{ "Definition": [ { "ID": "oval:org.altlinux.errata:def:20234766", "Version": "oval:org.altlinux.errata:def:20234766", "Class": "patch", "Metadata": { "Title": "ALT-PU-2023-4766: package `yandex-browser-stable` update to version 23.7.1.1216-alt1", "AffectedList": [ { "Family": "unix", "Platforms": [ "ALT Linux branch c10f1" ], "Products": [ "ALT SP Workstation", "ALT SP Server" ] } ], "References": [ { "RefID": "ALT-PU-2023-4766", "RefURL": "https://errata.altlinux.org/ALT-PU-2023-4766", "Source": "ALTPU" }, { "RefID": "BDU:2023-02350", "RefURL": "https://bdu.fstec.ru/vul/2023-02350", "Source": "BDU" }, { "RefID": "BDU:2023-02367", "RefURL": "https://bdu.fstec.ru/vul/2023-02367", "Source": "BDU" }, { "RefID": "BDU:2023-02380", "RefURL": "https://bdu.fstec.ru/vul/2023-02380", "Source": "BDU" }, { "RefID": "BDU:2023-02383", "RefURL": "https://bdu.fstec.ru/vul/2023-02383", "Source": "BDU" }, { "RefID": "BDU:2023-02384", "RefURL": "https://bdu.fstec.ru/vul/2023-02384", "Source": "BDU" }, { "RefID": "BDU:2023-02385", "RefURL": "https://bdu.fstec.ru/vul/2023-02385", "Source": "BDU" }, { "RefID": "BDU:2023-02386", "RefURL": "https://bdu.fstec.ru/vul/2023-02386", "Source": "BDU" }, { "RefID": "BDU:2023-02387", "RefURL": "https://bdu.fstec.ru/vul/2023-02387", "Source": "BDU" }, { "RefID": "BDU:2023-02388", "RefURL": "https://bdu.fstec.ru/vul/2023-02388", "Source": "BDU" }, { "RefID": "BDU:2023-02389", "RefURL": "https://bdu.fstec.ru/vul/2023-02389", "Source": "BDU" }, { "RefID": "BDU:2023-02623", "RefURL": "https://bdu.fstec.ru/vul/2023-02623", "Source": "BDU" }, { "RefID": "BDU:2023-02929", "RefURL": "https://bdu.fstec.ru/vul/2023-02929", "Source": "BDU" }, { "RefID": "BDU:2023-02930", "RefURL": "https://bdu.fstec.ru/vul/2023-02930", "Source": "BDU" }, { "RefID": "BDU:2023-02955", "RefURL": "https://bdu.fstec.ru/vul/2023-02955", "Source": "BDU" }, { "RefID": "BDU:2023-03080", "RefURL": "https://bdu.fstec.ru/vul/2023-03080", "Source": "BDU" }, { "RefID": "BDU:2023-03442", "RefURL": "https://bdu.fstec.ru/vul/2023-03442", "Source": "BDU" }, { "RefID": "BDU:2023-03544", "RefURL": "https://bdu.fstec.ru/vul/2023-03544", "Source": "BDU" }, { "RefID": "BDU:2023-03553", "RefURL": "https://bdu.fstec.ru/vul/2023-03553", "Source": "BDU" }, { "RefID": "BDU:2023-03628", "RefURL": "https://bdu.fstec.ru/vul/2023-03628", "Source": "BDU" }, { "RefID": "BDU:2023-03732", "RefURL": "https://bdu.fstec.ru/vul/2023-03732", "Source": "BDU" }, { "RefID": "BDU:2023-03733", "RefURL": "https://bdu.fstec.ru/vul/2023-03733", "Source": "BDU" }, { "RefID": "BDU:2023-03804", "RefURL": "https://bdu.fstec.ru/vul/2023-03804", "Source": "BDU" }, { "RefID": "BDU:2023-03805", "RefURL": "https://bdu.fstec.ru/vul/2023-03805", "Source": "BDU" }, { "RefID": "BDU:2023-03902", "RefURL": "https://bdu.fstec.ru/vul/2023-03902", "Source": "BDU" }, { "RefID": "BDU:2023-03903", "RefURL": "https://bdu.fstec.ru/vul/2023-03903", "Source": "BDU" }, { "RefID": "BDU:2023-03905", "RefURL": "https://bdu.fstec.ru/vul/2023-03905", "Source": "BDU" }, { "RefID": "BDU:2023-03908", "RefURL": "https://bdu.fstec.ru/vul/2023-03908", "Source": "BDU" }, { "RefID": "BDU:2023-03909", "RefURL": "https://bdu.fstec.ru/vul/2023-03909", "Source": "BDU" }, { "RefID": "BDU:2023-03915", "RefURL": "https://bdu.fstec.ru/vul/2023-03915", "Source": "BDU" }, { "RefID": "BDU:2023-04050", "RefURL": "https://bdu.fstec.ru/vul/2023-04050", "Source": "BDU" }, { "RefID": "CVE-2023-2459", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-2459", "Source": "CVE" }, { "RefID": "CVE-2023-2460", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-2460", "Source": "CVE" }, { "RefID": "CVE-2023-2461", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-2461", "Source": "CVE" }, { "RefID": "CVE-2023-2462", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-2462", "Source": "CVE" }, { "RefID": "CVE-2023-2463", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-2463", "Source": "CVE" }, { "RefID": "CVE-2023-2464", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-2464", "Source": "CVE" }, { "RefID": "CVE-2023-2465", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-2465", "Source": "CVE" }, { "RefID": "CVE-2023-2466", