422 matches found
PT-2024-6290 · Google +4 · Google Chrome +4
Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 128.0.6613.84 Description: The issue is related to insufficient policy enforcement in Data Transfer, allowing a remote attacker to leak cross-origin data via a crafted HTML page if the user engages in specific ...
ROS-20240815-08
Vulnerability in the ANGLE component of Google Chrome browser is related to out-of-bounds recording. Exploitation of the of the vulnerability could allow an attacker acting remotely to exploit the heap corruption with a a specially crafted HTML page V8 JavaScript script handler V8 vulnerability i...
Microsoft Edge (Chromium) < 126.0.2592.68 Multiple Vulnerabilities
The version of Microsoft Edge installed on the remote Windows host is prior to 126.0.2592.68. It is, therefore, affected by multiple vulnerabilities as referenced in the June 20, 2024 advisory. - Microsoft Edge Chromium-based Spoofing Vulnerability CVE-2024-38082, CVE-2024-38093 - Type Confusion ...
Google Chrome Code Execution Vulnerability (CNVD-2024-26520)
Google Chrome is a web browser from Google, an American company. A code execution vulnerability exists in versions prior to Google Chrome 125.0.6422.141, which can be exploited by remote attackers to cause heap corruption via specially crafted HTML pages...
Google Chrome Code Execution Vulnerability (CNVD-2024-26521)
Google Chrome is a web browser from Google, an American company. A code execution vulnerability exists in versions prior to Google Chrome 125.0.6422.141, which can be exploited by remote attackers to cause heap corruption via specially crafted HTML pages...
Google Chrome 安全漏洞
Google Chrome is a web browser from Google, an American company. A code execution vulnerability exists in versions prior to Google Chrome 125.0.6422.141, which can be exploited by remote attackers to cause heap corruption via specially crafted HTML pages...
Cross-Site Scripting
github.com/mattermost/mattermost-server is vulnerable to Cross-Site Scripting. The vulnerability is due to improper escaping of user-controlled outputs when generating HTML pages. This flaw allows an attacker to execute scripts in the context of another user's browser session...
PT-2024-2642 · Google +3 · Google Chrome +3
Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 123.0.6312.58 Description: The issue is related to incorrect security UI in Google Chrome, allowing a remote attacker to perform UI spoofing via a crafted HTML page. This can be achieved by exploiting the...
Use After Free
chromium is vulnerable to Use After Free.The vulnerability is due to improper handling of memory when processing crafted HTML pages, leading to potential heap corruption...
CVE-2024-2445 Reflected XSS in Mattermost Jira plugin
Mattermost Jira plugin versions shipped with Mattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x before 9.3.2, and 9.4.x before 9.4.3 fail to escape user-controlled outputs when generating HTML pages, which allows an attacker to perform reflected cross-site scripting attacks agains...
CVE-2024-2445 Reflected XSS in Mattermost Jira plugin
Mattermost Jira plugin versions shipped with Mattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x before 9.3.2, and 9.4.x before 9.4.3 fail to escape user-controlled outputs when generating HTML pages, which allows an attacker to perform reflected cross-site scripting attacks agains...
Fedora 39 : chromium (2024-9ce64d8940)
The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-9ce64d8940 advisory. upstream security release 122.0.6261.94 High CVE-2024-1938: Type Confusion in V8 High CVE-2024-1939: Type Confusion in V8 Tenable has extracted the...
Cross Site Scripting (XSS)
@tanstack/react-query-next-experimental is vulnerable to Cross Site Scripting XSS. The vulnerability is due to improper handling of the id variable within the createHydrationStreamProvider method, which allows an attacker to inject arbitrary JavaScript when react-query-next-experimental preforms...
Cross Site Scripting (XSS)
@apollo/experimental-nextjs-app-support is vulnerable to Cross Site Scripting XSS. The vulnerability due to improper sanitization during server-side rendering of HTML pages, which allows an attacker to perform XSS...
GHSA-997G-27X8-43RF react-query-streamed-hydration Cross-site Scripting vulnerability
Impact The @tanstack/react-query-next-experimental NPM package is vulnerable to a cross-site scripting vulnerability. To exploit this, an attacker would need to either inject malicious input or arrange to have malicious input be returned from an endpoint. This vulnerability arises from improper...
Google Chrome 安全漏洞
Google Chrome is a web browser from Google, an American company. A numeric error vulnerability exists in versions prior to Google Chrome 120.0.6099.216, which stems from insufficient data validation. An attacker can exploit the vulnerability to install malicious extensions via specially crafted...
Microsoft Edge (Chromium) < 120.0.2210.121 Multiple Vulnerabilities
The version of Microsoft Edge installed on the remote Windows host is prior to 120.0.2210.121. It is, therefore, affected by multiple vulnerabilities as referenced in the January 5, 2024 advisory. - Use after free in ANGLE in Google Chrome prior to 120.0.6099.199 allowed a remote attacker who had...
PT-2023-6540 · Google +5 · Google Chrome +5
Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 118.0.5993.117 Microsoft Edge versions prior to 118.0.5993.117 Description: The issue is related to a use after free in the Profiles component, which can be exploited by a remote attacker using a crafted HTML...
PT-2023-5912 · Google +4 · Google Chrome +4
Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 118.0.5993.70 Description: The issue is related to an inappropriate implementation in the Input component of Google Chrome, which allowed a remote attacker to spoof security UI via a crafted HTML page. This cou...
libvpx: crash related to VP9 encoding in libvpx
A heap-based buffer overflow flaw was found in libvpx, a library used to process VP9 video codecs data. This issue occurs when processing certain specially formatted video data via a crafted HTML page, allowing an attacker to crash or remotely execute arbitrary code in an application, such as a w...