CVE-2024-47962

Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can manipulate an insider to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current...

CVE-2024-47963

Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process...

CVE-2024-47963 Out-of-bounds Write vulnerability in Delta Electronics CNCSoft-G2

Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process...

CVE-2024-47963

Delta Electronics CNCSoft-G2 contains a DPAX file parsing flaw that can cause an out-of-bounds write, enabling remote code execution. The vulnerability requires user interaction (visiting a malicious page or opening a malicious file) and affects DPAX parsing logic; exploitation leads to code exec...

PT-2024-40012 · Gradio · Gradio

Name of the Vulnerable Software and Affected Versions: Gradio versions prior to 5.0 Description: This issue is a data validation problem in the Gradio Dropdown component's pre-processing step. It allows attackers to bypass input constraints by sending custom requests with arbitrary values, even...

SUSE CVE-2023-2314

Insufficient data validation in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Low...

CentOS 6 : chromium-browser (RHSA-2020:3723)

The remote CentOS Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:3723 advisory. - Use after free in presentation API in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to potentially exploit heap corruption via a...

CentOS 6 : chromium-browser (RHSA-2020:1970)

The remote CentOS Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:1970 advisory. - Out of bounds read and write in PDFium in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a...

CentOS 6 : chromium-browser (RHSA-2020:4206)

The remote CentOS Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:4206 advisory. - Heap buffer overflow in storage in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access...

CentOS 6 : chromium-browser (RHSA-2020:4235)

The remote CentOS Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:4235 advisory. - Use after free in payments in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTM...

CentOS 6 : chromium-browser (RHSA-2020:2544)

The remote CentOS Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2544 advisory. - Use after free in reader mode in Google Chrome on Android prior to 83.0.4103.61 allowed a remote attacker who had compromised the renderer process to...

openSUSE Security Advisory (openSUSE-SU-2024:0327-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OPENSUSE-SU-2024:0327-1 Security update for chromium

This update for chromium fixes the following issues: Chromium 129.0.6668.89 stable released 2024-09-24 boo1231232 CVE-2024-7025: Integer overflow in Layout CVE-2024-9369: Insufficient data validation in Mojo CVE-2024-9370: Inappropriate implementation in V8...

Fedora: Security Advisory (FEDORA-2024-7aba3c1531)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2024-452b60addf)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 39 : chromium (2024-7aba3c1531)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-7aba3c1531 advisory. update to 129.0.6668.89 High CVE-2024-7025: Integer overflow in Layout High CVE-2024-9369: Insufficient data validation in Mojo High CVE-2024-9370:...

Updated chromium-browser-stable packages fix security vulnerabilities

Use after free in Downloads. CVE-2024-6988 Use after free in Loader. CVE-2024-6989 Use after free in Dawn. CVE-2024-6991 Heap buffer overflow in Layout. CVE-2024-6994 Inappropriate implementation in Fullscreen. CVE-2024-6995 Race in Frames. CVE-2024-6996 Use after free in Tabs. CVE-2024-6997 Use...

The vulnerability of the gve_get_ethtool_stats() function in the Linux operating system’s Google kernel virtual network adapter driver allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the gvegetethtoolstats function in the drivers/net/ethernet/google/gve/gveethtool.c file of the Linux kernel’s virtual network adapter driver is related to incorrect data validation. Exploiting this vulnerability could allow an attacker to compromise the confidentiality,...

Chromium: CVE-2024-9369 Insufficient data validation in Mojo

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

SUSE CVE-2024-9369

Insufficient data validation in Mojo in Google Chrome prior to 129.0.6668.89 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: High...