Lucene search

K

Goolytics – Simple Google Analytics Security Vulnerabilities

cvelist
cvelist

CVE-2024-5841

Use after free in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...

0.0004EPSS

2024-06-11 08:58 PM
1
cvelist
cvelist

CVE-2024-5842

Use after free in Browser UI in Google Chrome prior to 126.0.6478.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity:...

0.0004EPSS

2024-06-11 08:58 PM
vulnrichment
vulnrichment

CVE-2024-5839

Inappropriate Implementation in Memory Allocator in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...

6.5AI Score

0.0004EPSS

2024-06-11 08:58 PM
vulnrichment
vulnrichment

CVE-2024-5841

Use after free in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...

7AI Score

0.0004EPSS

2024-06-11 08:58 PM
cvelist
cvelist

CVE-2024-5839

Inappropriate Implementation in Memory Allocator in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...

0.0004EPSS

2024-06-11 08:58 PM
vulnrichment
vulnrichment

CVE-2024-5842

Use after free in Browser UI in Google Chrome prior to 126.0.6478.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity:...

6.7AI Score

0.0004EPSS

2024-06-11 08:58 PM
vulnrichment
vulnrichment

CVE-2024-5843

Inappropriate implementation in Downloads in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to obfuscate security UI via a malicious file. (Chromium security severity:...

6.2AI Score

0.0004EPSS

2024-06-11 08:58 PM
cvelist
cvelist

CVE-2024-5835

Heap buffer overflow in Tab Groups in Google Chrome prior to 126.0.6478.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...

0.0004EPSS

2024-06-11 08:58 PM
vulnrichment
vulnrichment

CVE-2024-5838

Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity:...

6.3AI Score

0.0004EPSS

2024-06-11 08:58 PM
1
cvelist
cvelist

CVE-2024-5838

Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity:...

0.0004EPSS

2024-06-11 08:58 PM
1
cvelist
cvelist

CVE-2024-5837

Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity:...

0.0004EPSS

2024-06-11 08:58 PM
2
cvelist
cvelist

CVE-2024-5836

Inappropriate Implementation in DevTools in Google Chrome prior to 126.0.6478.54 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity:...

0.0004EPSS

2024-06-11 08:58 PM
vulnrichment
vulnrichment

CVE-2024-5837

Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity:...

6.3AI Score

0.0004EPSS

2024-06-11 08:58 PM
vulnrichment
vulnrichment

CVE-2024-5835

Heap buffer overflow in Tab Groups in Google Chrome prior to 126.0.6478.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...

7.1AI Score

0.0004EPSS

2024-06-11 08:58 PM
vulnrichment
vulnrichment

CVE-2024-5831

Use after free in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...

7AI Score

0.0004EPSS

2024-06-11 08:58 PM
vulnrichment
vulnrichment

CVE-2024-5832

Use after free in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...

7AI Score

0.0004EPSS

2024-06-11 08:58 PM
1
cvelist
cvelist

CVE-2024-5832

Use after free in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...

0.0004EPSS

2024-06-11 08:58 PM
cvelist
cvelist

CVE-2024-5834

Inappropriate implementation in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity:...

0.0004EPSS

2024-06-11 08:58 PM
vulnrichment
vulnrichment

CVE-2024-5833

Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity:...

6.3AI Score

0.0004EPSS

2024-06-11 08:58 PM
cvelist
cvelist

CVE-2024-5833

Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity:...

0.0004EPSS

2024-06-11 08:58 PM
1
cvelist
cvelist

CVE-2024-5831

Use after free in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...

0.0004EPSS

2024-06-11 08:58 PM
vulnrichment
vulnrichment

CVE-2024-5834

Inappropriate implementation in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity:...

7.2AI Score

0.0004EPSS

2024-06-11 08:58 PM
cvelist
cvelist

CVE-2024-5830

Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity:...

0.0004EPSS

2024-06-11 08:58 PM
2
vulnrichment
vulnrichment

CVE-2024-5830

Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity:...

