VYPR

rpm package

opensuse/nodejs-electron&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/nodejs-electron&distro=openSUSE%20Tumbleweed

Vulnerabilities (125)

  • CVE-2024-1284Feb 6, 2024
    affected < 27.3.3-1.1fixed 27.3.3-1.1

    Use after free in Mojo in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-0807Jan 23, 2024
    affected < 27.3.1-1.1fixed 27.3.1-1.1

    Use after free in Web Audio in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-0517Jan 16, 2024
    affected < 27.2.3-1.1fixed 27.2.3-1.1

    Out of bounds write in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-0222Jan 4, 2024
    affected < 27.2.2-1.1fixed 27.2.2-1.1

    Use after free in ANGLE in Google Chrome prior to 120.0.6099.199 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2023-7024KEVDec 21, 2023
    affected < 27.2.0-1.1fixed 27.2.0-1.1

    Heap buffer overflow in WebRTC in Google Chrome prior to 120.0.6099.129 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2023-6704Dec 14, 2023
    affected < 27.2.1-1.1fixed 27.2.1-1.1

    Use after free in libavif in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted image file. (Chromium security severity: High)

  • CVE-2023-6702Dec 14, 2023
    affected < 27.2.1-1.1fixed 27.2.1-1.1

    Type confusion in V8 in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2023-6508Dec 6, 2023
    affected < 27.2.0-1.1fixed 27.2.0-1.1

    Use after free in Media Stream in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2023-6345KEVNov 29, 2023
    affected < 27.1.3-1.1fixed 27.1.3-1.1

    Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High)

  • CVE-2023-6350Nov 29, 2023
    affected < 27.1.3-1.1fixed 27.1.3-1.1

    Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. (Chromium security severity: High)

  • CVE-2023-6346Nov 29, 2023
    affected < 27.1.3-1.1fixed 27.1.3-1.1

    Use after free in WebAudio in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2023-6347Nov 29, 2023
    affected < 27.1.3-1.1fixed 27.1.3-1.1

    Use after free in Mojo in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2023-38552Oct 18, 2023
    affected < 25.9.1-2.1fixed 25.9.1-2.1

    When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to the node's policy implementation, thus effectively disabling the integrity check. Impacts: This vulnerability

  • CVE-2023-45143Oct 12, 2023
    affected < 25.9.1-2.1fixed 25.9.1-2.1

    Undici is an HTTP/1.1 client written from scratch for Node.js. Prior to version 5.26.2, Undici already cleared Authorization headers on cross-origin redirects, but did not clear `Cookie` headers. By design, `cookie` headers are forbidden request headers, disallowing them to be se

  • CVE-2023-5217KEVSep 28, 2023
    affected < 25.8.4-2.1fixed 25.8.4-2.1

    Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2023-23623Sep 6, 2023
    affected < 22.3.6-1.1fixed 22.3.6-1.1

    Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. A Content-Security-Policy that disables eval, specifically setting a `script-src` directive and _not_ providing `unsafe-eval` in that directive, is not respected in re

  • CVE-2023-4763Sep 5, 2023
    affected < 25.8.2-1.1fixed 25.8.2-1.1

    Use after free in Networks in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2023-4427Aug 22, 2023
    affected < 22.3.23-1.1fixed 22.3.23-1.1

    Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)

  • CVE-2023-4355Aug 15, 2023
    affected < 22.3.21-1.2fixed 22.3.21-1.2

    Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2023-3732Aug 1, 2023
    affected < 22.3.20-1.1fixed 22.3.20-1.1

    Out of bounds memory access in Mojo in Google Chrome prior to 115.0.5790.98 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Page 3 of 7