Goolytics – Simple Google Analytics Security Vulnerabilities
Chromium: CVE-2024-5837 Type Confusion in V8
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more...
6.7AI Score
0.0004EPSS
Chromium: CVE-2024-5832 Use after free in Dawn
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more...
6.7AI Score
0.0004EPSS
Chromium: CVE-2024-5842 Use after free in Browser UI
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more...
6.7AI Score
0.0004EPSS
Chromium: CVE-2024-5839 Inappropriate Implementation in Memory Allocator
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more...
6.7AI Score
0.0004EPSS
Chromium: CVE-2024-5844 Heap buffer overflow in Tab Strip
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more...
6.7AI Score
0.0004EPSS
Chromium: CVE-2024-5836 Inappropriate Implementation in DevTools
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more...
6.7AI Score
0.0004EPSS
Malicious code in elasticsearch-client-specification (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (135b81ee4c5cd6816ab6d993d70f307d56438812d60a3364b38638cc80b4ce68) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
Malicious code in djangosnippets.org (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (c166a453b773becdea05dfd92ed988141528a96f6dc77e8435f871c68c0d3f1b) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
New Cross-Platform Malware 'Noodle RAT' Targets Windows and Linux Systems
A previously undocumented cross-platform malware codenamed Noodle RAT has been put to use by Chinese-speaking threat actors either for espionage or cybercrime for years. While this backdoor was previously categorized as a variant of Gh0st RAT and Rekoobe, Trend Micro security researcher Hara...
8.2AI Score
summernote is vulnerable to Cross Site Scripting (XSS). The vulnerability is due to insufficient input validation and sanitization of user-provided content, allowing malicious scripts to be executed within the context of the application when viewed in code...
6.2AI Score
0.0004EPSS
Malicious code in legacyreact-aws-s3-typescript (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (60942b87c6d2334d09d059276cc2d838002e2e0f5093e53fc6819e1972e02282) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
6.3AI Score
0.0004EPSS
6.3AI Score
0.0004EPSS
7.2AI Score
[SECURITY] Fedora 39 Update: php-8.2.20-1.fc39
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...
9.8CVSS
7.3AI Score
0.973EPSS
Malicious code in dependences (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (01937c3da9bea8e85a1f2b11953989f03d30855db63d1feaca17c660227a83c5) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
Malicious code in @yashorg/frontend-logger (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (ff07f4f96c73a58bf8e1069d844465549fbe1c2a9dd169ef994b1124c5a143e3) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69497 Crash type: Heap-buffer-overflow WRITE 1 Crash state: ArduinoJson::V704HB22::detail::MsgPackDeserializer<ArduinoJson::V704HB22::detail ArduinoJson::V704HB22::DeserializationError::Code ArduinoJson::V704HB22::detail:...
7.2AI Score
Use after free in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Notes Author| Note ---|--- alexmurray | The Debian chromium source package is called chromium-browser in...
7.5AI Score
0.0004EPSS
Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) Notes Author| Note ---|--- alexmurray | The Debian chromium source package is called...
6.8AI Score
0.0004EPSS
Inappropriate Implementation in Memory Allocator in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Notes Author| Note ---|--- alexmurray | The Debian chromium source package is...
6.6AI Score
0.0004EPSS
Driving forward in Android drivers
Posted by Seth Jenkins, Google Project Zero Introduction Android's open-source ecosystem has led to an incredible diversity of manufacturers and vendors developing software that runs on a broad variety of hardware. This hardware requires supporting drivers, meaning that many different codebases...
7.8CVSS
7.5AI Score
0.001EPSS
Use after free in PDFium in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium) Notes Author| Note ---|--- alexmurray | The Debian chromium source package is called chromium-browser in...
7.5AI Score
0.0004EPSS
Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) Notes Author| Note ---|--- alexmurray | The Debian chromium source package is called chromium-browser in Ubuntu.....
6.9AI Score
0.0004EPSS
Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) Notes Author| Note ---|--- alexmurray | The Debian chromium source package is called chromium-browser in...
6.9AI Score
0.0004EPSS
Microsoft Edge (Chromium) < 126.0.2592.56 Multiple Vulnerabilities
The version of Microsoft Edge installed on the remote Windows host is prior to 126.0.2592.56. It is, therefore, affected by multiple vulnerabilities as referenced in the June 13, 2024 advisory. Microsoft Edge (Chromium-based) Spoofing Vulnerability (CVE-2024-30058, CVE-2024-38083) Type...
