Microsoft on Tuesday released patches for 73 vulnerabilities, including 3 critical-severity issues in Windows, 2 in Teams, and one in Office. As usual, the largest number of addressed vulnerabilities affect Windows, with 35 CVEs. Office is next in line with 9 issues including one shared with Visual Studio, followed by Azure (7); Exchange (6); .NET (6, including three shared with Visual Studio and .ASP); SharePoint (4); Dynamics 365 and Teams (2 each); and Defender, HEVC Video Extensions, and SQL Server (one each). There are three advisories in this month’s release, and it also includes information on 30 patches for Adobe Acrobat Reader, 12 flaws in Edge/Chromium, and one in GitHub. There is, in addition, information on CVE-2023-20569, the side-channel issue announced today by AMD and affecting multiple CPUs from that manufacturer.
At patch time, two issues are known to be under exploit in the wild. The first, CVE-2023-38180, is a denial-of-service vulnerability affecting .NET, Visual Studio, and .ASP; it requires neither privileges nor user interaction. The other is addressed in a Defense in Depth advisory, ADV230003; this update blocks the attack chain leading to the CVE-2023-36884 vulnerability patched last month. An additional 8 vulnerabilities in Windows, .NET, Visual Studio, and Exchange are by the company’s estimation more likely to be exploited in the 30 days following this release. Four of those 8 issues are kernel vulnerabilities.
Microsoft once again this month offered no guidance overview on exploitation likelihood in earlier versions versus latest versions for any of their patches.
The AMD patch is interesting, since though the flaw is in AMD’s hardware, fixing it requires a Windows update. Microsoft includes information on it so sysadmins are aware that the latest builds of Windows enable the mitigation, and also to provide links to Microsoft’s own Knowledge Base articles for client and Server / Azure Stack HCI customers, and to Microsoft information for those running VMs in Azure. Information available so far indicates that the issue is not under active attack and may not be exploitable remotely.
We are including at the end of this post three appendices listing all Microsoft’s patches, sorted by severity, by predicted exploitability, and by product family. As per Microsoft’s guidance we’ll treat the patches and advisories for Adobe Acrobat Reader, AMD, Chromium / Edge, and GitHub as information-only in the following charts and totals, though we’ve added a chart at the end of the post providing basic information on all 44.
By the numbers
- Total Microsoft CVEs: 73
- Total advisories shipping in update: 3
- Publicly disclosed: 2
- Exploited: 2
- Severity
- Critical: 6
- Important: 67
- Impact
- Remote Code Execution: 23
- Elevation of Privilege: 18
- Spoofing: 12
- Information Disclosure: 9
- Denial of Service: 8
- Security Feature Bypass: 3
Figure 1: Remote code execution issues once again top the charts in August, but spoofing issues in Azure and other products play a big part in the numbers
Products
- Windows: 35
- Office: 8 (including one shared with Visual Studio)
- Azure: 7
- .NET: 6 (including two shared with .ASP and three shared with Visual Studio)
- Exchange: 6
- SharePoint: 4
- Visual Studio: 4 (two shared with .NET, one shared with .NET and .ASP, one shared with office)
- .ASP: 2 (shared with .NET)
- Dynamics 365: 2
- Teams: 2
- Defender: 1
- HEVC Video Extensions: 1
- SQL Server: 1
Figure 2: Windows accounts for just under half of this month’s patches, with 13 families represented
Notable August updates
In addition to the AMD patch discussed above, a few interesting items present themselves.
ADV230003 – Microsoft Office Defense in Depth Update
ADV230004 – Memory Integrity System Readiness Scan Tool
ADV990001 – Latest Servicing Stack Updates
There are three advisories this month, and Microsoft describes all three as defense-in-depth issues of moderate severity, as is the custom. However, the first two on the list (ADV230003, ADV230004) both address publicly disclosed issues, with ADV230003 under active exploit in the wild as noted above. The other affects Microsoft’s Memory Integrity System Readiness Scan Tool, which checks compatibility in hypervisor code for ARM64 and AMD64 processors and is also sometimes called HVCI. The third is of course the regularly updated servicing stack, which is always a good choice for prioritized installation.
CVE-2023-38180 – .NET and Visual Studio Denial of Service Vulnerability
More .NET / VS / .ASP excitement, this bug affects versions 17.2, 17.4, and 17.6 of VS 2022 along with versions 6.0 and 7.0 of .NET Core. Despite the CVE’s title, .ASP.NET Core 2 is also affected. As noted above, it was recently found to be under active exploit.
