| 2023-08-15 | CVE-2023-4364 | Inappropriate implementation in Permission Prompts in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. | 4.3 |
| 2023-08-15 | CVE-2023-4365 | Inappropriate implementation in Fullscreen in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. | 4.3 |
| 2023-08-15 | CVE-2023-4366 | Use After Free vulnerability in multiple products
Use after free in Extensions in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2023-08-15 | CVE-2023-4367 | Insufficient policy enforcement in Extensions API in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via a crafted HTML page. | 6.5 |
| 2023-08-15 | CVE-2023-32003 | Path Traversal vulnerability in multiple products
`fs.mkdtemp()` and `fs.mkdtempSync()` can be used to bypass the permission model check using a path traversal attack. | 5.3 |
| 2023-08-15 | CVE-2023-32004 | Path Traversal vulnerability in multiple products
A vulnerability has been discovered in Node.js version 20, specifically within the experimental permission model. | 8.8 |
| 2023-08-15 | CVE-2023-32006 | The use of `module.constructor.createRequire()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x, and, 20.x. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js. | 8.8 |
| 2023-08-14 | CVE-2023-4322 | Out-of-bounds Write vulnerability in multiple products
Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.9.0. | 9.8 |
| 2023-08-11 | CVE-2023-3823 | XXE vulnerability in multiple products
In PHP versions 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8 various XML functions rely on libxml global state to track configuration variables, like whether external entities are loaded. | 7.5 |
| 2023-08-11 | CVE-2023-3824 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE. | 9.8 |