A piñata of patches for Microsoft in August

Credit to Author: Angela Gunn| Date: Wed, 09 Aug 2023 18:28:41 +0000

Microsoft on Tuesday released patches for 73 vulnerabilities, including 3 critical-severity issues in Windows, 2 in Teams, and one in Office. As usual, the largest number of addressed vulnerabilities affect Windows, with 35 CVEs. Office is next in line with 9 issues including one shared with Visual Studio, followed by Azure (7); Exchange (6); .NET (6, including three shared with Visual Studio and .ASP); SharePoint (4); Dynamics 365 and Teams (2 each); and Defender, HEVC Video Extensions, and SQL Server (one each). There are three advisories in this month’s release, and it also includes information on 30 patches for Adobe Acrobat Reader, 12 flaws in Edge/Chromium, and one in GitHub. There is, in addition, information on CVE-2023-20569, the side-channel issue announced today by AMD and affecting multiple CPUs from that manufacturer.

At patch time, two issues are known to be under exploit in the wild. The first, CVE-2023-38180, is a denial-of-service vulnerability affecting .NET, Visual Studio, and .ASP; it requires neither privileges nor user interaction. The other is addressed in a Defense in Depth advisory, ADV230003; this update blocks the attack chain leading to the CVE-2023-36884 vulnerability patched last month. An additional 8 vulnerabilities in Windows, .NET, Visual Studio, and Exchange are by the company’s estimation more likely to be exploited in the 30 days following this release. Four of those 8 issues are kernel vulnerabilities.

Microsoft once again this month offered no guidance overview on exploitation likelihood in earlier versions versus latest versions for any of their patches.

The AMD patch is interesting, since though the flaw is in AMD’s hardware, fixing it requires a Windows update. Microsoft includes information on it so sysadmins are aware that the latest builds of Windows enable the mitigation, and also to provide links to Microsoft’s own Knowledge Base articles for client and Server / Azure Stack HCI customers, and to Microsoft information for those running VMs in Azure. Information available so far indicates that the issue is not under active attack and may not be exploitable remotely.

We are including at the end of this post three appendices listing all Microsoft’s patches, sorted by severity, by predicted exploitability, and by product family. As per Microsoft’s guidance we’ll treat the patches and advisories for Adobe Acrobat Reader, AMD, Chromium / Edge, and GitHub as information-only in the following charts and totals, though we’ve added a chart at the end of the post providing basic information on all 44.

By the numbers

  • Total Microsoft CVEs: 73
  • Total advisories shipping in update: 3
  • Publicly disclosed: 2
  • Exploited: 2
  • Severity
    • Critical: 6
    • Important: 67
  • Impact
    • Remote Code Execution: 23
    • Elevation of Privilege: 18
    • Spoofing: 12
    • Information Disclosure: 9
    • Denial of Service: 8
    • Security Feature Bypass: 3

Bar chart showing severity and impact numbers covered in text

Figure 1: Remote code execution issues once again top the charts in August, but spoofing issues in Azure and other products play a big part in the numbers

Products

  • Windows: 35
  • Office: 8 (including one shared with Visual Studio)
  • Azure: 7
  • .NET: 6 (including two shared with .ASP and three shared with Visual Studio)
  • Exchange: 6
  • SharePoint: 4
  • Visual Studio: 4 (two shared with .NET, one shared with .NET and .ASP, one shared with office)
  • .ASP: 2 (shared with .NET)
  • Dynamics 365: 2
  • Teams: 2
  • Defender: 1
  • HEVC Video Extensions: 1
  • SQL Server: 1

Another bar chart showing patch distribution by product family

Figure 2: Windows accounts for just under half of this month’s patches, with 13 families represented

Notable August updates

In addition to the AMD patch discussed above, a few interesting items present themselves.