CVE-2023-36895 – Microsoft Outlook Remote Code Execution Vulnerability
CVE-2023-36896 – Microsoft Excel Remote Code Execution Vulnerability
CVE-2023-35371 – Microsoft Office Remote Code Execution Vulnerability
All these issues – the Outlook bug Critical-class, the Office bug Important-class – affect Mac users, but those versions of the patches weren’t made available immediately. Administrators of affected systems are encouraged to monitor Microsoft communications for updates to the individual CVEs (CVE-2023-36895, CVE-2023-36896, CVE-2023-35371).
CVE-2023-36876 – Reliability Analysis Metrics Calculation (RacTask) Elevation of Privilege Vulnerability
CVE-2023-35379 – Reliability Analysis Metrics Calculation Engine (RACEng) Elevation of Privilege Vulnerability
Running Windows Server 2008 R2 x64 pack 1, a package old enough to enter middle school this year? These two updates are specifically for you (and no other version of Windows). Both are marked as Important-class elevation of privilege issues, though the wording of the information on the former (“an attacker who successfully exploits this vulnerability cannot access existing files but can write or overwrite file contents, which potentially may cause the system to become unavailable”) sounds very DoS-like in a way.
CVE-2023-35380 – Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-35382 – Windows Kernel Elevation of Privilege Vulnerability
These two elevation-of-privilege issues share a name and a warning that they’re more likely to be exploited in the 30 days following patch release. However, a reading of the information provided shows a small silver lining: Both require local access to the targeted machine. (Once touching the keyboard, though, the would-be attacker would exploit this by creating folders and performance trace on the box, both of which require privileges users have by default. We said it was a small silver lining.)
Figure 3: The cumulative 2023 total through August’s Patch Tuesday. It may not feel like it, but 2023 to date is a far lighter year than 2022 according to our numbers. At this point in 2022, Microsoft had released 690 patches, including 52 Critical-class patches. Elevation of Privilege led the list with 274 patches. In contrast, this year’s total patch load has been 491 patches, including 60 Critical-class; Remote Control Execution issues lead the pack with 234
Sophos protections
CVE | Sophos Intercept X/Endpoint IPS | Sophos XGS Firewall |
CVE-2023-35359 | Exp/2335359-A | |
CVE-2023-35380 | Exp/2335380-A | |
CVE-2023-35382 | Exp/2335382-A |
As you can every month, if you don’t want to wait for your system to pull down Microsoft’s updates itself, you can download them manually from the Windows Update Catalog website. Run the winver.exe tool to determine which build of Windows 10 or 11 you’re running, then download the Cumulative Update package for your specific system’s architecture and build number.
Appendix A: Vulnerability Impact and Severity
This is a list of August’s patches sorted by impact, then sub-sorted by severity. Each list is further arranged by CVE.
Remote Code Execution (23 CVEs)
Critical severity | |
CVE-2023-29328 | Microsoft Teams Remote Code Execution Vulnerability |
CVE-2023-29330 | Microsoft Teams Remote Code Execution Vulnerability |
CVE-2023-35385 | Microsoft Message Queuing Remote Code Execution Vulnerability |
CVE-2023-36895 | Microsoft Outlook Remote Code Execution Vulnerability |
CVE-2023-36910 | Microsoft Message Queuing Remote Code Execution Vulnerability |
CVE-2023-36911 | Microsoft Message Queuing Remote Code Execution Vulnerability |
Important severity | |
CVE-2023-35368 | Microsoft Exchange Remote Code Execution Vulnerability |
CVE-2023-35371 | Microsoft Office Remote Code Execution Vulnerability |
CVE-2023-35372 | Microsoft Office Visio Remote Code Execution Vulnerability |
CVE-2023-35381 | Windows Fax Service Remote Code Execution Vulnerability |
CVE-2023-35388 | Microsoft Exchange Server Remote Code Execution Vulnerability |
CVE-2023-35389 | Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability |
CVE-2023-35390 | .NET and Visual Studio Remote Code Execution Vulnerability |
CVE-2023-36865 | Microsoft Office Visio Remote Code Execution Vulnerability |
CVE-2023-36866 | Microsoft Office Visio Remote Code Execution Vulnerability |
CVE-2023-36882 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
CVE-2023-36896 | Microsoft Excel Remote Code Execution Vulnerability |
CVE-2023-36898 | Tablet Windows User Interface Application Core Remote Code Execution Vulnerability |
CVE-2023-38169 | Microsoft OLE DB Remote Code Execution Vulnerability |
CVE-2023-38170 | HEVC Video Extensions Remote Code Execution Vulnerability |
