Lucene search

K

Goolytics – Simple Google Analytics Security Vulnerabilities

debiancve
debiancve

CVE-2024-6290

Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...

7.1AI Score

0.0004EPSS

2024-06-24 10:15 PM
1
osv
osv

CVE-2024-6293

Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...

7.2AI Score

0.0004EPSS

2024-06-24 10:15 PM
cve
cve

CVE-2024-6292

Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...

7.1AI Score

0.0004EPSS

2024-06-24 10:15 PM
11
debiancve
debiancve

CVE-2024-6293

Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...

7.1AI Score

0.0004EPSS

2024-06-24 10:15 PM
nvd
nvd

CVE-2024-6290

Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...

0.0004EPSS

2024-06-24 10:15 PM
21
cve
cve

CVE-2024-6293

Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...

7.1AI Score

0.0004EPSS

2024-06-24 10:15 PM
20
osv
osv

CVE-2024-6290

Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...

7.2AI Score

0.0004EPSS

2024-06-24 10:15 PM
osv
osv

CVE-2024-6291

Use after free in Swiftshader in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...

7.2AI Score

0.0004EPSS

2024-06-24 10:15 PM
osv
osv

CVE-2024-6292

Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...

7.2AI Score

0.0004EPSS

2024-06-24 10:15 PM
cvelist
cvelist

CVE-2024-6293

Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...

0.0004EPSS

2024-06-24 09:46 PM
3
cvelist
cvelist

CVE-2024-6292

Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...

0.0004EPSS

2024-06-24 09:46 PM
8
cvelist
cvelist

CVE-2024-6291

Use after free in Swiftshader in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...

0.0004EPSS

2024-06-24 09:46 PM
5
cvelist
cvelist

CVE-2024-6290

Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...

0.0004EPSS

2024-06-24 09:46 PM
7
osv
osv

Improper Restriction of XML External Entity Reference in org.cyclonedx:cyclonedx-core-java

Impact Before deserializing CycloneDX Bill of Materials in XML format, cyclonedx-core-java leverages XPath expressions to determine the schema version of the BOM. The DocumentBuilderFactory used to evaluate XPath expressions was not configured securely, making the library vulnerable to XML...

7.3AI Score

EPSS

2024-06-24 08:44 PM
osv
osv

go-retryablehttp can leak basic auth credentials to log files

go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp...

6CVSS

6.9AI Score

0.0004EPSS

2024-06-24 06:31 PM
osv
osv

CVE-2023-49793

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Zip files uploaded to the server endpoint of CodeChecker store are not properly sanitized. An attacker, using a path traversal attack, can load and display files on the machine of....

6.5CVSS

6.7AI Score

0.0004EPSS

2024-06-24 06:15 PM
osv
osv

XWiki programming rights may be inherited by inclusion

Impact The content of a document included using {{include reference="targetdocument"/}} is executed with the right of the includer and not with the right of its author. This means that any user able to modify the target document can impersonate the author of the content which used the include...

9.9CVSS

7AI Score

0.0004EPSS

2024-06-24 06:00 PM
2
osv
osv

CVE-2024-38373

FreeRTOS-Plus-TCP is a lightweight TCP/IP stack for FreeRTOS. FreeRTOS-Plus-TCP versions 4.0.0 through 4.1.0 contain a buffer over-read issue in the DNS Response Parser when parsing domain names in a DNS response. A carefully crafted DNS response with domain name length value greater than the...

9.6CVSS

7.1AI Score

0.0004EPSS

2024-06-24 05:15 PM
osv
osv

CodeChecker has a Path traversal in `CodeChecker server` in the endpoint of `CodeChecker store`

Summary ZIP files uploaded to the server-side endpoint handling a CodeChecker store are not properly sanitized. An attacker can exercise a path traversal to make the CodeChecker server load and display files from an arbitrary location on the server machine. Details Target The vulnerable endpoint...

6.5CVSS

6.7AI Score

0.0004EPSS

2024-06-24 04:18 PM
1
osv
osv

CVE-2024-6287

Incorrect Calculation vulnerability in Renesas arm-trusted-firmware allows Local Execution of Code. When checking whether a new image invades/overlaps with a previously loaded image the code neglects to consider a few cases. that could An attacker to bypass memory range restriction and overwrite...

7.5CVSS

7.7AI Score

0.0004EPSS

2024-06-24 04:15 PM
osv
osv

CVE-2024-6285

Integer Underflow (Wrap or Wraparound) vulnerability in Renesas arm-trusted-firmware. An integer underflow in image range check calculations could lead to bypassing address restrictions and loading of images to unallowed...

7.5CVSS

7.1AI Score

0.0004EPSS

2024-06-24 04:15 PM
thn
thn

Google Introduces Project Naptime for AI-Powered Vulnerability Research

Google has developed a new framework called Project Naptime that it says enables a large language model (LLM) to carry out vulnerability research with an aim to improve automated discovery approaches. "The Naptime architecture is centered around the interaction between an AI agent and a target...

8.3AI Score

2024-06-24 03:03 PM
17
osv
osv

CGA-xmgp-mf9v-pph8

Bulletin has no...

