cvelistv5 - cve-2023-2136

CVE-2023-2136 (GCVE-0-2023-2136)

Vulnerability from cvelistv5

Published

2023-04-19 03:40

Modified

2025-10-21 23:05

Severity ?

9.6 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

CWE

Integer overflow

Summary

Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

References

URL

Tags

	https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_18.html
	https://crbug.com/1432603
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FEJZMAUB4XP44HSHEBDWEKFGA7DUHY42/
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4AOSGAOPXLBK4A5ZRTVZ4M6QKVLSWMWG/
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RJQI63HWZFL6M26Q6UOHKDY6LD2PFC5Z/
	https://www.debian.org/security/2023/dsa-5393
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHHD6KNH4WLUE6JG6HRQZWNAJMHJ32X7/
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SLO7BL2MHZYPY6O3OAEAQL3SKYMGGO6M/
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ES2CDRHR2Y4WY6DNDIAPYZFXJU3ZBFAV/
	https://security.gentoo.org/glsa/202309-17

Impacted products

	Vendor	Product	Version
	Google	Chrome	Version: 112.0.5615.137 < 112.0.5615.137

CISA Known Exploited Vulnerability

Data from the CISA Known Exploited Vulnerabilities Catalog

Date added: 2023-04-21

Due date: 2023-05-12

Required action: Apply updates per vendor instructions.

Used in ransomware: Unknown

Notes: https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_18.html; https://nvd.nist.gov/vuln/detail/CVE-2023-2136

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T06:12:20.566Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_18.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://crbug.com/1432603"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FEJZMAUB4XP44HSHEBDWEKFGA7DUHY42/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4AOSGAOPXLBK4A5ZRTVZ4M6QKVLSWMWG/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RJQI63HWZFL6M26Q6UOHKDY6LD2PFC5Z/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5393"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHHD6KNH4WLUE6JG6HRQZWNAJMHJ32X7/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SLO7BL2MHZYPY6O3OAEAQL3SKYMGGO6M/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ES2CDRHR2Y4WY6DNDIAPYZFXJU3ZBFAV/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202309-17"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.6,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "CHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-2136",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-28T16:25:41.641089Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2023-04-21",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-2136"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-190",
                "description": "CWE-190 Integer Overflow or Wraparound",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T23:05:48.846Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-2136"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2023-04-21T00:00:00.000Z",
            "value": "CVE-2023-2136 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Chrome",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "112.0.5615.137",
              "status": "affected",
              "version": "112.0.5615.137",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Integer overflow",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-30T10:06:46.068Z",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "url": "https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_18.html"
        },
        {
          "url": "https://crbug.com/1432603"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FEJZMAUB4XP44HSHEBDWEKFGA7DUHY42/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4AOSGAOPXLBK4A5ZRTVZ4M6QKVLSWMWG/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RJQI63HWZFL6M26Q6UOHKDY6LD2PFC5Z/"
        },
        {
          "url": "https://www.debian.org/security/2023/dsa-5393"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHHD6KNH4WLUE6JG6HRQZWNAJMHJ32X7/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SLO7BL2MHZYPY6O3OAEAQL3SKYMGGO6M/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ES2CDRHR2Y4WY6DNDIAPYZFXJU3ZBFAV/"
        },
        {
          "url": "https://security.gentoo.org/glsa/202309-17"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2023-2136",
    "datePublished": "2023-04-19T03:40:26.644Z",
    "dateReserved": "2023-04-17T22:27:00.468Z",
    "dateUpdated": "2025-10-21T23:05:48.846Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2023-2136",
      "cwes": "[\"CWE-190\"]",
      "dateAdded": "2023-04-21",
      "dueDate": "2023-05-12",
      "knownRansomwareCampaignUse": "Unknown",
      "notes": "https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_18.html;  https://nvd.nist.gov/vuln/detail/CVE-2023-2136",
      "product": "Chromium Skia",
      "requiredAction": "Apply updates per vendor instructions.",
      "shortDescription": "Google Chromium Skia contains an integer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. This vulnerability affects Google Chrome and ChromeOS, Android, Flutter, and possibly other products.",
      "vendorProject": "Google",
      "vulnerabilityName": "Google Chrome Skia Integer Overflow Vulnerability"
    }
  }
}

