Microsoft Edge, ChakraCore Security Vulnerabilities
Microsoft Edge (Chromium-based) Spoofing Vulnerability (CNVD-2024-17971)
Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. Microsoft Edge (Chromium-based) suffers from a spoofing vulnerability that can be exploited by attackers to override and spoof elements of the user...
4.3CVSS
6.8AI Score
0.0004EPSS
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. A security feature bypass vulnerability exists in Microsoft Edge (Chromium-based), which can be exploited by an attacker to add malicious scripts to obtain sensitive information from the...
4.7CVSS
6.4AI Score
0.0004EPSS
Security Advisory Description CVE-2011-1176 The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which...
8.6AI Score
0.018EPSS
Remotely executed SEGV and out of bounds read allows malicious packet sender to crash or cause an out of bounds read via sending a malformed packet with the correct...
7AI Score
0.0004EPSS
K000139026 : NTP vulnerability CVE-2009-3563
Security Advisory Description ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE.....
6.9AI Score
0.963EPSS
Linux kernel (Oracle) vulnerabilities
Releases Ubuntu 22.04 LTS Ubuntu 20.04 LTS Packages linux-oracle - Linux kernel for Oracle Cloud systems linux-oracle-5.15 - Linux kernel for Oracle Cloud systems Details It was discovered that the NVIDIA Tegra XUSB pad controller driver in the Linux kernel did not properly handle return...
8.1AI Score
0.004EPSS
Linux kernel (AWS) vulnerabilities
Releases Ubuntu 23.10 Ubuntu 22.04 LTS Packages linux-aws - Linux kernel for Amazon Web Services (AWS) systems linux-aws-6.5 - Linux kernel for Amazon Web Services (AWS) systems Details Lonial Con discovered that the netfilter subsystem in the Linux kernel did not properly handle element...
8.3AI Score
0.0004EPSS
Releases Ubuntu 18.04 ESM Ubuntu 16.04 ESM Packages linux-aws-hwe - Linux kernel for Amazon Web Services (AWS-HWE) systems linux-azure - Linux kernel for Microsoft Azure Cloud systems linux-azure-4.15 - Linux kernel for Microsoft Azure Cloud systems linux-oracle - Linux kernel for Oracle Cloud...
8.3AI Score
0.002EPSS
Linux kernel (Azure) vulnerabilities
Releases Ubuntu 20.04 LTS Ubuntu 18.04 ESM Packages linux-azure - Linux kernel for Microsoft Azure Cloud systems linux-azure-5.4 - Linux kernel for Microsoft Azure cloud systems Details Wenqing Liu discovered that the f2fs file system implementation in the Linux kernel did not properly...
8.6AI Score
0.002EPSS
Firefox is vulnerable to a Privilege Escalation. The vulnerability is due to the unauthorized injection of an event handler into a privileged object, leading to arbitrary JavaScript execution in the parent...
6.8AI Score
0.0004EPSS
K000138990 : BIND vulnerability CVE-2023-4408
Security Advisory Description The DNS message parsing code in named includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the affected named instance by exploiting this....
7.5CVSS
7.2AI Score
0.001EPSS
4.7CVSS
5.5AI Score
0.001EPSS
4.3CVSS
5.3AI Score
0.001EPSS
6.5AI Score
0.001EPSS
6.5AI Score
0.001EPSS
An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, it does not affect mobile versions of Firefox. This vulnerability affects Firefox < 124.0.1 and.....
6.4AI Score
0.0004EPSS
7.3AI Score
China-Linked Group Breaches Networks via Connectwise, F5 Software Flaws
A China-linked threat cluster leveraged security flaws in Connectwise ScreenConnect and F5 BIG-IP software to deliver custom malware capable of delivering additional backdoors on compromised Linux hosts as part of an "aggressive" campaign. Google-owned Mandiant is tracking the activity under its...
10CVSS
9.3AI Score
0.972EPSS
Chromium: CVE-2024-2631 Inappropriate implementation in iOS
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more...
6.7AI Score
0.001EPSS
Chromium: CVE-2024-2630 Inappropriate implementation in iOS
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more...
6.7AI Score
0.001EPSS
7AI Score
0.001EPSS
Chromium: CVE-2024-2627 Use after free in Canvas
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more...
6.7AI Score
0.001EPSS
Chromium: CVE-2024-2626 Out of bounds read in Swiftshader
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more...
6.7AI Score
0.001EPSS
Chromium: CVE-2024-2625 Object lifecycle issue in V8
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more...
6.7AI Score
0.001EPSS
Chromium: CVE-2024-2629 Incorrect security UI in iOS
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more...
6.7AI Score
0.001EPSS
Chromium: CVE-2024-2628 Inappropriate implementation in Downloads
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more...
6.7AI Score
0.001EPSS
7AI Score
0.001EPSS
Microsoft Edge (Chromium) < 123.0.2420.53 Multiple Vulnerabilities
The version of Microsoft Edge installed on the remote Windows host is prior to 123.0.2420.53. It is, therefore, affected by multiple vulnerabilities as referenced in the March 22, 2024 advisory. Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability (CVE-2024-26247) Object...
6.4AI Score
K000138989 : BIND vulnerability CVE-2023-5517
Security Advisory Description A flaw in query-handling code can cause named to exit prematurely with an assertion failure when: - nxdomain-redirect ; is configured, and - the resolver receives a PTR query for an RFC 1918 address that would normally result in an authoritative NXDOMAIN response....
7.5CVSS
7.3AI Score
0.001EPSS
KLA65278 Multiple vulnerabilities in Microsoft Browser
Detect date: 03/22/2024 Severity: High Description: Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, spoof user interface, bypass security restrictions. Affected products: Microsoft Edge.....