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-2466", "Source": "CVE" }, { "RefID": "CVE-2023-2467", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-2467", "Source": "CVE" }, { "RefID": "CVE-2023-2468", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-2468", "Source": "CVE" }, { "RefID": "CVE-2023-2721", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-2721", "Source": "CVE" }, { "RefID": "CVE-2023-2722", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-2722", "Source": "CVE" }, { "RefID": "CVE-2023-2723", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-2723", "Source": "CVE" }, { "RefID": "CVE-2023-2724", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-2724", "Source": "CVE" }, { "RefID": "CVE-2023-2725", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-2725", "Source": "CVE" }, { "RefID": "CVE-2023-2726", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-2726", "Source": "CVE" }, { "RefID": "CVE-2023-2929", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-2929", "Source": "CVE" }, { "RefID": "CVE-2023-2930", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-2930", "Source": "CVE" }, { "RefID": "CVE-2023-2931", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-2931", "Source": "CVE" }, { "RefID": "CVE-2023-2932", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-2932", "Source": "CVE" }, { "RefID": "CVE-2023-2933", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-2933", "Source": "CVE" }, { "RefID": "CVE-2023-2934", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-2934", "Source": "CVE" }, { "RefID": "CVE-2023-2935", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-2935", "Source": "CVE" }, { "RefID": "CVE-2023-2936", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-2936", "Source": "CVE" }, { "RefID": "CVE-2023-2937", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-2937", "Source": "CVE" }, { "RefID": "CVE-2023-2938", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-2938", "Source": "CVE" }, { "RefID": "CVE-2023-2939", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-2939", "Source": "CVE" }, { "RefID": "CVE-2023-2940", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-2940", "Source": "CVE" }, { "RefID": "CVE-2023-2941", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-2941", "Source": "CVE" }, { "RefID": "CVE-2023-3079", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-3079", "Source": "CVE" }, { "RefID": "CVE-2023-3420", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-3420", "Source": "CVE" }, { "RefID": "CVE-2023-3421", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-3421", "Source": "CVE" }, { "RefID": "CVE-2023-3422", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-3422", "Source": "CVE" }, { "RefID": "CVE-2023-3598", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-3598", "Source": "CVE" } ], "Description": "This update upgrades yandex-browser-stable to version 23.7.1.1216-alt1. \nSecurity Fix(es):\n\n * BDU:2023-02350: Уязвимость реализации полноэкранного режима (Full Screen Mode) браузера Google Chrome, позволяющая нарушителю скрыть содержимое адресной строки Omnibox\n\n * BDU:2023-02367: Уязвимость реализации механизма CORS (Cross-Origin Resource Sharing) браузера Google Chrome, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации\n\n * BDU:2023-02380: Уязвимость расширений браузера Google Chrome, позволяющая нарушителю обойти ограничения безопасности и получить несанкционированный доступ к защищаемой информации\n\n * BDU:2023-02383: Уязвимость технологии Picture-in-Picture (PiP) браузера Google Chrome, позволяющая нарушителю проводить фишинг-атаки\n\n * BDU:2023-02384: Уязвимость компонента Prompts браузера Google Chrome операционных систем Android, позволяющая нарушителю обойти ограничения безопасности\n\n * BDU:2023-02385: Уязвимость компонента Prompts браузера Google Chrome, позволяющая нарушителю проводить фишинг-атаки\n\n * BDU:2023-02386: Уязвимость технологии Picture-in-Picture (PiP) браузера Google Chrome, позволяющая нарушителю проводить спуфинг-атаки\n\n * BDU:2023-02387: Уязвимость компонента Prompts браузера Google Chrome, позволяющая нарушителю проводить фишинг-атаки\n\n * BDU:2023-02388: Уязвимость расширения Google Input Tools Chrome OS браузера Google Chrome, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2023-02389: Уязвимость компонента Prompts браузера Google Chrome, позволяющая нарушителю обойти ограничения безопасности\n\n * BDU:2023-02623: Уязвимость функции Navigation браузера Google Chrome, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2023-02929: Уязвимость интерфейса автозаполнения Autofill браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2023-02930: Уязвимость режима Guest View браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2023-02955: Уязвимость библиотеки SwiftShader веб-браузера Google Chrome, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2023-03080: Уязвимость обработчика JavaScript-сценариев V8 браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2023-03442: Уязвимость обработчика JavaScript-сценариев V8 браузера Google Chrome, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2023-03544: Уязвимость компонента WebApp Installs браузера Google Chrome, позволяющая нарушителю обойти ограничения безопасности\n\n * BDU:2023-03553: Уязвимость компонента Media браузера Google Chrome, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2023-03628: Уязвимость компонента Guest View браузера Google Chrome, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2023-03732: Уязвимость компонента Extensions API браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю установить произвольное расширение\n\n * BDU:2023-03733: Уязвимость установщика браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю повысить свои привилегии\n\n * BDU:2023-03804: Уязвимость обработчика JavaScript-сценариев V8 браузера Google Chrome, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2023-03805: Уязвимость набора инструментов для веб-разработки DevTools веб-браузера Google Chrome, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * BDU:2023-03902: Уязвимость обработчика JavaScript-сценариев V8 браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код\n\n * BDU:2023-03903: Уязвимость IPC-библиотеки Mojo браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код\n\n * BDU:2023-03905: Уязвимость обработчика JavaScript-сценариев V8 браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код\n\n * BDU:2023-03908: Уязвимость технологии Picture In Picture браузера Google Chrome, позволяющая нарушителю проводить фишинг-атаки\n\n * BDU:2023-03909: Уязвимость обработчика PDF-содержимого браузера Google Chrome, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2023-03915: Уязвимость технологии Picture In Picture браузера Google Chrome, позволяющая нарушителю проводить фишинг-атаки\n\n * BDU:2023-04050: Уязвимость загрузчика браузера Google Chrome, позволяющая нарушителю обойти существующие ограничения безопасности\n\n * CVE-2023-2459: Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to bypass permission restrictions via a crafted HTML page. (Chromium security severity: Medium)\n\n * CVE-2023-2460: Insufficient validation of untrusted input in Extensions in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to bypass file access checks via a crafted HTML page. (Chromium security severity: Medium)\n\n * CVE-2023-2461: Use after free in OS Inputs in Google Chrome on ChromeOS prior to 113.0.5672.63 allowed a remote attacker who convinced a user to enage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. (Chromium security severity: Medium)\n\n * CVE-2023-2462: Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to obfuscate main origin data via a crafted HTML page. (Chromium security severity: Medium)\n\n * CVE-2023-2463: Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)\n\n * CVE-2023-2464: Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to perform an origin spoof in the security UI via a crafted HTML page. (Chromium security severity: Medium)\n\n * CVE-2023-2465: Inappropriate implementation in CORS in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)\n\n * CVE-2023-2466: Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to spoof the contents of the security UI via a crafted HTML page. (Chromium security severity: Low)\n\n * CVE-2023-2467: Inappropriate