ADV230003 – Microsoft Office Defense in Depth Update
ADV230004 – Memory Integrity System Readiness Scan Tool
ADV990001 – Latest Servicing Stack Updates

There are three advisories this month, and Microsoft describes all three as defense-in-depth issues of moderate severity, as is the custom. However, the first two on the list (ADV230003, ADV230004) both address publicly disclosed issues, with ADV230003 under active exploit in the wild as noted above. The other affects Microsoft’s Memory Integrity System Readiness Scan Tool, which checks compatibility in hypervisor code for ARM64 and AMD64 processors and is also sometimes called HVCI. The third is of course the regularly updated servicing stack, which is always a good choice for prioritized installation.

CVE-2023-38180 – .NET and Visual Studio Denial of Service Vulnerability

More .NET / VS / .ASP excitement, this bug affects versions 17.2, 17.4, and 17.6 of VS 2022 along with versions 6.0 and 7.0 of .NET Core. Despite the CVE’s title, .ASP.NET Core 2 is also affected. As noted above, it was recently found to be under active exploit.

CVE-2023-36895 – Microsoft Outlook Remote Code Execution Vulnerability
CVE-2023-36896 – Microsoft Excel Remote Code Execution Vulnerability
CVE-2023-35371 – Microsoft Office Remote Code Execution Vulnerability

All these issues – the Outlook bug Critical-class, the Office bug Important-class – affect Mac users, but those versions of the patches weren’t made available immediately. Administrators of affected systems are encouraged to monitor Microsoft communications for updates to the individual CVEs (CVE-2023-36895, CVE-2023-36896, CVE-2023-35371).

CVE-2023-36876 – Reliability Analysis Metrics Calculation (RacTask) Elevation of Privilege Vulnerability
CVE-2023-35379 – Reliability Analysis Metrics Calculation Engine (RACEng) Elevation of Privilege Vulnerability

Running Windows Server 2008 R2 x64 pack 1, a package old enough to enter middle school this year? These two updates are specifically for you (and no other version of Windows). Both are marked as Important-class elevation of privilege issues, though the wording of the information on the former (“an attacker who successfully exploits this vulnerability cannot access existing files but can write or overwrite file contents, which potentially may cause the system to become unavailable”) sounds very DoS-like in a way.

CVE-2023-35380 – Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-35382 – Windows Kernel Elevation of Privilege Vulnerability

These two elevation-of-privilege issues share a name and a warning that they’re more likely to be exploited in the 30 days following patch release. However, a reading of the information provided shows a small silver lining: Both require local access to the targeted machine. (Once touching the keyboard, though, the would-be attacker would exploit this by creating folders and performance trace on the box, both of which require privileges users have by default. We said it was a small silver lining.)

A bar chart with the cumulative patch totals for 2023 so far

Figure 3: The cumulative 2023 total through August’s Patch Tuesday. It may not feel like it, but 2023 to date is a far lighter year than 2022 according to our numbers. At this point in 2022, Microsoft had released 690 patches, including 52 Critical-class patches. Elevation of Privilege led the list with 274 patches. In contrast, this year’s total patch load has been 491 patches, including 60 Critical-class; Remote Control Execution issues lead the pack with 234

Sophos protections

 

As you can every month, if you don’t want to wait for your system to pull down Microsoft’s updates itself, you can download them manually from the Windows Update Catalog website. Run the winver.exe tool to determine which build of Windows 10 or 11 you’re running, then download the Cumulative Update package for your specific system’s architecture and build number.

Appendix A: Vulnerability Impact and Severity

This is a list of August’s patches sorted by impact, then sub-sorted by severity. Each list is further arranged by CVE.

Remote Code Execution (23 CVEs)