8.8CVSS
8.1AI Score
0.0004EPSS
K000138991 : BIND vulnerability CVE-2023-6516
Security Advisory Description To keep its cache database efficient, named running as a recursive resolver occasionally attempts to clean up the database. It uses several methods, including some that are asynchronous: a small chunk of memory pointing to the cache element that can be cleaned up is...
7.5CVSS
7AI Score
0.001EPSS
4.3CVSS
6.9AI Score
0.001EPSS
K000138977 : ncurses vulnerability CVE-2022-29458
Security Advisory Description ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library. (CVE-2022-29458) Impact There is no impact; F5 products are not affected by this...
7.1CVSS
9.7AI Score
0.001EPSS
K000138966 : Intel Xeon CPU vulnerability CVE-2023-23908
Security Advisory Description Improper access control in some 3rd Generation Intel(R) Xeon(R) Scalable processors may allow a privileged user to potentially enable information disclosure via local access. (CVE-2023-23908) Impact This vulnerability may allow a privileged user to enable information.....
4.4CVSS
6AI Score
0.0004EPSS
Siemens SCALANCE W1750D Exposure of Sensitive Information to an Unauthorized Actor (CVE-2023-22791)
A vulnerability exists in Aruba InstantOS and ArubaOS 10 where an edge-case combination of network configuration, a specific WLAN environment and an attacker already possessing valid user credentials on that WLAN can lead to sensitive information being disclosed via the WLAN. The scenarios in...
6.6AI Score
Amazon Linux 2023 : cargo, clippy, rust (ALAS2023-2024-566)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-566 advisory. libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using...
8.1AI Score
Modern CPU architectures supporting speculative execution are vulnerable to a Speculative Race Condition (SRC) vulnerability, akin to Spectre V1. The vulnerability arises from race conditions that allow an unauthenticated attacker to exploit speculative executable code paths, potentially...
7.1AI Score
0.0004EPSS
Moby is an open source container framework that is a key component of Docker Engine, Docker Desktop, and other distributions of container tooling or runtimes. Moby's networking implementation allows for many networks, each with their own IP address range and gateway, to be defined. This feature is....
7AI Score
0.0004EPSS
GifLib Project GifLib v.5.2.1 is vulnerable to a Buffer Overflow Vulnerability. The vulnerability is due to inadequate input validation in the DumpSCreen2RGB function within gif2rgb.c, which could be exploited by a local attacker to access sensitive...
6.3AI Score
0.0004EPSS
giflib is vulnerable to Buffer Overflow vulnerability. The vulnerability is due to a flaw in the getarg.c component, leading to a segmentation...
6.5AI Score
0.0004EPSS
giflib 5.1.4 is vulnerable to a memory leak (out-of-memory) in gif2rgb. The vulnerability is due to inadequate memory management in util/gif2rgb.c, enabling remote attackers to trigger an out-of-memory exception or denial of service via a GIF format...
6.7AI Score
0.003EPSS
Object lifecycle issue in V8 in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity:...
6.4AI Score
0.001EPSS
Out of bounds read in Swiftshader in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity:...
6.3AI Score
0.001EPSS
Improper Check For Unusual Or Exceptional Conditions
Nix is vulnerable to a Improper Check for Unusual or Exceptional Conditions which can send file descriptors to files in the Nix store to another program running on the host or another fixed-output derivation through Unix domain sockets in the abstract namespace. This allows the modification of the....
6.7AI Score
0.0004EPSS
K000138953 : Python vulnerability CVE-2023-41105
Security Advisory Description An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath(), the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for....
7.5CVSS
6.5AI Score
0.001EPSS
Releases Ubuntu 20.04 LTS Ubuntu 18.04 ESM Packages linux-aws - Linux kernel for Amazon Web Services (AWS) systems linux-aws-5.4 - Linux kernel for Amazon Web Services (AWS) systems linux-gcp-5.4 - Linux kernel for Google Cloud Platform (GCP) systems linux-raspi - Linux kernel for Raspberry Pi...
7.6AI Score
0.0004EPSS
Releases Ubuntu 23.10 Ubuntu 22.04 LTS Packages linux - Linux kernel linux-azure - Linux kernel for Microsoft Azure Cloud systems linux-gcp - Linux kernel for Google Cloud Platform (GCP) systems linux-gcp-6.5 - Linux kernel for Google Cloud Platform (GCP) systems linux-hwe-6.5 - Linux hardware...
7.7AI Score
0.0004EPSS
Releases Ubuntu 22.04 LTS Ubuntu 20.04 LTS Packages linux - Linux kernel linux-azure - Linux kernel for Microsoft Azure Cloud systems linux-azure-5.15 - Linux kernel for Microsoft Azure cloud systems linux-azure-fde - Linux kernel for Microsoft Azure CVM cloud systems linux-azure-fde-5.15 -...
8AI Score
0.004EPSS
K000138957 : Libxml2 vulnerability CVE-2023-39615
Security Advisory Description Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file. NOTE: the vendor's position is...
6.5CVSS
7.2AI Score
0.0005EPSS
Linux kernel (AWS) vulnerabilities
Releases Ubuntu 22.04 LTS Ubuntu 20.04 LTS Packages linux-aws - Linux kernel for Amazon Web Services (AWS) systems linux-aws-5.15 - Linux kernel for Amazon Web Services (AWS) systems Details It was discovered that the DesignWare USB3 for Qualcomm SoCs driver in the Linux kernel did not...
8.3AI Score
0.004EPSS