implementation in Prompts in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to bypass permissions restrictions via a crafted HTML page. (Chromium security severity: Low)\n\n * CVE-2023-2468: Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed a remote attacker who had compromised the renderer process to obfuscate the security UI via a crafted HTML page. (Chromium security severity: Low)\n\n * CVE-2023-2721: Use after free in Navigation in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)\n\n * CVE-2023-2722: Use after free in Autofill UI in Google Chrome on Android prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)\n\n * CVE-2023-2723: Use after free in DevTools in Google Chrome prior to 113.0.5672.126 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)\n\n * CVE-2023-2724: Type confusion in V8 in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)\n\n * CVE-2023-2725: Use after free in Guest View in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)\n\n * CVE-2023-2726: Inappropriate implementation in WebApp Installs in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious web app to bypass install dialog via a crafted HTML page. (Chromium security severity: Medium)\n\n * CVE-2023-2929: Out of bounds write in Swiftshader in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)\n\n * CVE-2023-2930: Use after free in Extensions in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)\n\n * CVE-2023-2931: Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)\n\n * CVE-2023-2932: Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)\n\n * CVE-2023-2933: Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)\n\n * CVE-2023-2934: Out of bounds memory access in Mojo in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)\n\n * CVE-2023-2935: Type Confusion in V8 in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)\n\n * CVE-2023-2936: Type Confusion in V8 in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)\n\n * CVE-2023-2937: Inappropriate implementation in Picture In Picture in Google Chrome prior to 114.0.5735.90 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)\n\n * CVE-2023-2938: Inappropriate implementation in Picture In Picture in Google Chrome prior to 114.0.5735.90 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)\n\n * CVE-2023-2939: Insufficient data validation in Installer in Google Chrome on Windows prior to 114.0.5735.90 allowed a local attacker to perform privilege escalation via crafted symbolic link. (Chromium security severity: Medium)\n\n * CVE-2023-2940: Inappropriate implementation in Downloads in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium)\n\n * CVE-2023-2941: Inappropriate implementation in Extensions API in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to spoof the contents of the UI via a crafted Chrome Extension. (Chromium security severity: Low)\n\n * CVE-2023-3079: Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)\n\n * CVE-2023-3420: Type Confusion in V8 in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)\n\n * CVE-2023-3421: Use after free in Media in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)\n\n * CVE-2023-3422: Use after free in Guest View in Google Chrome prior to 114.0.5735.198 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)\n\n * CVE-2023-3598: Out of bounds read and write in ANGLE in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)", "Advisory": { "From": "errata.altlinux.org", "Severity": "Critical", "Rights": "Copyright 2024 BaseALT Ltd.", "Issued": { "Date": "2023-08-11" }, "Updated": { "Date": "2023-08-11" }, "BDUs": [ { "ID": "BDU:2023-02350", "CVSS": "AV:N/AC:L/Au:N/C:N/I:C/A:N", "CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "CWE": "CWE-358", "Href": "https://bdu.fstec.ru/vul/2023-02350", "Impact": "Low", "Public": "20230110" }, { "ID": "BDU:2023-02367", "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "CWE": "CWE-358", "Href": "https://bdu.fstec.ru/vul/2023-02367", "Impact": "Low", "Public": "20221210" }, { "ID": "BDU:2023-02380", "CVSS": "AV:N/AC:L/Au:N/C:C/I:N/A:P", "CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L", "CWE": "CWE-20", "Href": "https://bdu.fstec.ru/vul/2023-02380", "Impact": "High", "Public": "20230227" }, { "ID": "BDU:2023-02383", "CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "CWE": "CWE-358", "Href": "https://bdu.fstec.ru/vul/2023-02383", "Impact": "Low", "Public": "20230502" }, { "ID": "BDU:2023-02384", "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "CWE": "CWE-358", "Href": "https://bdu.fstec.ru/vul/2023-02384", "Impact": "Low", "Public": "20230502" }, { "ID": "BDU:2023-02385", "CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "CWE": "CWE-358", "Href": "https://bdu.fstec.ru/vul/2023-02385", "Impact": "Low", "Public": "20230502" }, { "ID": "BDU:2023-02386", "CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "CWE": "CWE-358", "Href": "https://bdu.fstec.ru/vul/2023-02386", "Impact": "Low", "Public": "20230502" }, { "ID": "BDU:2023-02387", "CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "CWE": "CWE-358", "Href": "https://bdu.fstec.ru/vul/2023-02387", "Impact": "Low", "Public": "20230502" }, { "ID": "BDU:2023-02388", "CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "CWE": "CWE-416", "Href": "https://bdu.fstec.ru/vul/2023-02388", "Impact": "High", "Public": "20230502" }, { "ID": "BDU:2023-02389", "CVSS": "AV:N/AC:L/Au:N/C:N/I:C/A:N", "CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "CWE": "CWE-358", "Href": "https://bdu.fstec.ru/vul/2023-02389", "Impact": "Low", "Public": "20230502" }, { "ID": "BDU:2023-02623", "CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "CWE": "CWE-416", "Href": "https://bdu.fstec.ru/vul/2023-02623", "Impact": "Critical", "Public": "20230516" }, { "ID": "BDU:2023-02929", "CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "CWE": "CWE-416", "Href": "https://bdu.fstec.ru/vul/2023-02929", "Impact": "High", "Public": "20230516" }, { "ID": "BDU:2023-02930", "CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "CWE": "CWE-416", "Href": "https://bdu.fstec.ru/vul/2023-02930", "Impact": "High", "Public": "20230504" }, { "ID": "BDU:2023-02955", "CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "CWE": "CWE-787", "Href": "https://bdu.fstec.ru/vul/2023-02955", "Impact": "Critical", "Public": "20230530" }, { "ID": "BDU:2023-03080", "CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "CWE": "CWE-843", "Href": "https://bdu.fstec.ru/vul/2023-03080", "Impact": "Critical", "Public": "20230605" }, { "ID": "BDU:2023-03442", "CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "CWE": "CWE-843", "Href": "https://bdu.fstec.ru/vul/2023-03442", "Impact": "Critical", "Public": "20230626" }, { "ID": "BDU:2023-03544", "CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "CWE": "CWE-345, CWE-358", "Href": "https://bdu.fstec.ru/vul/2023-03544", "Impact": "High", "Public": "20221227" }, { "ID": "BDU:2023-03553", "CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "CWE": "CWE-416", "Href": "https://bdu.fstec.ru/vul/2023-03553", "Impact": "High", "Public": "20230626" }, { "ID": "BDU:2023-03628", "CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "CWE": "CWE-416", "Href": "https://bdu.fstec.ru/vul/2023-03628", "Impact": "High", "Public": "20230626" }, { "ID": "BDU:2023-03732", "CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "CWE": "CWE-20, CWE-59", "Href": "https://bdu.fstec.ru/vul/2023-03732", "Impact": "Low", "Public": "20230602" }, { "ID": "BDU:2023-03733", "CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "CVSS3": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "CWE": "CWE-20, CWE-59", "Href": "https://bdu.fstec.ru/vul/2023-03733", "Impact": "High", "Public": "20230602" }, { "ID": "BDU:2023-03804", "CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "CWE": "CWE-843", "Href": "https://bdu.fstec.ru/vul/2023-03804", "Impact": "High", "Public": "20230516" }, { "ID": "BDU:2023-03805", "CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "CWE": "CWE-416", "Href": "https://bdu.fstec.ru/vul/2023-03805", "Impact": "High", "Public": "20230516" }, { "ID": "BDU:2023-03902", "CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "CWE": "CWE-843", "Href": "https://bdu.fstec.ru/vul/2023-03902", "Impact": "High", "Public": "20230530" }, { "ID": "BDU:2023-03903", "CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "CWE": "CWE-787", "Href": "https://bdu.fstec.ru/vul/2023-03903", "Impact": "High", "Public": "20230530" }, { "ID": "BDU:2023-03905", "CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "CWE": "CWE-843", "Href": "https://bdu.fstec.ru/vul/2023-03905", "Impact": "High", "Public": "20230530" }, { "ID": "BDU:2023-03908", "CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "CWE": "CWE-358", "Href": "https://bdu.fstec.ru/vul/2023-03908", "Impact": "Low", "Public": "20230530" }, { "ID": "BDU:2023-03909", "CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "CWE": "CWE-416", "Href": "https://bdu.fstec.ru/vul/2023-03909", "Impact": "High", "Public": "20230530" }, { "ID": "BDU:2023-03915", "CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "CWE": "CWE-358", "Href": "https://bdu.fstec.ru/vul/2023-03915", "Impact": "Low", "Public": "20230530" }, { "ID": "BDU:2023-04050", "CVSS": "AV:N/AC:L/Au:N/C:N/I:C/A:N", "CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "CWE": "CWE-358", "Href": "https://bdu.fstec.ru/vul/2023-04050", "Impact": "Low", "Public": "20230530" } ], "CVEs": [ { "ID": "CVE-2023-2459", "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "CWE": "NVD-CWE-noinfo", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-2459", "Impact": "Low", "Public": "20230503" }, { "ID": "CVE-2023-2460", "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N", "CWE": "NVD-CWE-noinfo", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-2460", "Impact": "High", "Public": "20230503" }, { "ID": "CVE-2023-2461", "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "CWE": "CWE-416", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-2461", "Impact": "High", "Public": "20230503" }, { "ID": "CVE-2023-2462", "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "CWE": "NVD-CWE-noinfo", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-2462", "Impact": "Low", "Public": "20230503" }, { "ID": "CVE-2023-2463", "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "CWE": "NVD-CWE-noinfo", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-2463", "Impact": "Low", "Public": "20230503" }, { "ID": "CVE-2023-2464", "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "CWE": "NVD-CWE-noinfo", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-2464", "Impact": "Low", "Public": "20230503" }, { "ID": "CVE-2023-2465", "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "CWE": "NVD-CWE-noinfo", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-2465", "Impact": "Low", "Public": "20230503" }, { "ID": "CVE-2023-2466", "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "CWE": "NVD-CWE-noinfo", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-2466", "Impact": "Low", "Public": "20230503" }, { "ID": "CVE-2023-2467", "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "CWE": "NVD-CWE-noinfo", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-2467", "Impact": "Low", "Public": "20230503" }, { "ID": "CVE-2023-2468", "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "CWE": "NVD-CWE-noinfo", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-2468", "Impact": "Low", "Public": "20230503" }, { "ID": "CVE-2023-2721", "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "CWE": "CWE-416", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-2721", "Impact": "High", "Public": "20230516" }, { "ID": "CVE-2023-2722", "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "CWE": "CWE-416", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-2722", "Impact": "High", "Public": "20230516" }, { "ID": "CVE-2023-2723", "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "CWE": "CWE-416", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-2723", "Impact": "High", "Public": "20230516" }, { "ID": "CVE-2023-2724", "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "CWE": "CWE-843", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-2724", "Impact": "High", "Public": "20230516" }, { "ID": "CVE-2023-2725", "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "CWE": "CWE-416", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-2725", "Impact": "High", "Public": "20230516" }, { "ID": "CVE-2023-2726", "