Lucene search

K

Goolytics – Simple Google Analytics Security Vulnerabilities

mscve
mscve

Chromium: CVE-2024-5837 Type Confusion in V8

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more...

6.7AI Score

0.0004EPSS

2024-06-13 07:00 AM
2
mscve
mscve

Chromium: CVE-2024-5832 Use after free in Dawn

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more...

6.7AI Score

0.0004EPSS

2024-06-13 07:00 AM
2
mscve
mscve

Chromium: CVE-2024-5842 Use after free in Browser UI

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more...

6.7AI Score

0.0004EPSS

2024-06-13 07:00 AM
2
mscve
mscve

Chromium: CVE-2024-5839 Inappropriate Implementation in Memory Allocator

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more...

6.7AI Score

0.0004EPSS

2024-06-13 07:00 AM
1
mscve
mscve

Chromium: CVE-2024-5844 Heap buffer overflow in Tab Strip

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more...

6.7AI Score

0.0004EPSS

2024-06-13 07:00 AM
1
mscve
mscve

Chromium: CVE-2024-5836 Inappropriate Implementation in DevTools

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more...

6.7AI Score

0.0004EPSS

2024-06-13 07:00 AM
1
osv
osv

Malicious code in elasticsearch-client-specification (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (135b81ee4c5cd6816ab6d993d70f307d56438812d60a3364b38638cc80b4ce68) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI Score

2024-06-13 06:25 AM
1
osv
osv

Malicious code in djangosnippets.org (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (c166a453b773becdea05dfd92ed988141528a96f6dc77e8435f871c68c0d3f1b) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI Score

2024-06-13 06:25 AM
thn
thn

New Cross-Platform Malware 'Noodle RAT' Targets Windows and Linux Systems

A previously undocumented cross-platform malware codenamed Noodle RAT has been put to use by Chinese-speaking threat actors either for espionage or cybercrime for years. While this backdoor was previously categorized as a variant of Gh0st RAT and Rekoobe, Trend Micro security researcher Hara...

8.2AI Score

2024-06-13 06:25 AM
1
veracode
veracode

Cross Site Scripting(XSS)

summernote is vulnerable to Cross Site Scripting (XSS). The vulnerability is due to insufficient input validation and sanitization of user-provided content, allowing malicious scripts to be executed within the context of the application when viewed in code...

6.2AI Score

0.0004EPSS

2024-06-13 05:30 AM
1
osv
osv

Malicious code in legacyreact-aws-s3-typescript (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (60942b87c6d2334d09d059276cc2d838002e2e0f5093e53fc6819e1972e02282) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI Score

2024-06-13 05:05 AM
osv
osv

CGA-r83q-r39w-2m73

Bulletin has no...

6.3AI Score

0.0004EPSS

2024-06-13 04:04 AM
2
osv
osv

CGA-58mr-f472-9h7j

Bulletin has no...

6.3AI Score

0.0004EPSS

2024-06-13 04:04 AM
1
osv
osv

CGA-35qq-v4x7-g8hr

Bulletin has no...

7.2AI Score

2024-06-13 04:04 AM
1
fedora
fedora

[SECURITY] Fedora 39 Update: php-8.2.20-1.fc39

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

9.8CVSS

7.3AI Score

0.973EPSS

2024-06-13 03:03 AM
1
osv
osv

Malicious code in dependences (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (01937c3da9bea8e85a1f2b11953989f03d30855db63d1feaca17c660227a83c5) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI Score

2024-06-13 01:43 AM
osv
osv

Malicious code in @yashorg/frontend-logger (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (ff07f4f96c73a58bf8e1069d844465549fbe1c2a9dd169ef994b1124c5a143e3) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI Score

2024-06-13 01:37 AM
osv
osv

Heap-buffer-overflow in ArduinoJson::V704HB22::detail::MsgPackDeserializer<ArduinoJson::V704HB22::detail

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69497 Crash type: Heap-buffer-overflow WRITE 1 Crash state: ArduinoJson::V704HB22::detail::MsgPackDeserializer&lt;ArduinoJson::V704HB22::detail ArduinoJson::V704HB22::DeserializationError::Code ArduinoJson::V704HB22::detail:...

7.2AI Score

2024-06-13 12:06 AM
ubuntucve
ubuntucve

CVE-2024-5832

Use after free in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Notes Author| Note ---|--- alexmurray | The Debian chromium source package is called chromium-browser in...