6.3AI Score

0.0004EPSS

2024-06-11 08:58 PM
osv
osv

linux-aws, linux-aws-5.15 vulnerabilities

It was discovered that the ATA over Ethernet (AoE) driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2023-6270) It was discovered that the Atheros...

8CVSS

8.2AI Score

0.0004EPSS

2024-06-11 08:53 PM
1
osv
osv

document-merge-service vulnerable to Remote Code Execution via Server-Side Template Injection

Impact What kind of vulnerability is it? Who is impacted? A remote code execution (RCE) via server-side template injection (SSTI) allows for user supplied code to be executed in the server's context where it is executed as the document-merge-server user with the UID 901 thus giving an attacker...

9.9CVSS

9.9AI Score

0.0004EPSS

2024-06-11 08:22 PM
osv
osv

Keycloak's admin API allows low privilege users to use administrative functions

Users with low privileges (just plain users in the realm) are able to utilize administrative functionalities within Keycloak admin interface. This issue presents a significant security risk as it allows unauthorized users to perform actions reserved for administrators, potentially leading to data.....

7.2AI Score

EPSS

2024-06-11 08:22 PM
6
osv
osv

linux-nvidia vulnerabilities

It was discovered that the ATA over Ethernet (AoE) driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2023-6270) It was discovered that the Atheros...

8CVSS

8AI Score

0.0004EPSS

2024-06-11 08:05 PM
1
osv
osv

Traefik has unexpected behavior with IPv4-mapped IPv6 addresses

Impact There is a vulnerability in Go managing various Is methods (IsPrivate, IsLoopback, etc) for IPv4-mapped IPv6 addresses. They didn't work as expected returning false for addresses which would return true in their traditional IPv4 forms. References CVE-2024-24790 Patches ...

7AI Score

0.0004EPSS

2024-06-11 07:29 PM
osv
osv

CVE-2024-37301

Document Merge Service is a document template merge service providing an API to manage templates and merge them with given data. Versions 6.5.1 and prior are vulnerable to remote code execution via server-side template injection which, when executed as root, can result in full takeover of the...

9.9CVSS

8.3AI Score

0.0004EPSS

2024-06-11 07:16 PM
osv
osv

Azure Storage Movement Client Library Denial of Service Vulnerability

Azure Storage Movement Client Library Denial of Service...

7.5CVSS

7.1AI Score

0.0005EPSS

2024-06-11 06:30 PM
1
osv
osv

Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability

Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege...

5.5CVSS

5.8AI Score

0.0004EPSS

2024-06-11 06:30 PM
osv
osv

CVE-2024-5851

A vulnerability classified as problematic has been found in playSMS up to 1.4.7. Affected is an unknown function of the file /index.php?app=main&inc=feature_schedule&op=list of the component SMS Schedule Handler. The manipulation of the argument name/message leads to basic cross site scripting. It....

3.5CVSS

6.6AI Score

0.0004EPSS

2024-06-11 06:15 PM
1
osv
osv

linux-intel-iotg-5.15 vulnerabilities

Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service (system crash). (CVE-2023-47233) It was....

8CVSS

8.2AI Score

EPSS

2024-06-11 05:45 PM
thn
thn

How Cynet Makes MSPs Rich & Their Clients Secure

Managed service providers (MSPs) are on the front lines of soaring demand for cybersecurity services as cyberattacks increase in volume and sophistication. Cynet has emerged as the security vendor of choice for MSPs to capitalize on existing relationships with SMB clients and profitably expand...

7.1AI Score

2024-06-11 04:10 PM
2
github
github

10 years of the GitHub Security Bug Bounty Program

Each year, we celebrate the GitHub Security Bug Bounty program, highlighting impressive bugs and researchers, rewards, live hacking events, and more. This year, we celebrate a new milestone: 10 years of the GitHub Security Bug Bounty program! While we've had some exciting growth over the last 10...

7AI Score

2024-06-11 04:00 PM
1
osv
osv

CVE-2024-37296

The Aimeos HTML client provides Aimeos HTML components for e-commerce projects. Starting in version 2020.04.1 and prior to versions 2020.10.27, 2021.10.21, 2022.10.12, 2023.10.14, and 2024.04.5, digital downloads sold in online shops can be downloaded without valid payment, e.g. if the payment...

