2.10-3.1 | 28.2.10-3.1 | Apr 4, 2024 | Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the `integrity` option passed to `fetch()`, allowing `fetch()` to accept requests as valid even if they have been tampered. This vulnerability was patched in version(s) 5.28.4 and 6.11.1. | ||
| CVE-2024-2887 | — | < 28.2.10-1.1 | 28.2.10-1.1 | Mar 26, 2024 | Type Confusion in WebAssembly in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2024-2886 | — | < 28.2.10-1.1 | 28.2.10-1.1 | Mar 26, 2024 | Use after free in WebCodecs in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2024-2883 | — | < 28.2.10-1.1 | 28.2.10-1.1 | Mar 26, 2024 | Use after free in ANGLE in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) | ||
| CVE-2024-2625 | — | < 28.2.9-1.1 | 28.2.9-1.1 | Mar 20, 2024 | Object lifecycle issue in V8 in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2024-22017 | Hig | 7.3 | < 29.4.0-1.1 | 29.4.0-1.1 | Mar 19, 2024 | setuid() does not affect libuv's internal io_uring operations if initialized before the call to setuid(). This allows the process to perform privileged operations despite presumably having dropped such privileges through a call to setuid(). This vulnerability affects all users us | |
| CVE-2024-2173 | — | < 28.2.7-1.1 | 28.2.7-1.1 | Mar 6, 2024 | Out of bounds memory access in V8 in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2024-1670 | — | < 28.2.5-1.1 | 28.2.5-1.1 | Feb 21, 2024 | Use after free in Mojo in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2024-1283 | — | < 27.3.3-1.1 | 27.3.3-1.1 | Feb 6, 2024 | Heap buffer overflow in Skia in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
- CVE-2024-6291Jun 24, 2024affected < 30.2.0-1.1fixed 30.2.0-1.1
Use after free in Swiftshader in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2024-6100Jun 19, 2024affected < 29.4.3-1.1fixed 29.4.3-1.1
Type Confusion in V8 in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
- CVE-2024-5499May 30, 2024affected < 29.4.3-1.1fixed 29.4.3-1.1
Out of bounds write in Streams API in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
- CVE-2024-5493May 30, 2024affected < 30.2.0-1.1fixed 30.2.0-1.1
Heap buffer overflow in WebRTC in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2024-5158May 22, 2024affected < 29.4.3-1.1fixed 29.4.3-1.1
Type Confusion in V8 in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to potentially perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)
- CVE-2024-4558May 7, 2024affected < 29.3.3-1.1fixed 29.3.3-1.1
Use after free in ANGLE in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2024-4058May 1, 2024affected < 29.3.2~20240430g19f0abd6-1.1fixed 29.3.2~20240430g19f0abd6-1.1
Type confusion in ANGLE in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
- CVE-2024-3914Apr 17, 2024affected < 29.3.3-1.1fixed 29.3.3-1.1
Use after free in V8 in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2024-3516Apr 10, 2024affected < 29.3.1-1.1fixed 29.3.1-1.1
Heap buffer overflow in ANGLE in Google Chrome prior to 123.0.6312.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2024-3159Apr 6, 2024affected < 28.3.0-1.1fixed 28.3.0-1.1
Out of bounds memory access in V8 in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)
- CVE-2024-30260Apr 4, 2024affected < 28.2.10-2.1fixed 28.2.10-2.1
Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and Proxy-Authorization headers for `fetch()`, but did not clear them for `undici.request()`. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.
- CVE-2024-30261Apr 4, 2024affected < 28.2.10-3.1fixed 28.2.10-3.1
Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the `integrity` option passed to `fetch()`, allowing `fetch()` to accept requests as valid even if they have been tampered. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.
- CVE-2024-2887Mar 26, 2024affected < 28.2.10-1.1fixed 28.2.10-1.1
Type Confusion in WebAssembly in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
- CVE-2024-2886Mar 26, 2024affected < 28.2.10-1.1fixed 28.2.10-1.1
Use after free in WebCodecs in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)
- CVE-2024-2883Mar 26, 2024affected < 28.2.10-1.1fixed 28.2.10-1.1
Use after free in ANGLE in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
- CVE-2024-2625Mar 20, 2024affected < 28.2.9-1.1fixed 28.2.9-1.1
Object lifecycle issue in V8 in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)
- affected < 29.4.0-1.1fixed 29.4.0-1.1
setuid() does not affect libuv's internal io_uring operations if initialized before the call to setuid(). This allows the process to perform privileged operations despite presumably having dropped such privileges through a call to setuid(). This vulnerability affects all users us
- CVE-2024-2173Mar 6, 2024affected < 28.2.7-1.1fixed 28.2.7-1.1
Out of bounds memory access in V8 in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
- CVE-2024-1670Feb 21, 2024affected < 28.2.5-1.1fixed 28.2.5-1.1
Use after free in Mojo in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2024-1283Feb 6, 2024affected < 27.3.3-1.1fixed 27.3.3-1.1
Heap buffer overflow in Skia in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Page 2 of 7