3.1CVSS

6.8AI Score

0.0004EPSS

2024-06-24 02:34 PM
osv
osv

CGA-xvq7-x2jj-6hg4

Bulletin has no...

4.3CVSS

6.8AI Score

0.0004EPSS

2024-06-24 02:34 PM
osv
osv

CGA-pghq-vx89-mr76

Bulletin has no...

4.3CVSS

6.8AI Score

0.0004EPSS

2024-06-24 02:34 PM
osv
osv

CGA-xjf7-9r4q-527v

Bulletin has no...

4.3CVSS

6.7AI Score

0.0005EPSS

2024-06-24 02:34 PM
osv
osv

CGA-jv46-743h-vh36

Bulletin has no...

5.3CVSS

6.8AI Score

0.0005EPSS

2024-06-24 02:34 PM
osv
osv

CGA-hhh7-pj87-q6qw

Bulletin has no...

4.3CVSS

6.8AI Score

0.0004EPSS

2024-06-24 02:34 PM
osv
osv

CGA-qph9-jhh7-458r

Bulletin has no...

4.3CVSS

6.8AI Score

0.0004EPSS

2024-06-24 02:34 PM
osv
osv

CGA-wm9x-r8p7-p6qr

Bulletin has no...

5.3CVSS

6.8AI Score

0.0005EPSS

2024-06-24 02:34 PM
osv
osv

CGA-jhcr-g7wj-9vq2

Bulletin has no...

4.3CVSS

6.8AI Score

0.0004EPSS

2024-06-24 02:34 PM
osv
osv

CGA-pcxv-43r4-92mm

Bulletin has no...

6.1CVSS

6.8AI Score

0.0005EPSS

2024-06-24 02:34 PM
1
osv
osv

CGA-9c85-rg9h-4w8m

Bulletin has no...

4.3CVSS

6.8AI Score

0.0004EPSS

2024-06-24 02:34 PM
1
osv
osv

CGA-f35m-rxrc-jf4f

Bulletin has no...

7.5CVSS

6.8AI Score

0.0005EPSS

2024-06-24 02:34 PM
osv
osv

CGA-hxgx-rg66-hvqr

Bulletin has no...

4.3CVSS

6.8AI Score

0.0004EPSS

2024-06-24 02:34 PM
osv
osv

CGA-w76m-mrwf-j7rf

Bulletin has no...

3.1CVSS

6.8AI Score

0.0004EPSS

2024-06-24 02:34 PM
osv
osv

CGA-x56p-7vj3-wq3q

Bulletin has no...

4.3CVSS

6.8AI Score

0.0004EPSS

2024-06-24 02:34 PM
osv
osv

CGA-gvhx-fgcw-f546

Bulletin has no...

4.3CVSS

6.8AI Score

0.0004EPSS

2024-06-24 02:34 PM
1
osv
osv

CGA-4m9j-264v-7mr3

Bulletin has no...

4.3CVSS

6.8AI Score

0.0004EPSS

2024-06-24 02:34 PM
osv
osv

CGA-rmv6-gv8r-23fq

Bulletin has no...

6.1CVSS

6.8AI Score

0.0005EPSS

2024-06-24 02:34 PM
osv
osv

CGA-jmr7-jr2v-rjcq

Bulletin has no...

2.6CVSS

6.8AI Score

0.0004EPSS

2024-06-24 02:34 PM
osv
osv

CGA-25vp-ggq8-49x6

Bulletin has no...

4.3CVSS

6.8AI Score

0.0004EPSS

2024-06-24 02:34 PM
osv
osv

CGA-cp3f-8rch-xvmv

Bulletin has no...

3.1CVSS

6.8AI Score

0.0004EPSS

2024-06-24 02:34 PM
osv
osv

CGA-34mp-wg56-2ph9

Bulletin has no...

7.5CVSS

6.8AI Score

0.0005EPSS

2024-06-24 02:34 PM
osv
osv

CGA-g7w9-f9fj-j6gv

Bulletin has no...

5.4CVSS

6.8AI Score

0.0004EPSS

2024-06-24 02:34 PM
osv
osv

CGA-3xf3-vx56-c5h8

Bulletin has no...

4.3CVSS

6.8AI Score

0.0004EPSS

2024-06-24 02:34 PM
osv
osv

CGA-f9x4-gc5p-g8jr

Bulletin has no...

4.3CVSS

6.8AI Score

0.0004EPSS

2024-06-24 02:34 PM
osv
osv

CGA-cq5p-922f-8wjg

Bulletin has no...

9.8CVSS

6.8AI Score

0.001EPSS

2024-06-24 02:34 PM
osv
osv

CGA-28fj-7rmv-xw55

Bulletin has no...

4.3CVSS

6.8AI Score

0.0004EPSS

2024-06-24 02:34 PM
osv
osv

Malicious code in kami-richtext (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (9634fe3bee06c80f43ca27ad558c4834386dc1bb31779583c7911b679f550bff) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI Score

2024-06-24 11:50 AM
Total number of security vulnerabilities304786