CVE-2023-38182 | Microsoft Exchange Server Remote Code Execution Vulnerability |
CVE-2023-38184 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability |
CVE-2023-38185 | Microsoft Exchange Server Remote Code Execution Vulnerability |
Elevation of Privilege (18 CVEs)
Important severity | |
CVE-2023-21709 | Microsoft Exchange Server Elevation of Privilege Vulnerability |
CVE-2023-35359 | Windows Kernel Elevation of Privilege Vulnerability |
CVE-2023-35378 | Windows Projected File System Elevation of Privilege Vulnerability |
CVE-2023-35379 | Reliability Analysis Metrics Calculation Engine (RACEng) Elevation of Privilege Vulnerability |
CVE-2023-35380 | Windows Kernel Elevation of Privilege Vulnerability |
CVE-2023-35382 | Windows Kernel Elevation of Privilege Vulnerability |
CVE-2023-35386 | Windows Kernel Elevation of Privilege Vulnerability |
CVE-2023-35387 | Windows Bluetooth A2DP driver Elevation of Privilege Vulnerability |
CVE-2023-36876 | Reliability Analysis Metrics Calculation (RacTask) Elevation of Privilege Vulnerability |
CVE-2023-36899 | ASP.NET Elevation of Privilege Vulnerability |
CVE-2023-36900 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
CVE-2023-36903 | Windows System Assessment Tool Elevation of Privilege Vulnerability |
CVE-2023-36904 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability |
CVE-2023-38154 | Windows Kernel Elevation of Privilege Vulnerability |
CVE-2023-38167 | Microsoft Dynamics Business Central Elevation Of Privilege Vulnerability |
CVE-2023-38175 | Microsoft Windows Defender Elevation of Privilege Vulnerability |
CVE-2023-38176 | Azure Arc-Enabled Servers Elevation of Privilege Vulnerability |
CVE-2023-38186 | Windows Mobile Device Management Elevation of Privilege Vulnerability |
Spoofing (12 CVEs)
Important severity | |
CVE-2023-35393 | Azure Apache Hive Spoofing Vulnerability |
CVE-2023-35394 | Azure HDInsight Jupyter Notebook Spoofing Vulnerability |
CVE-2023-36869 | Azure DevOps Server Spoofing Vulnerability |
CVE-2023-36873 | .NET Framework Spoofing Vulnerability |
CVE-2023-36877 | Azure Apache Oozie Spoofing Vulnerability |
CVE-2023-36881 | Azure Apache Ambari Spoofing Vulnerability |
CVE-2023-36891 | Microsoft SharePoint Server Spoofing Vulnerability |
CVE-2023-36892 | Microsoft SharePoint Server Spoofing Vulnerability |
CVE-2023-36893 | Microsoft Outlook Spoofing Vulnerability |
CVE-2023-36897 | Visual Studio Tools for Office Runtime Spoofing Vulnerability |
CVE-2023-38181 | Microsoft Exchange Server Spoofing Vulnerability |
CVE-2023-38188 | Azure Apache Hadoop Spoofing Vulnerability |
Information Disclosure (9 CVEs)
Important severity | |
CVE-2023-35383 | Microsoft Message Queuing Information Disclosure Vulnerability |
CVE-2023-35391 | ASP.NET Core SignalR and Visual Studio Information Disclosure Vulnerability |
CVE-2023-36890 | Microsoft SharePoint Server Information Disclosure Vulnerability |
CVE-2023-36894 | Microsoft SharePoint Server Information Disclosure Vulnerability |
CVE-2023-36905 | Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability |
CVE-2023-36906 | Windows Cryptographic Services Information Disclosure Vulnerability |
CVE-2023-36907 | Windows Cryptographic Services Information Disclosure Vulnerability |
CVE-2023-36908 | Windows Hyper-V Information Disclosure Vulnerability |
CVE-2023-36913 | Microsoft Message Queuing Information Disclosure Vulnerability |
Denial of Service (8 CVEs)
Important severity | |
CVE-2023-35376 | Microsoft Message Queuing Denial of Service Vulnerability |
CVE-2023-35377 | Microsoft Message Queuing Denial of Service Vulnerability |
CVE-2023-36909 | Microsoft Message Queuing Denial of Service Vulnerability |
CVE-2023-36912 | Microsoft Message Queuing Denial of Service Vulnerability |
CVE-2023-38172 | Microsoft Message Queuing Denial of Service Vulnerability |
CVE-2023-38178 | .NET Core and Visual Studio Denial of Service Vulnerability |
CVE-2023-38180 | .NET and Visual Studio Denial of Service Vulnerability |
CVE-2023-38254 | Microsoft Message Queuing Denial of Service Vulnerability |
Security Feature Bypass (3 CVEs)
Important severity | |
CVE-2023-35384 | Windows HTML Platforms Security Feature Bypass Vulnerability |
CVE-2023-36889 | Windows Group Policy Security Feature Bypass Vulnerability |
CVE-2023-36914 | Windows Smart Card Resource Management Server Security Feature Bypass Vulnerability |
Appendix B: Exploitability
This is a list of the August CVEs judged by Microsoft to be more likely to be exploited in the wild within the first 30 days post-release, as well as those already known to be under exploit. Each list is further arranged by CVE. (As a reminder, ADV230003, an advisory, is also known to be under active exploit as discussed above.)