7.5AI Score

0.0004EPSS

2024-06-13 12:00 AM
ubuntucve
ubuntucve

CVE-2024-5837

Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) Notes Author| Note ---|--- alexmurray | The Debian chromium source package is called...

6.8AI Score

0.0004EPSS

2024-06-13 12:00 AM
ubuntucve
ubuntucve

CVE-2024-5839

Inappropriate Implementation in Memory Allocator in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Notes Author| Note ---|--- alexmurray | The Debian chromium source package is...

6.6AI Score

0.0004EPSS

2024-06-13 12:00 AM
googleprojectzero
googleprojectzero

Driving forward in Android drivers

Posted by Seth Jenkins, Google Project Zero Introduction Android's open-source ecosystem has led to an incredible diversity of manufacturers and vendors developing software that runs on a broad variety of hardware. This hardware requires supporting drivers, meaning that many different codebases...

7.8CVSS

7.5AI Score

0.001EPSS

2024-06-13 12:00 AM
1
ubuntucve
ubuntucve

CVE-2024-5847

Use after free in PDFium in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium) Notes Author| Note ---|--- alexmurray | The Debian chromium source package is called chromium-browser in...

7.5AI Score

0.0004EPSS

2024-06-13 12:00 AM
2
ubuntucve
ubuntucve

CVE-2024-5838

Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) Notes Author| Note ---|--- alexmurray | The Debian chromium source package is called chromium-browser in Ubuntu.....

6.9AI Score

0.0004EPSS

2024-06-13 12:00 AM
1
ubuntucve
ubuntucve

CVE-2024-5830

Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) Notes Author| Note ---|--- alexmurray | The Debian chromium source package is called chromium-browser in...

6.9AI Score

0.0004EPSS

2024-06-13 12:00 AM
1
nessus
nessus

Microsoft Edge (Chromium) < 126.0.2592.56 Multiple Vulnerabilities

The version of Microsoft Edge installed on the remote Windows host is prior to 126.0.2592.56. It is, therefore, affected by multiple vulnerabilities as referenced in the June 13, 2024 advisory. Microsoft Edge (Chromium-based) Spoofing Vulnerability (CVE-2024-30058, CVE-2024-38083) Type...

5.4CVSS

8.4AI Score

0.0005EPSS

2024-06-13 12:00 AM
1
ubuntucve
ubuntucve

CVE-2024-5842

Use after free in Browser UI in Google Chrome prior to 126.0.6478.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium) Notes Author| Note ---|--- alexmurray | The...

7.3AI Score

0.0004EPSS

2024-06-13 12:00 AM
1
ubuntucve
ubuntucve

CVE-2024-5834

Inappropriate implementation in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) Notes Author| Note ---|--- alexmurray | The Debian chromium source package is called chromium-browser in...

7.7AI Score

0.0004EPSS

2024-06-13 12:00 AM
1
ubuntucve
ubuntucve

CVE-2024-5845

Use after free in Audio in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium) Notes Author| Note ---|--- alexmurray | The Debian chromium source package is called chromium-browser in...

7.5AI Score

0.0004EPSS

2024-06-13 12:00 AM
ubuntucve
ubuntucve

CVE-2024-5843

Inappropriate implementation in Downloads in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to obfuscate security UI via a malicious file. (Chromium security severity: Medium) Notes Author| Note ---|--- alexmurray | The Debian chromium source package is called chromium-browser in...

6.8AI Score

0.0004EPSS

2024-06-13 12:00 AM
ubuntucve
ubuntucve

CVE-2024-5840

Policy bypass in CORS in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Medium) Notes Author| Note ---|--- alexmurray | The Debian chromium source package is called chromium-browser in...

6.7AI Score

0.0004EPSS

2024-06-13 12:00 AM
1
ubuntucve
ubuntucve

CVE-2024-5844

Heap buffer overflow in Tab Strip in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium) Notes Author| Note ---|--- alexmurray | The Debian chromium source package is called...

7.5AI Score

0.0004EPSS

2024-06-13 12:00 AM
1
osv
osv

firefox-esr - security update

Bulletin has no...

6.6AI Score

0.0004EPSS

2024-06-13 12:00 AM
1
ubuntucve
ubuntucve

CVE-2024-5831

Use after free in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Notes Author| Note ---|--- alexmurray | The Debian chromium source package is called chromium-browser in...

