CVE-2022-0107

Use after free in File Manager API in Google Chrome on Chrome OS prior to 97.0.4692.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page...

CVE-2022-0107

CVE-2022-0107 describes a use-after-free in Chrome OS File Manager API, enabling heap corruption when a user installs a malicious extension via a crafted HTML page. Affected product: Google Chrome on Chrome OS (pre-97.0.4692.71). The Debian security advisory notes a fix in chromium 97.0.4692.71-0...

Updated chromium-browser-stable packages fix security vulnerability

CVE-2022-0096: Use after free in Storage. CVE-2022-0097: Inappropriate implementation in DevTools. CVE-2022-0098: Use after free in Screen Capture. CVE-2022-0099: Use after free in Sign-in. CVE-2022-0100: Heap buffer overflow in Media streams API. CVE-2022-0101: Heap buffer overflow in Bookmarks...

Chromium: CVE-2022-0107 Use after free in File Manager API

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Microsoft Edge (Chromium) < 97.0.1072.55 Multiple Vulnerabilities

The version of Microsoft Edge installed on the remote Windows host is prior to 97.0.1072.55. It is, therefore, affected by multiple vulnerabilities as referenced in the January 6, 2022 advisory. - Use after free in File Manager API in Google Chrome on Chrome OS prior to 97.0.4692.71 allowed an...

FreeBSD : chromium -- multiple vulnerabilities (9eeccbf3-6e26-11ec-bb10-3065ec8fd3ec)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 9eeccbf3-6e26-11ec-bb10-3065ec8fd3ec advisory. - Use after free in File Manager API in Google Chrome on Chrome OS prior to 97.0.4692.71 allow...

Google Chrome < 97.0.4692.71 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 97.0.4692.71. It is, therefore, affected by multiple vulnerabilities as referenced in the 202201stable-channel-update-for-desktop advisory. - Uninitialized use in File API in Google Chrome prior to 97.0.4692.71 allowed ...

Stable Channel Update for Desktop

The Chrome team is delighted to announce the promotion of Chrome 97 to the stable channel for Windows, Mac and Linux.This will roll out over the coming days/weeks. Chrome 97.0.4692.71 contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming...

CVE-2021-45232

In Apache APISIX Dashboard before 2.10.1, the Manager API uses two frameworks and introduces framework droplet on the basis of framework gin, all APIs and authentication middleware are developed based on framework droplet, but some API directly use the interface of framework gin thus bypassing th...

CVE-2021-45232

In Apache APISIX Dashboard before 2.10.1, the Manager API uses two frameworks and introduces framework droplet on the basis of framework gin, all APIs and authentication middleware are developed based on framework droplet, but some API directly use the interface of framework gin thus bypassing th...

Authentication flaw

In Apache APISIX Dashboard before 2.10.1, the Manager API uses two frameworks and introduces framework droplet on the basis of framework gin, all APIs and authentication middleware are developed based on framework droplet, but some API directly use the interface of framework gin thus bypassing th...

CVE-2021-45232 security vulnerability on unauthorized access.

In Apache APISIX Dashboard before 2.10.1, the Manager API uses two frameworks and introduces framework droplet on the basis of framework gin, all APIs and authentication middleware are developed based on framework droplet, but some API directly use the interface of framework gin thus bypassing th...

PT-2021-6081 · Apache · Apache Apisix Dashboard

Name of the Vulnerable Software and Affected Versions: Apache APISIX Dashboard versions prior to 2.10.1 Description: The issue is related to the Manager API in Apache APISIX Dashboard, which uses two frameworks, gin and droplet. While all APIs and authentication middleware are developed based on...

Oracle Linux 8 : squid:4 (ELSA-2021-4292)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-4292 advisory. libecap squid 7:4.15-1 - new version 4.15 - Resolves: 1964384 - squid:4 rebase to 4.15 7:4.11-5 - Resolves: 1944261 - CVE-2020-25097 squid:4/squid:...

Oracle Linux 7 : squid (ELSA-2021-9465)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9465 advisory. - Resolves: CVE-2021-28651 squid: Bug 5104: Memory leak in RFC 2169 response parsing 778 - Resolves: CVE-2021-28652 squid: Bug 5106: Broken cache manag...

Debian DLA-2685-1 : squid3 security update

Several vulnerabilities were discovered in Squid, a proxy caching server. CVE-2021-28651 Due to a buffer-management bug, it allows a denial of service. When resolving a request with the urn: scheme, the parser leaks a small amount of memory. However, there is an unspecified attack methodology tha...

MGASA-2021-0237 Updated squid packages fix security vulnerabilities

Updated squid packages fix security vulnerabilities: Due to improper input validation Squid is vulnerable to an HTTP Request Smuggling attack. This problem allows a trusted client to perform HTTP Request Smuggling and access services otherwise forbidden by Squid security controls CVE-2020-25097...

USN-4981-1 squid, squid3 vulnerabilities

Joshua Rogers discovered that Squid incorrectly handled requests with the urn: scheme. A remote attacker could possibly use this issue to cause Squid to consume resources, leading to a denial of service. CVE-2021-28651 Joshua Rogers discovered that Squid incorrectly handled requests to the Cache...

Ubuntu 18.04 LTS / 20.04 LTS : Squid vulnerabilities (USN-4981-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4981-1 advisory. Joshua Rogers discovered that Squid incorrectly handled requests with the urn: scheme. A remote attacker could possibly use this issue to cau...

CVE-2021-28652

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to incorrect parser validation, it allows a Denial of Service attack against the Cache Manager API. This allows a trusted client to trigger memory leaks that. over time, lead to a Denial of Service via an unspecified short que...