CERTFR-2023-AVI-0324

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans Google Chrome. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Google	Chrome	Google Chrome versions antérieures à 112.0.5615.137/138 sur Windows
	Google	Chrome	Google Chrome versions antérieures à 112.0.5615.137 sur Mac et Linux

References

Title

Publication Time

Tags

Bulletin de sécurité Google Chrome du 18 avril 2023

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Google Chrome versions ant\u00e9rieures \u00e0 112.0.5615.137/138 sur Windows",
      "product": {
        "name": "Chrome",
        "vendor": {
          "name": "Google",
          "scada": false
        }
      }
    },
    {
      "description": "Google Chrome versions ant\u00e9rieures \u00e0 112.0.5615.137 sur Mac et Linux",
      "product": {
        "name": "Chrome",
        "vendor": {
          "name": "Google",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-2135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2135"
    },
    {
      "name": "CVE-2023-2133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2133"
    },
    {
      "name": "CVE-2023-2134",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2134"
    },
    {
      "name": "CVE-2023-2137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2137"
    },
    {
      "name": "CVE-2023-2136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2136"
    }
  ],
  "initial_release_date": "2023-04-19T00:00:00",
  "last_revision_date": "2023-04-19T00:00:00",
  "links": [],
  "reference": "CERTFR-2023-AVI-0324",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-04-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eGoogle Chrome\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Chrome",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Google Chrome du 18 avril 2023",
      "url": "https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_18.html"
    }
  ]
}

CERTFR-2024-AVI-0209

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits SAP. Certaines d'entre elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données et une exécution de code arbitraire à distance et un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
SAP	N/A	NetWeaver AS Java version 7.5 sans le dernier correctif de sécurité
SAP	N/A	Business Client versions 6.5, 7.0 et 7.70 sans le dernier correctif de sécurité
SAP	N/A	NetWeaver (Enterprise Portal) version 7.50 sans le dernier correctif de sécurité
SAP	N/A	Build Apps versions antérieures à 4.9.145
SAP	N/A	HANA Database version 2.0 sans le dernier correctif de sécurité
SAP	N/A	Commerce versions HY_COM 2105, HY_COM 2205 et COM_CLOUD 2211 sans le dernier correctif de sécurité
SAP	N/A	HANA XS Advanced version 1.0 sans le dernier correctif de sécurité
SAP	N/A	BusinessObjects Business Intelligence Platform version 4.3 sans le dernier correctif de sécurité
SAP	N/A	ABAP Platform versions 758 et 795 sans le dernier correctif de sécurité
SAP	N/A	NetWeaver (WSRM) version 7.50 sans le dernier correctif de sécurité
SAP	N/A	NetWeaver Process Integration (Support Web Pages) version 7.50 sans le dernier correctif de sécurité
SAP	N/A	Fiori Front End Server version 605 sans le dernier correctif de sécurité
SAP	N/A	NetWeaver AS ABAP pour les applications basées sur SAPGUI versions 7.89 et 7.93 sans le dernier correctif de sécurité