Critical severity
CVE-2023-29328Microsoft Teams Remote Code Execution Vulnerability
CVE-2023-29330Microsoft Teams Remote Code Execution Vulnerability
CVE-2023-35385Microsoft Message Queuing Remote Code Execution Vulnerability
CVE-2023-36895Microsoft Outlook Remote Code Execution Vulnerability
CVE-2023-36910Microsoft Message Queuing Remote Code Execution Vulnerability
CVE-2023-36911Microsoft Message Queuing Remote Code Execution Vulnerability
Important severity
CVE-2023-35368Microsoft Exchange Remote Code Execution Vulnerability
CVE-2023-35371Microsoft Office Remote Code Execution Vulnerability
CVE-2023-35372Microsoft Office Visio Remote Code Execution Vulnerability
CVE-2023-35381Windows Fax Service Remote Code Execution Vulnerability
CVE-2023-35388Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2023-35389Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability
CVE-2023-35390.NET and Visual Studio Remote Code Execution Vulnerability
CVE-2023-36865Microsoft Office Visio Remote Code Execution Vulnerability
CVE-2023-36866Microsoft Office Visio Remote Code Execution Vulnerability
CVE-2023-36882Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2023-36896Microsoft Excel Remote Code Execution Vulnerability
CVE-2023-36898Tablet Windows User Interface Application Core Remote Code Execution Vulnerability
CVE-2023-38169Microsoft OLE DB Remote Code Execution Vulnerability
CVE-2023-38170HEVC Video Extensions Remote Code Execution Vulnerability
CVE-2023-38182Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2023-38184Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
CVE-2023-38185Microsoft Exchange Server Remote Code Execution Vulnerability

 

Elevation of Privilege (18 CVEs)

Important severity
CVE-2023-21709Microsoft Exchange Server Elevation of Privilege Vulnerability
CVE-2023-35359Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-35378Windows Projected File System Elevation of Privilege Vulnerability
CVE-2023-35379Reliability Analysis Metrics Calculation Engine (RACEng) Elevation of Privilege Vulnerability
CVE-2023-35380Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-35382Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-35386Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-35387Windows Bluetooth A2DP driver Elevation of Privilege Vulnerability
CVE-2023-36876Reliability Analysis Metrics Calculation (RacTask) Elevation of Privilege Vulnerability
CVE-2023-36899ASP.NET Elevation of Privilege Vulnerability
CVE-2023-36900Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2023-36903Windows System Assessment Tool Elevation of Privilege Vulnerability
CVE-2023-36904Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
CVE-2023-38154Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-38167Microsoft Dynamics Business Central Elevation Of Privilege Vulnerability
CVE-2023-38175Microsoft Windows Defender Elevation of Privilege Vulnerability
CVE-2023-38176Azure Arc-Enabled Servers Elevation of Privilege Vulnerability
CVE-2023-38186Windows Mobile Device Management Elevation of Privilege Vulnerability

 

Spoofing (12 CVEs)

Important severity
CVE-2023-35393Azure Apache Hive Spoofing Vulnerability
CVE-2023-35394Azure HDInsight Jupyter Notebook Spoofing Vulnerability
CVE-2023-36869Azure DevOps Server Spoofing Vulnerability
CVE-2023-36873.NET Framework Spoofing Vulnerability
CVE-2023-36877Azure Apache Oozie Spoofing Vulnerability
CVE-2023-36881Azure Apache Ambari Spoofing Vulnerability
CVE-2023-36891Microsoft SharePoint Server Spoofing Vulnerability
CVE-2023-36892Microsoft SharePoint Server Spoofing Vulnerability
CVE-2023-36893Microsoft Outlook Spoofing Vulnerability
CVE-2023-36897Visual Studio Tools for Office Runtime Spoofing Vulnerability
CVE-2023-38181Microsoft Exchange Server Spoofing Vulnerability
CVE-2023-38188Azure Apache Hadoop Spoofing Vulnerability

 

Information Disclosure (9 CVEs)

Important severity
CVE-2023-35383Microsoft Message Queuing Information Disclosure Vulnerability
CVE-2023-35391ASP.NET Core SignalR and Visual Studio Information Disclosure Vulnerability
CVE-2023-36890Microsoft SharePoint Server Information Disclosure Vulnerability
CVE-2023-36894Microsoft SharePoint Server Information Disclosure Vulnerability
CVE-2023-36905Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability
CVE-2023-36906Windows Cryptographic Services Information Disclosure Vulnerability
CVE-2023-36907Windows Cryptographic Services Information Disclosure Vulnerability
CVE-2023-36908Windows Hyper-V Information Disclosure Vulnerability
CVE-2023-36913Microsoft Message Queuing Information Disclosure Vulnerability

