5610 matches found
DEBIAN-CVE-2025-6556
Insufficient policy enforcement in Loader in Google Chrome prior to 138.0.7204.49 allowed a remote attacker to bypass content security policy via a crafted HTML page. Chromium security severity: Low...
CVE-2025-6556
Insufficient policy enforcement in Loader in Google Chrome prior to 138.0.7204.49 allowed a remote attacker to bypass content security policy via a crafted HTML page. Chromium security severity: Low...
Google Chrome 安全漏洞
Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a security bypass vulnerability that stems from insufficient policy enforcement in the Loader component, which can be exploited by an attacker to bypass content security policies...
Google Chrome < 138.0.7204.49 Multiple Vulnerabilities
The version of Google Chrome installed on the remote macOS host is prior to 138.0.7204.49. It is, therefore, affected by multiple vulnerabilities as referenced in the 202506stable-channel-update-for-desktop24 advisory. - Insufficient data validation in DevTools in Google Chrome on Windows prior t...
glibc: static setuid binary dlopen may incorrectly search LD_LIBRARY_PATH
A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen, including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo, may incorrectly search LDLIBRARYPATH to determine which library to load, allowing a local attacker to load...
Security Bulletin: IBM Cloud Pak for Data is vulnerable to to prototype pollution due to webpack loader-utils ( CVE-2022-37601 )
Summary Potential vulnerabilities in webpack loader-utils module has been identified that may affect IBM Cloud Pak for Data. Refer to details for additional information. Vulnerability Details CVEID:CVE-2022-37601 DESCRIPTION: Prototype pollution vulnerability in function parseQuery in parseQuery....
The vulnerability of the UFS loader component of the Grub2 operating system, which allows a hacker to trigger a service failure
The vulnerability of the UFS loader component in operating systems like Grub relates to writing beyond the boundary. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the hfs loader component in Grub2 operating systems allows a hacker to trigger a service failure.
The vulnerability of the hfs loader component in the Grub operating system is related to writing beyond the boundaries. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the gettext loader component in the Grub2 operating system allows a hacker to execute arbitrary code.
The vulnerability of the gettext loader component in operating system Grub is related to integer overflow. Exploiting this vulnerability could allow an attacker to execute arbitrary code...
SUSE CVE-2022-49951
In the Linux kernel, the following vulnerability has been resolved: firmwareloader: Fix use-after-free during unregister In the following code within firmwareuploadunregister, the call to deviceunregister could result in the devrelease function freeing the fwuploadpriv structure before it is...
SUSE CVE-2022-50069
In the Linux kernel, the following vulnerability has been resolved: BPF: Fix potential bad pointer dereference in bpfsysbpf The bpfsysbpf helper function allows an eBPF program to load another eBPF program from within the kernel. In this case the argument union bpfattr pointer as well as the insn...
The vulnerability of the PackLinuxElf64::un_DT_INIT() function in the src/p_lx_elf.cpp file of the UPX executable file loader allows a attacker to cause a service failure.
The vulnerability of the PackLinuxElf64::unDTINIT function in the src/plxelf.cpp file of the UPX executable file loader is related to buffer overflow. Exploiting this vulnerability could allow an attacker to cause a service failure...
New Malware Campaign Uses Cloudflare Tunnels to Deliver RATs via Phishing Chains
A new campaign is making use of Cloudflare Tunnel subdomains to host malicious payloads and deliver them via malicious attachments embedded in phishing emails. The ongoing campaign has been codenamed SERPENTINECLOUD by Securonix. It leverages "the Cloudflare Tunnel infrastructure and Python-based...
CVE-2022-49951
In the Linux kernel, the following vulnerability has been resolved: firmwareloader: Fix use-after-free during unregister In the following code within firmwareuploadunregister, the call to deviceunregister could result in the devrelease function freeing the fwuploadpriv structure before it is...
DEBIAN-CVE-2022-49951
In the Linux kernel, the following vulnerability has been resolved: firmwareloader: Fix use-after-free during unregister In the following code within firmwareuploadunregister, the call to deviceunregister could result in the devrelease function freeing the fwuploadpriv structure before it is...
DEBIAN-CVE-2022-49949
In the Linux kernel, the following vulnerability has been resolved: firmwareloader: Fix memory leak in firmware upload In the case of firmware-upload, an instance of struct fwupload is allocated in firmwareuploadregister. This data needs to be freed in fwdevrelease. Create a new fwuploadfree...
UBUNTU-CVE-2022-49949
In the Linux kernel, the following vulnerability has been resolved: firmwareloader: Fix memory leak in firmware upload In the case of firmware-upload, an instance of struct fwupload is allocated in firmwareuploadregister. This data needs to be freed in fwdevrelease. Create a new fwuploadfree...
UBUNTU-CVE-2022-50105
In the Linux kernel, the following vulnerability has been resolved: powerpc/spufs: Fix refcount leak in spufsinitisolatedloader offindnodebypath returns remote device nodepointer with refcount incremented, we should use ofnodeput on it when done. Add missing ofnodeput to avoid refcount leak...
CVE-2022-50105 powerpc/spufs: Fix refcount leak in spufs_init_isolated_loader
In the Linux kernel, the following vulnerability has been resolved: powerpc/spufs: Fix refcount leak in spufsinitisolatedloader offindnodebypath returns remote device nodepointer with refcount incremented, we should use ofnodeput on it when done. Add missing ofnodeput to avoid refcount leak...
CVE-2022-49951 firmware_loader: Fix use-after-free during unregister
In the Linux kernel, the following vulnerability has been resolved: firmwareloader: Fix use-after-free during unregister In the following code within firmwareuploadunregister, the call to deviceunregister could result in the devrelease function freeing the fwuploadpriv structure before it is...