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "CWE": "NVD-CWE-noinfo", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-2726", "Impact": "High", "Public": "20230516" }, { "ID": "CVE-2023-2929", "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "CWE": "CWE-787", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-2929", "Impact": "High", "Public": "20230530" }, { "ID": "CVE-2023-2930", "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "CWE": "CWE-416", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-2930", "Impact": "High", "Public": "20230530" }, { "ID": "CVE-2023-2931", "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "CWE": "CWE-416", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-2931", "Impact": "High", "Public": "20230530" }, { "ID": "CVE-2023-2932", "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "CWE": "CWE-416", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-2932", "Impact": "High", "Public": "20230530" }, { "ID": "CVE-2023-2933", "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "CWE": "CWE-416", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-2933", "Impact": "High", "Public": "20230530" }, { "ID": "CVE-2023-2934", "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "CWE": "CWE-787", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-2934", "Impact": "High", "Public": "20230530" }, { "ID": "CVE-2023-2935", "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "CWE": "CWE-843", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-2935", "Impact": "High", "Public": "20230530" }, { "ID": "CVE-2023-2936", "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "CWE": "CWE-843", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-2936", "Impact": "High", "Public": "20230530" }, { "ID": "CVE-2023-2937", "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "CWE": "NVD-CWE-noinfo", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-2937", "Impact": "Low", "Public": "20230530" }, { "ID": "CVE-2023-2938", "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "CWE": "NVD-CWE-noinfo", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-2938", "Impact": "Low", "Public": "20230530" }, { "ID": "CVE-2023-2939", "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "CWE": "CWE-59", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-2939", "Impact": "High", "Public": "20230530" }, { "ID": "CVE-2023-2940", "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "CWE": "NVD-CWE-noinfo", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-2940", "Impact": "Low", "Public": "20230530" }, { "ID": "CVE-2023-2941", "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "CWE": "NVD-CWE-noinfo", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-2941", "Impact": "Low", "Public": "20230530" }, { "ID": "CVE-2023-3079", "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "CWE": "CWE-843", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-3079", "Impact": "High", "Public": "20230605" }, { "ID": "CVE-2023-3420", "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "CWE": "CWE-843", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-3420", "Impact": "High", "Public": "20230626" }, { "ID": "CVE-2023-3421", "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "CWE": "CWE-416", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-3421", "Impact": "High", "Public": "20230626" }, { "ID": "CVE-2023-3422", "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "CWE": "CWE-416", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-3422", "Impact": "High", "Public": "20230626" }, { "ID": "CVE-2023-3598", "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "CWE": "CWE-787", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-3598", "Impact": "High", "Public": "20230728" } ], "AffectedCPEs": { "CPEs": [ "cpe:/o:alt:spworkstation:10", "cpe:/o:alt:spserver:10" ] } } }, "Criteria": { "Operator": "AND", "Criterions": [ { "TestRef": "oval:org.altlinux.errata:tst:4001", "Comment": "ALT Linux must be installed" } ], "Criterias": [ { "Operator": "OR", "Criterions": [ { "TestRef": "oval:org.altlinux.errata:tst:20234766001", "Comment": "yandex-browser-stable is earlier than 0:23.7.1.1216-alt1" } ] } ] } } ] }