References

Title

Publication Time

Tags

Bulletin de sécurité SAP du 12 mars 2024

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "NetWeaver AS Java version 7.5 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "Business Client versions 6.5, 7.0 et 7.70 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "NetWeaver (Enterprise Portal) version 7.50 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "Build Apps versions ant\u00e9rieures \u00e0 4.9.145",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "HANA Database version 2.0 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "Commerce versions HY_COM 2105, HY_COM 2205 et COM_CLOUD 2211 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "HANA XS Advanced version 1.0 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "BusinessObjects Business Intelligence Platform version 4.3 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "ABAP Platform versions 758 et 795 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "NetWeaver (WSRM) version 7.50 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "NetWeaver Process Integration (Support Web Pages) version 7.50 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "Fiori Front End Server version 605 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "NetWeaver AS ABAP pour les applications bas\u00e9es sur SAPGUI versions 7.89 et 7.93 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-39439",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39439"
    },
    {
      "name": "CVE-2022-3075",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3075"
    },
    {
      "name": "CVE-2023-44487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
    },
    {
      "name": "CVE-2024-22133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22133"
    },
    {
      "name": "CVE-2024-25644",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25644"
    },
    {
      "name": "CVE-2023-50164",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-50164"
    },
    {
      "name": "CVE-2023-7024",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-7024"
    },
    {
      "name": "CVE-2019-10744",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10744"
    },
    {
      "name": "CVE-2024-27900",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27900"
    },
    {
      "name": "CVE-2024-22127",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22127"
    },
    {
      "name": "CVE-2024-27902",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27902"
    },
    {
      "name": "CVE-2024-28163",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28163"
    },
    {
      "name": "CVE-2023-5217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5217"
    },
    {
      "name": "CVE-2024-25645",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25645"
    },
    {
      "name": "CVE-2023-4863",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4863"
    },
    {
      "name": "CVE-2023-6345",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6345"
    },
    {
      "name": "CVE-2022-2856",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2856"
    },
    {
      "name": "CVE-2023-3079",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3079"
    },
    {
      "name": "CVE-2023-2136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2136"
    },
    {
      "name": "CVE-2024-0519",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-0519"
    }
  ],
  "initial_release_date": "2024-03-13T00:00:00",
  "last_revision_date": "2024-03-13T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0209",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-03-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits SAP\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9\ndes donn\u00e9es et une ex\u00e9cution de code arbitraire \u00e0 distance et un d\u00e9ni de\nservice \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SAP du 12 mars 2024",
      "url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news/march-2024.html"
    }
  ]
}

CERTFR-2023-AVI-0516

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans Google Android et Google Pixel. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Google	Android	Google Pixel sans le correctif du 5 juillet 2023
	Google	Android	Google Android 11, 12, 12L, 13 sans le correctif du 5 juillet 2023

