Bypassing Install Dialog

chromium is vulnerable to Bypassing Install Dialog. The vulnerability exists due to the inappropriate implementation in WebApp Installs of the library, which allows an attacker to convince a user to install a malicious web app to bypass the install dialog via a maliciously crafted HTML page...

Spoofing Attack

chromium is vulnerable to Spoofing Attack. The vulnerability exists due to the inappropriate implementation in WebApp Installs, which allows an attacker to spoof the contents of the Omnibox URL bar via a maliciously crafted HTML page...

CVE-2023-3733

Inappropriate implementation in WebApp Installs in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially spoof the contents of the Omnibox URL bar via a crafted HTML page. Chromium security severity: Medium...

DEBIAN-CVE-2023-3733

Inappropriate implementation in WebApp Installs in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially spoof the contents of the Omnibox URL bar via a crafted HTML page. Chromium security severity: Medium...

CVE-2023-3733

Inappropriate implementation in WebApp Installs in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially spoof the contents of the Omnibox URL bar via a crafted HTML page. Chromium security severity: Medium...

CVE-2023-3733

CVE-2023-3733 affects Google Chrome/Chromium: Inappropriate implementation in WebApp Installs can allow a crafted HTML page to spoof the Omnibox contents. The issue is fixed in Chrome/Chromium around 115.0.5790.98 (and later, e.g., 115.0.5790.99 per update notes); Debian and other advisories conf...

CVE-2023-3733

Inappropriate implementation in WebApp Installs in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially spoof the contents of the Omnibox URL bar via a crafted HTML page. Chromium security severity: Medium...

Apache Jackrabbit Code Execution Vulnerability

Apache Jackrabbit is a content repository from Apache USA. A code execution vulnerability exists in Apache Jackrabbit Webapp/Standalone, which stems from the component commons-beanutils failing to properly filter special elements of constructed snippets. An attacker could exploit the vulnerabilit...

cn.sinapp.meutils:me-utils (=1.0), com.gnizr:gnizr-robot (=2.4.0-M4) +40 more potentially affected by CVE-2023-39022 via opensymphony:oscore (>=2.2.4 <=2.2.6)

opensymphony:oscore MAVEN version =2.2.4, =2.0, =2.1.5, =1.1.1, =1.1.3, =1.2, =1.2.3 and more Source cves: CVE-2023-39022 Source advisory: OSV:GHSA-859M-2PFX-FWHF...

openSUSE 15 Security Update : chromium (openSUSE-SU-2023:0193-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2023:0193-1 advisory. - Use after free in WebRTC. CVE-2023-3727, CVE-2023-3728 - Use after free in Tab Groups. CVE-2023-3730 - Out of bounds memory access in Mojo...

org.apache.jackrabbit:jackrabbit-standalone (>=1.5.0 <=1.6.5), org.apache.jackrabbit:jackrabbit-standalone-components (>=2.19.2 <=2.20.10) potentially affected by CVE-2023-37895 via org.apache.jackrabbit:jackrabbit-webapp (>=1.5.0 <=2.20.10)

org.apache.jackrabbit:jackrabbit-webapp MAVEN version =1.5.0, =1.5.0, =2.19.2, =2.20.10 Source cves: CVE-2023-37895 Source advisory: OSV:GHSA-Q8CM-3V62-JJ79...

CVE-2023-37895

Java object deserialization issue in Jackrabbit webapp/standalone on all platforms allows attacker to remotely execute code via RMIVersions up to including 2.20.10 stable branch and 2.21.17 unstable branch use the component "commons-beanutils", which contains a class that can be used for remote...

CVE-2023-37895

Java object deserialization issue in Jackrabbit webapp/standalone on all platforms allows attacker to remotely execute code via RMIVersions up to including 2.20.10 stable branch and 2.21.17 unstable branch use the component "commons-beanutils", which contains a class that can be used for remote...

CVE-2023-37895

Java object deserialization issue in Jackrabbit webapp/standalone on all platforms allows attacker to remotely execute code via RMIVersions up to including 2.20.10 stable branch and 2.21.17 unstable branch use the component "commons-beanutils", which contains a class that can be used for remote...

Deserialization of untrusted data

Java object deserialization issue in Jackrabbit webapp/standalone on all platforms allows attacker to remotely execute code via RMIVersions up to including 2.20.10 stable branch and 2.21.17 unstable branch use the component "commons-beanutils", which contains a class that can be used for remote...

CVE-2023-37895

Summary: CVE-2023-37895 affects Apache Jackrabbit Webapp/Standalone via an unsafe deserialization in the commons-beanutils component, enabling remote code execution over RMI. Affected RMIs include versions up to 2.20.10 (stable) and 2.21.17 (unstable). Impact: potential remote code execution with...

CVE-2023-37895

Java object deserialization issue in Jackrabbit webapp/standalone on all platforms allows attacker to remotely execute code via RMIVersions up to including 2.20.10 stable branch and 2.21.17 unstable branch use the component "commons-beanutils", which contains a class that can be used for remote...

The vulnerability of the WebApp Installs component of Google Chrome allows a perpetrator to access confidential information.

The vulnerability of Google Chrome browser’s WebApp installations is related to improperly implemented security checks for standard elements. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to confidential information...

Chromium: CVE-2023-3733 Inappropriate implementation in WebApp Installs

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Microsoft Edge (Chromium) < 114.0.1901.183 / 115.0.1901.183 Multiple Vulnerabilities

The version of Microsoft Edge installed on the remote Windows host is prior to 114.0.1901.183 / 115.0.1901.183. It is, therefore, affected by multiple vulnerabilities as referenced in the July 21, 2023 advisory. - Microsoft Edge Chromium-based Spoofing Vulnerability CVE-2023-35392 - Microsoft Edg...