Exploitation detected | |
CVE-2023-38180 | .NET and Visual Studio Denial of Service Vulnerability |
Exploitation more likely | |
CVE-2023-35359 | Windows Kernel Elevation of Privilege Vulnerability |
CVE-2023-35380 | Windows Kernel Elevation of Privilege Vulnerability |
CVE-2023-35382 | Windows Kernel Elevation of Privilege Vulnerability |
CVE-2023-35384 | Windows HTML Platforms Security Feature Bypass Vulnerability |
CVE-2023-35386 | Windows Kernel Elevation of Privilege Vulnerability |
CVE-2023-35388 | Microsoft Exchange Server Remote Code Execution Vulnerability |
CVE-2023-36900 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
CVE-2023-38182 | Microsoft Exchange Server Remote Code Execution Vulnerability |
Appendix C: Products Affected
This is a list of August’s patches sorted by product family, then sub-sorted by severity. Each list is further arranged by CVE.
Windows (35 CVEs)
Critical severity | |
CVE-2023-35385 | Microsoft Message Queuing Remote Code Execution Vulnerability |
CVE-2023-36910 | Microsoft Message Queuing Remote Code Execution Vulnerability |
CVE-2023-36911 | Microsoft Message Queuing Remote Code Execution Vulnerability |
Important severity | |
CVE-2023-35359 | Windows Kernel Elevation of Privilege Vulnerability |
CVE-2023-35376 | Microsoft Message Queuing Denial of Service Vulnerability |
CVE-2023-35377 | Microsoft Message Queuing Denial of Service Vulnerability |
CVE-2023-35378 | Windows Projected File System Elevation of Privilege Vulnerability |
CVE-2023-35379 | Reliability Analysis Metrics Calculation Engine (RACEng) Elevation of Privilege Vulnerability |
CVE-2023-35380 | Windows Kernel Elevation of Privilege Vulnerability |
CVE-2023-35381 | Windows Fax Service Remote Code Execution Vulnerability |
CVE-2023-35382 | Windows Kernel Elevation of Privilege Vulnerability |
CVE-2023-35383 | Microsoft Message Queuing Information Disclosure Vulnerability |
CVE-2023-35384 | Windows HTML Platforms Security Feature Bypass Vulnerability |
CVE-2023-35386 | Windows Kernel Elevation of Privilege Vulnerability |
CVE-2023-35387 | Windows Bluetooth A2DP driver Elevation of Privilege Vulnerability |
CVE-2023-36876 | Reliability Analysis Metrics Calculation (RacTask) Elevation of Privilege Vulnerability |
CVE-2023-36882 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
CVE-2023-36889 | Windows Group Policy Security Feature Bypass Vulnerability |
CVE-2023-36898 | Tablet Windows User Interface Application Core Remote Code Execution Vulnerability |
CVE-2023-36900 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
CVE-2023-36903 | Windows System Assessment Tool Elevation of Privilege Vulnerability |
CVE-2023-36904 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability |
CVE-2023-36905 | Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability |
CVE-2023-36906 | Windows Cryptographic Services Information Disclosure Vulnerability |
CVE-2023-36907 | Windows Cryptographic Services Information Disclosure Vulnerability |
CVE-2023-36908 | Windows Hyper-V Information Disclosure Vulnerability |
CVE-2023-36909 | Microsoft Message Queuing Denial of Service Vulnerability |
CVE-2023-36912 | Microsoft Message Queuing Denial of Service Vulnerability |
CVE-2023-36913 | Microsoft Message Queuing Information Disclosure Vulnerability |
CVE-2023-36914 | Windows Smart Card Resource Management Server Security Feature Bypass Vulnerability |
CVE-2023-38154 | Windows Kernel Elevation of Privilege Vulnerability |
CVE-2023-38172 | Microsoft Message Queuing Denial of Service Vulnerability |
CVE-2023-38184 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability |
CVE-2023-38186 | Windows Mobile Device Management Elevation of Privilege Vulnerability |
CVE-2023-38254 | Microsoft Message Queuing Denial of Service Vulnerability |
Office (8 CVEs)
Critical severity | |
CVE-2023-36895 | Microsoft Outlook Remote Code Execution Vulnerability |