 

Denial of Service (8 CVEs)

Important severity
CVE-2023-35376Microsoft Message Queuing Denial of Service Vulnerability
CVE-2023-35377Microsoft Message Queuing Denial of Service Vulnerability
CVE-2023-36909Microsoft Message Queuing Denial of Service Vulnerability
CVE-2023-36912Microsoft Message Queuing Denial of Service Vulnerability
CVE-2023-38172Microsoft Message Queuing Denial of Service Vulnerability
CVE-2023-38178.NET Core and Visual Studio Denial of Service Vulnerability
CVE-2023-38180.NET and Visual Studio Denial of Service Vulnerability
CVE-2023-38254Microsoft Message Queuing Denial of Service Vulnerability

 

Security Feature Bypass (3 CVEs)

Important severity
CVE-2023-35384Windows HTML Platforms Security Feature Bypass Vulnerability
CVE-2023-36889Windows Group Policy Security Feature Bypass Vulnerability
CVE-2023-36914Windows Smart Card Resource Management Server Security Feature Bypass Vulnerability

 

Appendix B: Exploitability

This is a list of the August CVEs judged by Microsoft to be more likely to be exploited in the wild within the first 30 days post-release, as well as those already known to be under exploit. Each list is further arranged by CVE. (As a reminder, ADV230003, an advisory, is also known to be under active exploit as discussed above.)

Exploitation detected
CVE-2023-38180.NET and Visual Studio Denial of Service Vulnerability
Exploitation more likely
CVE-2023-35359Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-35380Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-35382Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-35384Windows HTML Platforms Security Feature Bypass Vulnerability
CVE-2023-35386Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-35388Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2023-36900Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2023-38182Microsoft Exchange Server Remote Code Execution Vulnerability

 

 Appendix C: Products Affected

This is a list of August’s patches sorted by product family, then sub-sorted by severity. Each list is further arranged by CVE.

Windows (35 CVEs)

Critical severity
CVE-2023-35385Microsoft Message Queuing Remote Code Execution Vulnerability
CVE-2023-36910Microsoft Message Queuing Remote Code Execution Vulnerability
CVE-2023-36911Microsoft Message Queuing Remote Code Execution Vulnerability
Important severity
CVE-2023-35359Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-35376Microsoft Message Queuing Denial of Service Vulnerability
CVE-2023-35377Microsoft Message Queuing Denial of Service Vulnerability
CVE-2023-35378Windows Projected File System Elevation of Privilege Vulnerability
CVE-2023-35379Reliability Analysis Metrics Calculation Engine (RACEng) Elevation of Privilege Vulnerability
CVE-2023-35380Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-35381Windows Fax Service Remote Code Execution Vulnerability
CVE-2023-35382Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-35383Microsoft Message Queuing Information Disclosure Vulnerability
CVE-2023-35384Windows HTML Platforms Security Feature Bypass Vulnerability
CVE-2023-35386Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-35387Windows Bluetooth A2DP driver Elevation of Privilege Vulnerability
CVE-2023-36876Reliability Analysis Metrics Calculation (RacTask) Elevation of Privilege Vulnerability
CVE-2023-36882Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2023-36889Windows Group Policy Security Feature Bypass Vulnerability
CVE-2023-36898Tablet Windows User Interface Application Core Remote Code Execution Vulnerability
CVE-2023-36900Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2023-36903Windows System Assessment Tool Elevation of Privilege Vulnerability
CVE-2023-36904Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
CVE-2023-36905Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability
CVE-2023-36906Windows Cryptographic Services Information Disclosure Vulnerability
CVE-2023-36907Windows Cryptographic Services Information Disclosure Vulnerability
CVE-2023-36908Windows Hyper-V Information Disclosure Vulnerability
CVE-2023-36909Microsoft Message Queuing Denial of Service Vulnerability
CVE-2023-36912Microsoft Message Queuing Denial of Service Vulnerability
CVE-2023-36913Microsoft Message Queuing Information Disclosure Vulnerability
CVE-2023-36914Windows Smart Card Resource Management Server Security Feature Bypass Vulnerability
CVE-2023-38154Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-38172Microsoft Message Queuing Denial of Service Vulnerability
CVE-2023-38184Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
CVE-2023-38186Windows Mobile Device Management Elevation of Privilege Vulnerability
CVE-2023-38254Microsoft Message Queuing Denial of Service Vulnerability

