Microsoft Edge (Chromium) < 130.0.2849.68 Multiple Vulnerabilities

The version of Microsoft Edge installed on the remote Windows host is prior to 130.0.2849.68. It is, therefore, affected by multiple vulnerabilities as referenced in the October 31, 2024 advisory. - Out of bounds write in Dawn in Google Chrome prior to 130.0.6723.92 allowed a remote attacker to...

PT-2024-9138 · Cisco · Cisco Asa +1

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA Software affected versions not specified Cisco Firepower Threat Defense FTD Software affected versions not specified Description: The issue is related to a logic error in populating group access control...

USN-7079-1: WebKitGTK vulnerabilities

Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and...

PT-2024-7275 · Google +5 · Google Chrome +5

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 130.0.6723.69 Microsoft Edge affected versions not specified Description: The issue is related to an inappropriate implementation in Extensions, allowing a remote attacker to bypass site isolation via a crafted...

Adobe Audition AVI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Audition. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of AVI...

Adobe Dimension GLB File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsin...

Ffmpeg load_input_picture buffer overflow vulnerability

FFmpeg is a complete solution for recording, converting and streaming audio and video from the FFmpeg team. A buffer overflow vulnerability exists in FFmpeg version 7.0, which stems from a boundary error in loadinputpicture in libavcodec/mpegvideoenc.c:1216:21 when handling untrusted input. A...

PT-2024-4239 · Google +6 · Google Chrome +6

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 126.0.6478.54 Microsoft Edge affected versions not specified Description: The issue is related to an inappropriate implementation in the Memory Allocator component of Google Chrome and Microsoft Edge browsers,...

CVE-2024-20363

Multiple Cisco products are affected by a vulnerability in the Snort Intrusion Prevention System IPS rule engine that could allow an unauthenticated, remote attacker to bypass the configured rules on an affected system. This vulnerability is due to incorrect HTTP packet handling. An attacker coul...

CVE-2023-44411

D-Link D-View InstallApplication Use of Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. The specific flaw exist...

Liferay Portal and Liferay DXP's HtmlUtil.escapeRedirect Can Be Circumvented via Two Forward Slashes

HtmlUtil.escapeRedirect in Liferay Portal 7.2.0 through 7.4.3.12, and older unsupported versions, and Liferay DXP 7.4 before update 9, 7.3 service pack 3, 7.2 fix pack 15 through 18, and older unsupported versions can be circumvented by using two forward slashes, which allows remote attackers to...

Foxit PDF Reader AcroForm Doc Memory Misreference Vulnerability

Foxit PDF Reader is a free and compact PDF document reader and printer. A security vulnerability exists in Foxit PDF Reader AcroForm Doc, which can be exploited by a remote attacker to submit a special file request and trick the user into parsing it, which can crash the application or execute...

PT-2023-8962 · Unknown +10 · Xorg-Server +10

Name of the Vulnerable Software and Affected Versions: xorg-server affected versions not specified Description: A flaw was found in xorg-server, where a specially crafted request to RRChangeProviderProperty or RRChangeOutputProperty can trigger an integer overflow, potentially leading to the...

PT-2023-6867 · Unknown +1 · V-Server Lite +1

Name of the Vulnerable Software and Affected Versions: V-Server versions 4.0.18.0 and earlier V-Server Lite versions 4.0.18.0 and earlier Description: The issue is related to an out-of-bounds read vulnerability. This can be exploited by a remote attacker using a specially crafted file, potentiall...

CVE-2023-0773 Unauthorized Access Control Vulnerability in Uniview IP Camera

The vulnerability exists in Uniview IP Camera due to identification and authentication failure at its web-based management interface. A remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable device. Successful exploitation of this vulnerabili...

PT-2023-5005 · 3S Smart Software Solutions · Codesys

Name of the Vulnerable Software and Affected Versions: Codesys products affected versions not specified Description: The issue is related to insufficient input validation in the CmpAppForce component of Codesys products. After successful user authentication, an attacker can send crafted network...

PT-2023-3712 · Google +2 · Google Chrome +2

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 115.0.5790.98 Description: The issue is related to an inappropriate implementation in Web API Permission Prompts in Google Chrome, which may allow a remote attacker to obfuscate security UI via a crafted HTML...

PT-2023-1280 · Juniper Networks · Junos

Name of the Vulnerable Software and Affected Versions: Junos versions prior to 19.4R3-S9 Junos versions 20.2 prior to 20.2R3-S6 Junos versions 20.3 prior to 20.3R3-S6 Junos versions 20.4 prior to 20.4R3-S5 Junos versions 21.1 prior to 21.1R3-S4 Junos versions 21.2 prior to 21.2R3-S3 Junos version...

CVE-2022-4174

Type confusion in V8 in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

CVE-2022-3885

Use after free in V8 in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...