Important severity | |
CVE-2023-35371 | Microsoft Office Remote Code Execution Vulnerability |
CVE-2023-35372 | Microsoft Office Visio Remote Code Execution Vulnerability |
CVE-2023-36865 | Microsoft Office Visio Remote Code Execution Vulnerability |
CVE-2023-36866 | Microsoft Office Visio Remote Code Execution Vulnerability |
CVE-2023-36893 | Microsoft Outlook Spoofing Vulnerability |
CVE-2023-36896 | Microsoft Excel Remote Code Execution Vulnerability |
CVE-2023-36897 | Visual Studio Tools for Office Runtime Spoofing Vulnerability |
Azure (7 CVEs)
Important severity | |
CVE-2023-38176 | Azure Arc-Enabled Servers Elevation of Privilege Vulnerability |
CVE-2023-36869 | Azure DevOps Server Spoofing Vulnerability |
CVE-2023-35393 | Azure Apache Hive Spoofing Vulnerability |
CVE-2023-35394 | Azure HDInsight Jupyter Notebook Spoofing Vulnerability |
CVE-2023-36877 | Azure Apache Oozie Spoofing Vulnerability |
CVE-2023-36881 | Azure Apache Ambari Spoofing Vulnerability |
CVE-2023-38188 | Azure Apache Hadoop Spoofing Vulnerability |
.NET (6 CVEs)
Important severity | |
CVE-2023-35390 | .NET and Visual Studio Remote Code Execution Vulnerability |
CVE-2023-36873 | .NET Framework Spoofing Vulnerability |
CVE-2023-36899 | ASP.NET Elevation of Privilege Vulnerability |
CVE-2023-38178 | .NET Core and Visual Studio Denial of Service Vulnerability |
CVE-2023-35391 | ASP.NET Core SignalR and Visual Studio Information Disclosure Vulnerability |
CVE-2023-38180 | .NET and Visual Studio Denial of Service Vulnerability |
Exchange (6 CVEs)
Important severity | |
CVE-2023-21709 | Microsoft Exchange Server Elevation of Privilege Vulnerability |
CVE-2023-35368 | Microsoft Exchange Remote Code Execution Vulnerability |
CVE-2023-35388 | Microsoft Exchange Server Remote Code Execution Vulnerability |
CVE-2023-38181 | Microsoft Exchange Server Spoofing Vulnerability |
CVE-2023-38182 | Microsoft Exchange Server Remote Code Execution Vulnerability |
CVE-2023-38185 | Microsoft Exchange Server Remote Code Execution Vulnerability |
SharePoint (4 CVEs)
Important severity | |
CVE-2023-36890 | Microsoft SharePoint Server Information Disclosure Vulnerability |
CVE-2023-36891 | Microsoft SharePoint Server Spoofing Vulnerability |
CVE-2023-36892 | Microsoft SharePoint Server Spoofing Vulnerability |
CVE-2023-36894 | Microsoft SharePoint Server Information Disclosure Vulnerability |
Visual Studio (4 CVEs)
Important severity | |
CVE-2023-35391 | ASP.NET Core SignalR and Visual Studio Information Disclosure Vulnerability |
CVE-2023-36897 | Visual Studio Tools for Office Runtime Spoofing Vulnerability |
CVE-2023-38178 | .NET Core and Visual Studio Denial of Service Vulnerability |
CVE-2023-38180 | .NET and Visual Studio Denial of Service Vulnerability |
.ASP (2 CVEs)
Important severity | |
CVE-2023-35391 | ASP.NET Core SignalR and Visual Studio Information Disclosure Vulnerability |
CVE-2023-38180 | .NET and Visual Studio Denial of Service Vulnerability |
Dynamics 365 (2 CVE)
Important severity | |
CVE-2023-35389 | Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability |
CVE-2023-38167 | Microsoft Dynamics Business Central Elevation Of Privilege Vulnerability |
Teams (2 CVE)
Critical severity | |
CVE-2023-29328 | Microsoft Teams Remote Code Execution Vulnerability |
CVE-2023-29330 | Microsoft Teams Remote Code Execution Vulnerability |
Defender (1 CVE)
Important severity | |
CVE-2023-38175 | Microsoft Windows Defender Elevation of Privilege Vulnerability |
HEVC Video Extensions (1 CVE)
Important severity | |
CVE-2023-38170 | HEVC Video Extensions Remote Code Execution Vulnerability |
SQL Server (1 CVE)
Important severity | |
CVE-2023-38169 | Microsoft OLE DB Remote Code Execution Vulnerability |
Appendix D: Other Products
This is a list of advisories and third-party patches covered in the August Microsoft release, sorted by product group.