5.3CVSS

6.9AI Score

0.0004EPSS

2024-06-11 03:16 PM
osv
osv

CVE-2024-35235

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.8 and earlier, when starting the cupsd server with a Listen configuration item pointing to a symbolic link, the cupsd process can be caused to perform an arbitrary chmod of the...

4.4CVSS

7.5AI Score

0.0004EPSS

2024-06-11 03:16 PM
1
osv
osv

libapache-mod-jk vulnerability

Karl von Randow discovered that mod_jk was vulnerable to an authentication bypass. If the configuration did not provide explicit mounts for all possible proxied requests, an attacker could possibly use this vulnerability to bypass security constraints configured in...

7.5CVSS

7.2AI Score

0.001EPSS

2024-06-11 12:37 PM
2
osv
osv

Malicious code in noblox.js-proxy-agent (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (49cb85854d6a908a38177c4a3c30ac7dd724e1f892e3fbfcb26bb3a146ad2dc7) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI Score

2024-06-11 11:47 AM
1
osv
osv

Malicious code in noblox.js-discord (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (d714a330056d61b303e703615cd667da1871ff920b7563ed5d20d42d5b68c7be) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI Score

2024-06-11 11:47 AM
schneier
schneier

LLMs Acting Deceptively

New research: "Deception abilities emerged in large language models": Abstract: Large language models (LLMs) are currently at the forefront of intertwining AI systems with human communication and everyday life. Thus, aligning them with human values is of great importance. However, given the...

7.3AI Score

2024-06-11 11:02 AM
7
malwarebytes
malwarebytes

When things go wrong: A digital sharing warning for couples

“When things go wrong” is a troubling prospect for most couples to face, but the internet—and the way that romantic partners engage both with and across it—could require that this worst-case scenario become more of a best practice. In new research that Malwarebytes will release this month,...

6.9AI Score

2024-06-11 10:55 AM
3
malwarebytes
malwarebytes

Google’s Chrome changes make life harder for ad blockers

Despite protests, Google is rolling out changes in the Chrome browser that make it harder for ad blockers to do their job. Starting last Monday, June 3, 2024, Chrome Beta, Dev, and Canary channels will see the effects of the implementation of the new extension platform Manifest V3. The gradual...

7AI Score

2024-06-11 10:45 AM
3
osv
osv

Malicious code in dell-ui-bootstrap (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (b3c479c9bdd98cd009ae28c56a47f3ef7dd2dda6d6e96abbdfc86905f79f557b) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI Score

2024-06-11 10:21 AM
osv
osv

Malicious code in bootstrap-npm-webpack (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (3fd1dc66e2c97cb20814b56fc5ff776a96f0851f09647f1cef4cfb305ec2b3a1) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI Score

2024-06-11 10:18 AM
1
thn
thn

Apple Launches Private Cloud Compute for Privacy-Centric AI Processing

Apple has announced the launch of a "groundbreaking cloud intelligence system" called Private Cloud Compute (PCC) that's designed for processing artificial intelligence (AI) tasks in a privacy-preserving manner in the cloud. The tech giant described PCC as the "most advanced security architecture.....

7.4AI Score

2024-06-11 10:10 AM
1
securelist
securelist

QR code SQL injection and other vulnerabilities in a popular biometric terminal

Biometric scanners offer a unique way to resolve the conflict between security and usability. They help to identify a person by their unique biological characteristics – a fairly reliable process that does not require the user to exert any extra effort. Yet, biometric scanners, as any other tech,.....

10CVSS

9AI Score

0.0004EPSS

2024-06-11 08:00 AM
6
osv
osv

Malicious code in asf-recorder (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (0170c1a6080f641f60e56118c5047b047d529133a2aa949043ed62e0bac90488) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI Score

2024-06-11 07:55 AM
osv
osv

Malicious code in asf-renderer (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (df408055de1ea1703a4d69234f7368c69466b2b470ce427a528fbe996a3f1e08) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI Score

2024-06-11 07:55 AM
13
Total number of security vulnerabilities303832