 

Office (8 CVEs)

Critical severity
CVE-2023-36895Microsoft Outlook Remote Code Execution Vulnerability
Important severity
CVE-2023-35371Microsoft Office Remote Code Execution Vulnerability
CVE-2023-35372Microsoft Office Visio Remote Code Execution Vulnerability
CVE-2023-36865Microsoft Office Visio Remote Code Execution Vulnerability
CVE-2023-36866Microsoft Office Visio Remote Code Execution Vulnerability
CVE-2023-36893Microsoft Outlook Spoofing Vulnerability
CVE-2023-36896Microsoft Excel Remote Code Execution Vulnerability
CVE-2023-36897Visual Studio Tools for Office Runtime Spoofing Vulnerability

 

Azure (7 CVEs)

Important severity
CVE-2023-38176Azure Arc-Enabled Servers Elevation of Privilege Vulnerability
CVE-2023-36869Azure DevOps Server Spoofing Vulnerability
CVE-2023-35393Azure Apache Hive Spoofing Vulnerability
CVE-2023-35394Azure HDInsight Jupyter Notebook Spoofing Vulnerability
CVE-2023-36877Azure Apache Oozie Spoofing Vulnerability
CVE-2023-36881Azure Apache Ambari Spoofing Vulnerability
CVE-2023-38188Azure Apache Hadoop Spoofing Vulnerability

 

.NET (6 CVEs)

Important severity
CVE-2023-35390.NET and Visual Studio Remote Code Execution Vulnerability
CVE-2023-36873.NET Framework Spoofing Vulnerability
CVE-2023-36899ASP.NET Elevation of Privilege Vulnerability
CVE-2023-38178.NET Core and Visual Studio Denial of Service Vulnerability
CVE-2023-35391ASP.NET Core SignalR and Visual Studio Information Disclosure Vulnerability
CVE-2023-38180.NET and Visual Studio Denial of Service Vulnerability

 

Exchange (6 CVEs)

Important severity
CVE-2023-21709Microsoft Exchange Server Elevation of Privilege Vulnerability
CVE-2023-35368Microsoft Exchange Remote Code Execution Vulnerability
CVE-2023-35388Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2023-38181Microsoft Exchange Server Spoofing Vulnerability
CVE-2023-38182Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2023-38185Microsoft Exchange Server Remote Code Execution Vulnerability

 

SharePoint (4 CVEs)

Important severity
CVE-2023-36890Microsoft SharePoint Server Information Disclosure Vulnerability
CVE-2023-36891Microsoft SharePoint Server Spoofing Vulnerability
CVE-2023-36892Microsoft SharePoint Server Spoofing Vulnerability
CVE-2023-36894Microsoft SharePoint Server Information Disclosure Vulnerability

 

Visual Studio (4 CVEs)

Important severity
CVE-2023-35391ASP.NET Core SignalR and Visual Studio Information Disclosure Vulnerability
CVE-2023-36897Visual Studio Tools for Office Runtime Spoofing Vulnerability
CVE-2023-38178.NET Core and Visual Studio Denial of Service Vulnerability
CVE-2023-38180.NET and Visual Studio Denial of Service Vulnerability

 

.ASP (2 CVEs)

Important severity
CVE-2023-35391ASP.NET Core SignalR and Visual Studio Information Disclosure Vulnerability
CVE-2023-38180.NET and Visual Studio Denial of Service Vulnerability

 

Dynamics 365 (2 CVE)

Important severity
CVE-2023-35389Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability
CVE-2023-38167Microsoft Dynamics Business Central Elevation Of Privilege Vulnerability

 

Teams (2 CVE)

