rpm package
opensuse/nodejs-electron&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/nodejs-electron&distro=openSUSE%20Tumbleweed
Vulnerabilities (125)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-1284 | — | < 27.3.3-1.1 | 27.3.3-1.1 | Feb 6, 2024 | Use after free in Mojo in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2024-0807 | — | < 27.3.1-1.1 | 27.3.1-1.1 | Jan 23, 2024 | Use after free in Web Audio in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2024-0517 | — | < 27.2.3-1.1 | 27.2.3-1.1 | Jan 16, 2024 | Out of bounds write in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2024-0222 | — | < 27.2.2-1.1 | 27.2.2-1.1 | Jan 4, 2024 | Use after free in ANGLE in Google Chrome prior to 120.0.6099.199 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2023-7024 | — | KEV | < 27.2.0-1.1 | 27.2.0-1.1 | Dec 21, 2023 | Heap buffer overflow in WebRTC in Google Chrome prior to 120.0.6099.129 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |
| CVE-2023-6704 | — | < 27.2.1-1.1 | 27.2.1-1.1 | Dec 14, 2023 | Use after free in libavif in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted image file. (Chromium security severity: High) | ||
| CVE-2023-6702 | — | < 27.2.1-1.1 | 27.2.1-1.1 | Dec 14, 2023 | Type confusion in V8 in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2023-6508 | — | < 27.2.0-1.1 | 27.2.0-1.1 | Dec 6, 2023 | Use after free in Media Stream in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2023-6345 | — | KEV | < 27.1.3-1.1 | 27.1.3-1.1 | Nov 29, 2023 | Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High) | |
| CVE-2023-6350 | — | < 27.1.3-1.1 | 27.1.3-1.1 | Nov 29, 2023 | Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. (Chromium security severity: High) | ||
| CVE-2023-6346 | — | < 27.1.3-1.1 | 27.1.3-1.1 | Nov 29, 2023 | Use after free in WebAudio in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2023-6347 | — | < 27.1.3-1.1 | 27.1.3-1.1 | Nov 29, 2023 | Use after free in Mojo in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2023-38552 | — | < 25.9.1-2.1 | 25.9.1-2.1 | Oct 18, 2023 | When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to the node's policy implementation, thus effectively disabling the integrity check. Impacts: This vulnerability | ||
| CVE-2023-45143 | — | < 25.9.1-2.1 | 25.9.1-2.1 | Oct 12, 2023 | Undici is an HTTP/1.1 client written from scratch for Node.js. Prior to version 5.26.2, Undici already cleared Authorization headers on cross-origin redirects, but did not clear `Cookie` headers. By design, `cookie` headers are forbidden request headers, disallowing them to be se | ||
| CVE-2023-5217 | — | KEV | < 25.8.4-2.1 | 25.8.4-2.1 | Sep 28, 2023 | Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |
| CVE-2023-23623 | — | < 22.3.6-1.1 | 22.3.6-1.1 | Sep 6, 2023 | Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. A Content-Security-Policy that disables eval, specifically setting a `script-src` directive and _not_ providing `unsafe-eval` in that directive, is not respected in re | ||
| CVE-2023-4763 | — | < 25.8.2-1.1 | 25.8.2-1.1 | Sep 5, 2023 | Use after free in Networks in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2023-4427 | — | < 22.3.23-1.1 | 22.3.23-1.1 | Aug 22, 2023 | Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2023-4355 | — | < 22.3.21-1.2 | 22.3.21-1.2 | Aug 15, 2023 | Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2023-3732 | — | < 22.3.20-1.1 | 22.3.20-1.1 | Aug 1, 2023 | Out of bounds memory access in Mojo in Google Chrome prior to 115.0.5790.98 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
- CVE-2024-1284Feb 6, 2024affected < 27.3.3-1.1fixed 27.3.3-1.1
Use after free in Mojo in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2024-0807Jan 23, 2024affected < 27.3.1-1.1fixed 27.3.1-1.1
Use after free in Web Audio in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2024-0517Jan 16, 2024affected < 27.2.3-1.1fixed 27.2.3-1.1
Out of bounds write in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2024-0222Jan 4, 2024affected < 27.2.2-1.1fixed 27.2.2-1.1
Use after free in ANGLE in Google Chrome prior to 120.0.6099.199 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- affected < 27.2.0-1.1fixed 27.2.0-1.1
Heap buffer overflow in WebRTC in Google Chrome prior to 120.0.6099.129 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2023-6704Dec 14, 2023affected < 27.2.1-1.1fixed 27.2.1-1.1
Use after free in libavif in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted image file. (Chromium security severity: High)
- CVE-2023-6702Dec 14, 2023affected < 27.2.1-1.1fixed 27.2.1-1.1
Type confusion in V8 in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2023-6508Dec 6, 2023affected < 27.2.0-1.1fixed 27.2.0-1.1
Use after free in Media Stream in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- affected < 27.1.3-1.1fixed 27.1.3-1.1
Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High)
- CVE-2023-6350Nov 29, 2023affected < 27.1.3-1.1fixed 27.1.3-1.1
Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. (Chromium security severity: High)
- CVE-2023-6346Nov 29, 2023affected < 27.1.3-1.1fixed 27.1.3-1.1
Use after free in WebAudio in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2023-6347Nov 29, 2023affected < 27.1.3-1.1fixed 27.1.3-1.1
Use after free in Mojo in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2023-38552Oct 18, 2023affected < 25.9.1-2.1fixed 25.9.1-2.1
When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to the node's policy implementation, thus effectively disabling the integrity check. Impacts: This vulnerability
- CVE-2023-45143Oct 12, 2023affected < 25.9.1-2.1fixed 25.9.1-2.1
Undici is an HTTP/1.1 client written from scratch for Node.js. Prior to version 5.26.2, Undici already cleared Authorization headers on cross-origin redirects, but did not clear `Cookie` headers. By design, `cookie` headers are forbidden request headers, disallowing them to be se
- affected < 25.8.4-2.1fixed 25.8.4-2.1
Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2023-23623Sep 6, 2023affected < 22.3.6-1.1fixed 22.3.6-1.1
Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. A Content-Security-Policy that disables eval, specifically setting a `script-src` directive and _not_ providing `unsafe-eval` in that directive, is not respected in re
- CVE-2023-4763Sep 5, 2023affected < 25.8.2-1.1fixed 25.8.2-1.1
Use after free in Networks in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2023-4427Aug 22, 2023affected < 22.3.23-1.1fixed 22.3.23-1.1
Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)
- CVE-2023-4355Aug 15, 2023affected < 22.3.21-1.2fixed 22.3.21-1.2
Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2023-3732Aug 1, 2023affected < 22.3.20-1.1fixed 22.3.20-1.1
Out of bounds memory access in Mojo in Google Chrome prior to 115.0.5790.98 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Page 3 of 7