5836 matches found
Google Chrome < 130.0.6723.59 Multiple Vulnerabilities
The version of Google Chrome installed on the remote Windows host is prior to 130.0.6723.59. It is, therefore, affected by multiple vulnerabilities as referenced in the 202410stable-channel-update-for-desktop15 advisory. - Use after free in AI. CVE-2024-9954 - Use after free in Web Authentication...
Google Chrome < 130.0.6723.58 Multiple Vulnerabilities
The version of Google Chrome installed on the remote Windows host is prior to 130.0.6723.58. It is, therefore, affected by multiple vulnerabilities as referenced in the 202410stable-channel-update-for-desktop15 advisory. - Use after free in AI. CVE-2024-9954 - Use after free in Web Authentication...
Google Chrome < 130.0.6723.58 Multiple Vulnerabilities
The version of Google Chrome installed on the remote macOS host is prior to 130.0.6723.58. It is, therefore, affected by multiple vulnerabilities as referenced in the 202410stable-channel-update-for-desktop15 advisory. - Insufficient data validation in DevTools in Google Chrome on Windows prior t...
chromium -- multiple security fixes
Chrome Releases reports: This update includes 17 security fixes: 367755363 High CVE-2024-9954: Use after free in AI. Reported by DarkNavy on 2024-09-18 370133761 Medium CVE-2024-9955: Use after free in Web Authentication. Reported by anonymous on 2024-09-29 370482421 Medium CVE-2024-9956:...
SUSE CVE-2024-47868
Gradio is an open-source Python package designed for quick prototyping. This is a data validation vulnerability affecting several Gradio components, which allows arbitrary file leaks through the post-processing step. Attackers can exploit these components by crafting requests that bypass expected...
Tungsten Automation Power PDF JPF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Tungsten Automation Power PDF OXPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...
Tungsten Automation Power PDF PNG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...
Microsoft Edge (Chromium-Based) Multiple Vulnerabilities - Oct 2024
Microsoft Edge Chromium-Based is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2024-47868
Gradio is an open-source Python package designed for quick prototyping. This is a data validation vulnerability affecting several Gradio components, which allows arbitrary file leaks through the post-processing step. Attackers can exploit these components by crafting requests that bypass expected...
PYSEC-2024-217
Gradio is an open-source Python package designed for quick prototyping. This is a data validation vulnerability affecting several Gradio components, which allows arbitrary file leaks through the post-processing step. Attackers can exploit these components by crafting requests that bypass expected...
PYSEC-2024-217
Gradio is an open-source Python package designed for quick prototyping. This is a data validation vulnerability affecting several Gradio components, which allows arbitrary file leaks through the post-processing step. Attackers can exploit these components by crafting requests that bypass expected...
CVE-2024-47868 Several components’ post-process steps may allow arbitrary file leaks in Gradio
Gradio is an open-source Python package designed for quick prototyping. This is a data validation vulnerability affecting several Gradio components, which allows arbitrary file leaks through the post-processing step. Attackers can exploit these components by crafting requests that bypass expected...
CVE-2024-47868 Several components’ post-process steps may allow arbitrary file leaks in Gradio
Gradio is an open-source Python package designed for quick prototyping. This is a data validation vulnerability affecting several Gradio components, which allows arbitrary file leaks through the post-processing step. Attackers can exploit these components by crafting requests that bypass expected...
CVE-2024-47868
CVE-2024-47868 affects Gradio, an open‑source Python library. A data validation vulnerability in post-processing steps can leak arbitrary files via several components that handle file data, including: String to FileData (DownloadButton, Audio, ImageEditor, Video, Model3D, File, UploadButton), Com...
CVE-2024-47868 Several components’ post-process steps may allow arbitrary file leaks in Gradio
Gradio is an open-source Python package designed for quick prototyping. This is a data validation vulnerability affecting several Gradio components, which allows arbitrary file leaks through the post-processing step. Attackers can exploit these components by crafting requests that bypass expected...
Gradio's dropdown component pre-process step does not limit the values to those in the dropdown list
Impact What kind of vulnerability is it? Who is impacted? This vulnerability is a data validation issue in the Gradio Dropdown component's pre-processing step. Even if the allowcustomvalue parameter is set to False, attackers can bypass this restriction by sending custom requests with arbitrary...
GHSA-26JH-R8G2-6FPR Gradio's dropdown component pre-process step does not limit the values to those in the dropdown list
Impact What kind of vulnerability is it? Who is impacted? This vulnerability is a data validation issue in the Gradio Dropdown component's pre-processing step. Even if the allowcustomvalue parameter is set to False, attackers can bypass this restriction by sending custom requests with arbitrary...
Gradio has several components with post-process steps allow arbitrary file leaks
Impact What kind of vulnerability is it? Who is impacted? This is a data validation vulnerability affecting several Gradio components, which allows arbitrary file leaks through the post-processing step. Attackers can exploit these components by crafting requests that bypass expected input...
GHSA-4Q3C-CJ7G-JCWF Gradio has several components with post-process steps allow arbitrary file leaks
Impact What kind of vulnerability is it? Who is impacted? This is a data validation vulnerability affecting several Gradio components, which allows arbitrary file leaks through the post-processing step. Attackers can exploit these components by crafting requests that bypass expected input...