References

Title

Publication Time

Tags

Bulletin de sécurité Android Pixel du 05 juillet 2023	None	vendor-advisory
Bulletin de sécurité Android du 05 juillet 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Google Pixel sans le correctif du 5 juillet 2023",
      "product": {
        "name": "Android",
        "vendor": {
          "name": "Google",
          "scada": false
        }
      }
    },
    {
      "description": "Google Android 11, 12, 12L, 13 sans le correctif du 5 juillet 2023",
      "product": {
        "name": "Android",
        "vendor": {
          "name": "Google",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-24851",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24851"
    },
    {
      "name": "CVE-2023-20754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-20754"
    },
    {
      "name": "CVE-2023-21145",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21145"
    },
    {
      "name": "CVE-2023-21400",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21400"
    },
    {
      "name": "CVE-2023-22386",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22386"
    },
    {
      "name": "CVE-2023-21624",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21624"
    },
    {
      "name": "CVE-2023-21637",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21637"
    },
    {
      "name": "CVE-2022-42703",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42703"
    },
    {
      "name": "CVE-2023-22667",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22667"
    },
    {
      "name": "CVE-2023-21247",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21247"
    },
    {
      "name": "CVE-2023-21245",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21245"
    },
    {
      "name": "CVE-2023-35693",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-35693"
    },
    {
      "name": "CVE-2021-29256",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-29256"
    },
    {
      "name": "CVE-2023-28541",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28541"
    },
    {
      "name": "CVE-2023-26083",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26083"
    },
    {
      "name": "CVE-2023-21672",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21672"
    },
    {
      "name": "CVE-2023-21639",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21639"
    },
    {
      "name": "CVE-2023-21635",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21635"
    },
    {
      "name": "CVE-2023-21262",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21262"
    },
    {
      "name": "CVE-2023-20755",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-20755"
    },
    {
      "name": "CVE-2023-21641",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21641"
    },
    {
      "name": "CVE-2023-21261",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21261"
    },
    {
      "name": "CVE-2023-21239",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21239"
    },
    {
      "name": "CVE-2023-21240",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21240"
    },
    {
      "name": "CVE-2023-21633",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21633"
    },
    {
      "name": "CVE-2023-21251",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21251"
    },
    {
      "name": "CVE-2023-21238",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21238"
    },
    {
      "name": "CVE-2021-0948",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0948"
    },
    {
      "name": "CVE-2022-28350",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28350"
    },
    {
      "name": "CVE-2023-20910",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-20910"
    },
    {
      "name": "CVE-2023-21255",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21255"
    },
    {
      "name": "CVE-2023-22387",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22387"
    },
    {
      "name": "CVE-2023-21257",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21257"
    },
    {
      "name": "CVE-2023-28147",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28147"
    },
    {
      "name": "CVE-2023-25012",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25012"
    },
    {
      "name": "CVE-2023-21241",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21241"
    },
    {
      "name": "CVE-2023-21250",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21250"
    },
    {
      "name": "CVE-2023-21638",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21638"
    },
    {
      "name": "CVE-2023-21399",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21399"
    },
    {
      "name": "CVE-2023-21640",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21640"
    },
    {
      "name": "CVE-2023-20918",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-20918"
    },
    {
      "name": "CVE-2023-21246",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21246"
    },
    {
      "name": "CVE-2023-20942",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-20942"
    },
    {
      "name": "CVE-2023-21248",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21248"
    },
    {
      "name": "CVE-2023-35691",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-35691"
    },
    {
      "name": "CVE-2023-21629",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21629"
    },
    {
      "name": "CVE-2023-21087",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21087"
    },
    {
      "name": "CVE-2023-21631",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21631"
    },
    {
      "name": "CVE-2023-35694",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-35694"
    },
    {
      "name": "CVE-2023-21243",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21243"
    },
    {
      "name": "CVE-2023-21254",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21254"
    },
    {
      "name": "CVE-2023-35692",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-35692"
    },
    {
      "name": "CVE-2023-2136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2136"
    },
    {
      "name": "CVE-2023-24854",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24854"
    },
    {
      "name": "CVE-2023-21256",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21256"
    },
    {
      "name": "CVE-2023-28542",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28542"
    },
    {
      "name": "CVE-2023-21249",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21249"
    }
  ],
  "initial_release_date": "2023-07-07T00:00:00",
  "last_revision_date": "2023-07-07T00:00:00",
  "links": [],
  "reference": "CERTFR-2023-AVI-0516",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-07-07T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Google Android et\nGoogle Pixel. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une\nex\u00e9cution de code arbitraire \u00e0 distance et un d\u00e9ni de service.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Android",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Android Pixel du 05 juillet 2023",
      "url": "https://source.android.com/docs/security/bulletin/pixel/2023-07-01?hl=fr"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Android du 05 juillet 2023",
      "url": "https://source.android.com/docs/security/bulletin/2023-07-01?hl=fr"
    }
  ]
}

CERTFR-2023-AVI-0329

Vulnerability from certfr_avis

Une vulnérabilité a été découverte dans Microsoft Edge. Elle permet à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Microsoft	Edge	Microsoft Edge versions antérieures à 112.0.1722.54 (pour les systèmes Linux, macOS et Android)

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft CVE-2023-2136 du 19 avril 2023	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2023-2136 du 19 avril 2023	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Edge versions ant\u00e9rieures \u00e0 112.0.1722.54 (pour les syst\u00e8mes Linux, macOS et Android)",
      "product": {
        "name": "Edge",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-2136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2136"
    }
  ],
  "initial_release_date": "2023-04-20T00:00:00",
  "last_revision_date": "2023-04-20T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft\u00a0CVE-2023-2136 du 19 avril 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2136"
    }
  ],
  "reference": "CERTFR-2023-AVI-0329",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-04-20T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Microsoft Edge. Elle permet \u00e0 un\nattaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par\nl\u0027\u00e9diteur.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Microsoft Edge",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-2136 du 19 avril 2023",
      "url": null
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2023-2136 (GCVE-0-2023-2136)

Vulnerability from cvelistv5

CISA Known Exploited Vulnerability

Data from the CISA Known Exploited Vulnerabilities Catalog

CERTFR-2023-AVI-0324

Vulnerability from certfr_avis

Solution

CERTFR-2024-AVI-0209

Vulnerability from certfr_avis

Solution

CERTFR-2023-AVI-0516

Vulnerability from certfr_avis

Solution

CERTFR-2023-AVI-0329

Vulnerability from certfr_avis

Solution

Tags

Sightings

Nomenclature