5.4CVSS
8.4AI Score
0.0005EPSS
Use after free in Browser UI in Google Chrome prior to 126.0.6478.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium) Notes Author| Note ---|--- alexmurray | The...
7.3AI Score
0.0004EPSS
Inappropriate implementation in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) Notes Author| Note ---|--- alexmurray | The Debian chromium source package is called chromium-browser in...
7.7AI Score
0.0004EPSS
Use after free in Audio in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium) Notes Author| Note ---|--- alexmurray | The Debian chromium source package is called chromium-browser in...
7.5AI Score
0.0004EPSS
Inappropriate implementation in Downloads in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to obfuscate security UI via a malicious file. (Chromium security severity: Medium) Notes Author| Note ---|--- alexmurray | The Debian chromium source package is called chromium-browser in...
6.8AI Score
0.0004EPSS
Policy bypass in CORS in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Medium) Notes Author| Note ---|--- alexmurray | The Debian chromium source package is called chromium-browser in...
6.7AI Score
0.0004EPSS
Heap buffer overflow in Tab Strip in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium) Notes Author| Note ---|--- alexmurray | The Debian chromium source package is called...
7.5AI Score
0.0004EPSS
6.6AI Score
0.0004EPSS
Use after free in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Notes Author| Note ---|--- alexmurray | The Debian chromium source package is called chromium-browser in...
7.5AI Score
0.0004EPSS
Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) Notes Author| Note ---|--- alexmurray | The Debian chromium source package is called...
6.8AI Score
0.0004EPSS
4.4CVSS
7.2AI Score
0.0004EPSS
VSCode ipynb Remote Code Execution Exploit
VSCode when opening a Jupyter notebook (.ipynb) file bypasses the trust model. On versions v1.4.0 through v1.71.1, its possible for the Jupyter notebook to embed HTML and javascript, which can then open new terminal windows within VSCode. Each of these new windows can then execute arbitrary code...
7.8CVSS
7.6AI Score
0.44EPSS
Use after free in PDFium in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium) Notes Author| Note ---|--- alexmurray | The Debian chromium source package is called chromium-browser in...
7.5AI Score
0.0004EPSS
Inappropriate Implementation in DevTools in Google Chrome prior to 126.0.6478.54 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: High) Notes Author| Note ---|--- alexmurray | The Debian....
7.8AI Score
0.0004EPSS
A Bootiful Podcast: Abdel Sghiouar, Cloud Native Developer Advocate at Google
Hi, Spring fans! Abdel Sghiouar is a senior Cloud Native Developer Advocate at Google, a co-host of the Kubernetes Podcast by Google and a CNCF Ambassador, and it was my pleasure to sit down with him at the amazing Spring IO event in Barcelona and catch up on all things Kubernetes and...
7.1AI Score
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:2008-1)
The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2008-1 advisory. The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes. The following security bugs were...
9.8CVSS
8.8AI Score
EPSS
Heap buffer overflow in Tab Groups in Google Chrome prior to 126.0.6478.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Notes Author| Note ---|--- alexmurray | The....
7.5AI Score
0.0004EPSS
Use after free in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Notes Author| Note ---|--- alexmurray | The Debian chromium source package is called chromium-browser in...
7.5AI Score
0.0004EPSS
Malicious code in v2-core (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (51e0286004b6b184a7ae2c0a7110095cd51122ae1c9ccc69db8d1bfd7380dfed) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
Malicious code in exel-js (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (b6083dc24b3cdb6bfd02f5426aa373f2425aab6e9508e12255fc1e08133809bc) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
Malicious code in core-webpack (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (6b8224957c90ee66ed3cc6af4e8b300d5eb082f8368f94b725e53bbfed9ccbf2) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
Malicious code in ozonid (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (434f32feef52077406cbebac21bd52caaa41481baf68aeebb0daf1edf7783269) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
Malicious code in ozon-js (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (e6a05e800a141f7c456358b5d20b4e3cebc65f9d0229d0024fae5b1e51ed1e51) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5.1 before 16.10.7, all versions starting from 16.11 before 16.111.4, all versions starting from 17.0 before 17.0.2. When viewing an XML file in a repository in raw mode, it can be made to render as...
4.4CVSS
6AI Score
0.0004EPSS
7.2AI Score