7.5AI Score

0.0004EPSS

2024-06-13 12:00 AM
2
ubuntucve
ubuntucve

CVE-2024-5833

Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) Notes Author| Note ---|--- alexmurray | The Debian chromium source package is called...

6.8AI Score

0.0004EPSS

2024-06-13 12:00 AM
osv
osv

cups - security update

Bulletin has no...

4.4CVSS

7.2AI Score

0.0004EPSS

2024-06-13 12:00 AM
zdt
zdt

VSCode ipynb Remote Code Execution Exploit

VSCode when opening a Jupyter notebook (.ipynb) file bypasses the trust model. On versions v1.4.0 through v1.71.1, its possible for the Jupyter notebook to embed HTML and javascript, which can then open new terminal windows within VSCode. Each of these new windows can then execute arbitrary code...

7.8CVSS

7.6AI Score

0.44EPSS

2024-06-13 12:00 AM
22
ubuntucve
ubuntucve

CVE-2024-5846

Use after free in PDFium in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium) Notes Author| Note ---|--- alexmurray | The Debian chromium source package is called chromium-browser in...

7.5AI Score

0.0004EPSS

2024-06-13 12:00 AM
1
ubuntucve
ubuntucve

CVE-2024-5836

Inappropriate Implementation in DevTools in Google Chrome prior to 126.0.6478.54 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: High) Notes Author| Note ---|--- alexmurray | The Debian....

7.8AI Score

0.0004EPSS

2024-06-13 12:00 AM
1
spring
spring

A Bootiful Podcast: Abdel Sghiouar, Cloud Native Developer Advocate at Google

Hi, Spring fans! Abdel Sghiouar is a senior Cloud Native Developer Advocate at Google, a co-host of the Kubernetes Podcast by Google and a CNCF Ambassador, and it was my pleasure to sit down with him at the amazing Spring IO event in Barcelona and catch up on all things Kubernetes and...

7.1AI Score

2024-06-13 12:00 AM
nessus
nessus

SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:2008-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2008-1 advisory. The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes. The following security bugs were...

9.8CVSS

8.8AI Score

EPSS

2024-06-13 12:00 AM
1
ubuntucve
ubuntucve

CVE-2024-5835

Heap buffer overflow in Tab Groups in Google Chrome prior to 126.0.6478.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Notes Author| Note ---|--- alexmurray | The....

7.5AI Score

0.0004EPSS

2024-06-13 12:00 AM
ubuntucve
ubuntucve

CVE-2024-5841

Use after free in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Notes Author| Note ---|--- alexmurray | The Debian chromium source package is called chromium-browser in...

7.5AI Score

0.0004EPSS

2024-06-13 12:00 AM
osv
osv

Malicious code in v2-core (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (51e0286004b6b184a7ae2c0a7110095cd51122ae1c9ccc69db8d1bfd7380dfed) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI Score

2024-06-12 11:38 PM
1
osv
osv

Malicious code in exel-js (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (b6083dc24b3cdb6bfd02f5426aa373f2425aab6e9508e12255fc1e08133809bc) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI Score

2024-06-12 11:38 PM
osv
osv

Malicious code in core-webpack (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (6b8224957c90ee66ed3cc6af4e8b300d5eb082f8368f94b725e53bbfed9ccbf2) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI Score

2024-06-12 11:38 PM
osv
osv

Malicious code in ozonid (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (434f32feef52077406cbebac21bd52caaa41481baf68aeebb0daf1edf7783269) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI Score

2024-06-12 11:38 PM
osv
osv

Malicious code in ozon-js (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (e6a05e800a141f7c456358b5d20b4e3cebc65f9d0229d0024fae5b1e51ed1e51) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI Score

2024-06-12 11:38 PM
osv
osv

CVE-2024-4201

A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5.1 before 16.10.7, all versions starting from 16.11 before 16.111.4, all versions starting from 17.0 before 17.0.2. When viewing an XML file in a repository in raw mode, it can be made to render as...

4.4CVSS

6AI Score

0.0004EPSS

2024-06-12 11:15 PM
osv
osv

CGA-xj6j-5vv8-pjv3

Bulletin has no...

7.2AI Score

2024-06-12 10:06 PM
1
Total number of security vulnerabilities303831