Adobe Acrobat Reader (30 issues)
CVE-2023-29303 | Use After Free (CWE-416) |
CVE-2023-29299 | Improper Input Validation (CWE-20) |
CVE-2023-29320 | Improper Access Control (CWE-284) |
CVE-2023-38222 | Use After Free (CWE-416) |
CVE-2023-38223 | Access of Uninitialized Pointer (CWE-824) |
CVE-2023-38224 | Use After Free (CWE-416) |
CVE-2023-38225 | Use After Free (CWE-416) |
CVE-2023-38226 | Access of Uninitialized Pointer (CWE-824) |
CVE-2023-38227 | Use After Free (CWE-416) |
CVE-2023-38228 | Use After Free (CWE-416) |
CVE-2023-38229 | Out-of-bounds Read (CWE-125) |
CVE-2023-38230 | Use After Free (CWE-416) |
CVE-2023-38231 | Out-of-bounds Write (CWE-787) |
CVE-2023-38232 | Out-of-bounds Read (CWE-125) |
CVE-2023-38233 | Out-of-bounds Write (CWE-787) |
CVE-2023-38234 | Access of Uninitialized Pointer (CWE-824) |
CVE-2023-38235 | Out-of-bounds Read (CWE-125) |
CVE-2023-38236 | Out-of-bounds Read (CWE-125) |
CVE-2023-38237 | Out-of-bounds Read (CWE-125) |
CVE-2023-38238 | Use After Free (CWE-416) |
CVE-2023-38239 | Out-of-bounds Read (CWE-125) |
CVE-2023-38240 | Out-of-bounds Read (CWE-125) |
CVE-2023-38241 | Out-of-bounds Read (CWE-125) |
CVE-2023-38242 | Out-of-bounds Read (CWE-125) |
CVE-2023-38243 | Use After Free (CWE-416) |
CVE-2023-38244 | Out-of-bounds Read (CWE-125) |
CVE-2023-38245 | Improper Input Validation (CWE-20) |
CVE-2023-38246 | Access of Uninitialized Pointer (CWE-824) |
CVE-2023-38247 | Out-of-bounds Read (CWE-125) |
CVE-2023-38248 | Out-of-bounds Read (CWE-125) |
AMD (one issue)
CVE-2023-20569 | CVE-2023-20569 Return Address Predictor |
Chromium / Edge (12 issues)
CVE-2023-4068 | Chromium: CVE-2023-4068 Type Confusion in V8 |
CVE-2023-4069 | Chromium: CVE-2023-4069 Type Confusion in V8 |
CVE-2023-4070 | Chromium: CVE-2023-4070 Type Confusion in V8 |
CVE-2023-4071 | Chromium: CVE-2023-4071 Heap buffer overflow in Visuals |
CVE-2023-4072 | Chromium: CVE-2023-4072 Out of bounds read and write in WebGL |
CVE-2023-4073 | Chromium: CVE-2023-4073 Out of bounds memory access in ANGLE |
CVE-2023-4074 | Chromium: CVE-2023-4074 Use after free in Blink Task Scheduling |
CVE-2023-4075 | Chromium: CVE-2023-4075 Use after free in Cast |
CVE-2023-4076 | Chromium: CVE-2023-4076 Use after free in WebRTC |
CVE-2023-4077 | Chromium: CVE-2023-4077 Insufficient data validation in Extensions |
CVE-2023-4078 | Chromium: CVE-2023-4078 Inappropriate implementation in Extensions |
CVE-2023-38157 | Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability |
GitHub (one issue)
CVE-2023-35945 | Github: CBL Mariner |