Critical severity
CVE-2023-29328Microsoft Teams Remote Code Execution Vulnerability
CVE-2023-29330Microsoft Teams Remote Code Execution Vulnerability

 

Defender (1 CVE)

Important severity
CVE-2023-38175Microsoft Windows Defender Elevation of Privilege Vulnerability

 

HEVC Video Extensions (1 CVE)

Important severity
CVE-2023-38170HEVC Video Extensions Remote Code Execution Vulnerability

 

SQL Server (1 CVE)

Important severity
CVE-2023-38169Microsoft OLE DB Remote Code Execution Vulnerability

 

Appendix D: Other Products

This is a list of advisories and third-party patches covered in the August Microsoft release, sorted by product group.

Adobe Acrobat Reader (30 issues)

CVE-2023-29303Use After Free (CWE-416)
CVE-2023-29299Improper Input Validation (CWE-20)
CVE-2023-29320Improper Access Control (CWE-284)
CVE-2023-38222Use After Free (CWE-416)
CVE-2023-38223Access of Uninitialized Pointer (CWE-824)
CVE-2023-38224Use After Free (CWE-416)
CVE-2023-38225Use After Free (CWE-416)
CVE-2023-38226Access of Uninitialized Pointer (CWE-824)
CVE-2023-38227Use After Free (CWE-416)
CVE-2023-38228Use After Free (CWE-416)
CVE-2023-38229Out-of-bounds Read (CWE-125)
CVE-2023-38230Use After Free (CWE-416)
CVE-2023-38231Out-of-bounds Write (CWE-787)
CVE-2023-38232Out-of-bounds Read (CWE-125)
CVE-2023-38233Out-of-bounds Write (CWE-787)
CVE-2023-38234Access of Uninitialized Pointer (CWE-824)
CVE-2023-38235Out-of-bounds Read (CWE-125)
CVE-2023-38236Out-of-bounds Read (CWE-125)
CVE-2023-38237Out-of-bounds Read (CWE-125)
CVE-2023-38238Use After Free (CWE-416)
CVE-2023-38239Out-of-bounds Read (CWE-125)
CVE-2023-38240Out-of-bounds Read (CWE-125)
CVE-2023-38241Out-of-bounds Read (CWE-125)
CVE-2023-38242Out-of-bounds Read (CWE-125)
CVE-2023-38243Use After Free (CWE-416)
CVE-2023-38244Out-of-bounds Read (CWE-125)
CVE-2023-38245Improper Input Validation (CWE-20)
CVE-2023-38246Access of Uninitialized Pointer (CWE-824)
CVE-2023-38247Out-of-bounds Read (CWE-125)
CVE-2023-38248Out-of-bounds Read (CWE-125)

 

AMD (one issue)

CVE-2023-20569CVE-2023-20569 Return Address Predictor

 

Chromium / Edge (12 issues)

CVE-2023-4068Chromium: CVE-2023-4068 Type Confusion in V8
CVE-2023-4069Chromium: CVE-2023-4069 Type Confusion in V8
CVE-2023-4070Chromium: CVE-2023-4070 Type Confusion in V8
CVE-2023-4071Chromium: CVE-2023-4071 Heap buffer overflow in Visuals
CVE-2023-4072Chromium: CVE-2023-4072 Out of bounds read and write in WebGL
CVE-2023-4073Chromium: CVE-2023-4073 Out of bounds memory access in ANGLE
CVE-2023-4074Chromium: CVE-2023-4074 Use after free in Blink Task Scheduling
CVE-2023-4075Chromium: CVE-2023-4075 Use after free in Cast
CVE-2023-4076Chromium: CVE-2023-4076 Use after free in WebRTC
CVE-2023-4077Chromium: CVE-2023-4077 Insufficient data validation in Extensions
CVE-2023-4078Chromium: CVE-2023-4078 Inappropriate implementation in Extensions
CVE-2023-38157Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

 

GitHub (one issue)

CVE-2023-35945Github: CBL Mariner

 

http://feeds.feedburner.com/sophos/dgdY

Leave a Reply