18 matches found
Vulnerabilities fixed in Google Chrome
Google has fixed vulnerabilities in Google Chrome versions before 146.0.7680.75. The vulnerabilities are in Google Chrome's V8 engine and Skia graphics library. The vulnerability in the V8 engine allows a malicious person to execute arbitrary code within the browser's sandboxed environment via a...
CVE-2024-56327
creationtimestamp| type| source ---|---|--- 2024-12-19 22:29:51+00:00| seen| https://infosec.exchange/users/cve/statuses/113681851388329044 2024-12-19 23:15:37+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3ldoyum6vh72m 2024-12-20 00:51:24+00:00| seen|...
CVE-2024-12692
creationtimestamp| type| source ---|---|--- 2024-12-18 21:49:00+00:00| seen| https://infosec.exchange/users/cve/statuses/113676028499435854 2024-12-18 22:16:24+00:00| seen| https://infosec.exchange/users/screaminggoat/statuses/113676136226017385 2024-12-18 23:44:26+00:00| seen|...
CVE-2024-53130
creationtimestamp| type| source ---|---|--- 2024-12-04 14:43:10+00:00| seen| https://infosec.exchange/users/cve/statuses/113595081655798635 2024-12-04 16:45:40+00:00| seen| https://t.me/cvedetector/12004...
getPastCirculatingSupply() returns the ARB token supply instead of circulating votes supply
Lines of code Vulnerability details Bug Description In ArbitrumGovernorVotesQuorumFractionUpgradeable, the getPastCirculatingSupply function is used when calculating quorum for proposals: ArbitrumGovernorVotesQuorumFractionUpgradeable.solL31-L35 /// @notice Get "circulating" votes supply; i.e.,...
Vulnerabilities fixed in Microsoft Developer Tools
Microsoft has fixed vulnerabilities in Microsoft Developer Tools. A malicious party could exploit the vulnerabilities to gain access to sensitive data, obtain elevated privileges or execute arbitrary code. To do so the malicious party must have access to a system on which the vulnerable...
Vulnerability fixed in Google Chrome
A vulnerability has been fixed in Google Chrome. A malicious party could potentially exploit the vulnerability to execute arbitrary code under a user's privileges. To do this, the malicious party must induce the victim to visit a malicious web page to visit. As usual, Google has published few...
Vulnerability fixed in Google Chrome
Google has fixed a vulnerability in Chrome. The vulnerability allows a malicious party to cause a denial-of-service cause or potentially execute arbitrary code. To do so requires the malicious party to induce the victim to open a rogue web page. Google indicates that exploit code is circulating f...
Improperly Skewed Governance Mechanism
Lines of code Vulnerability details ALR-02H: Improperly Skewed Governance Mechanism | File | Lines | Type ---|---|--- AuraLocker.sol | L594-L609, L611-L618 | Governance Susceptibility Description The balance checkpointing system exposed by the contract for governance purposes is flawed as it does...
Vulnerability fixed in Chromium-based browsers
A vulnerability has been fixed in Google Chrome. The vulnerability potentially allows a remote malicious person to execute arbitrary code to execute under the user's privileges. Google has disclosed little information about the vulnerability. The vulnerability is in the "Portals" component, which...
Vulnerabilities fixed in Google Chrome
Vulnerabilities have been fixed in Google Chrome. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Access to system data Google, as usual, is releasing few technical details abou...
Vulnerability fixed in Cisco Identity Services Engine
Cisco has fixed a vulnerability in Identity Services Engine ISE. A malicious person with administrator privileges can exploit the vulnerability exploit it to perform a Cross-Site Scripting XSS attack. Such an attack can result in the execution of arbitrary script code in the browser used to visit...
Microsoft Internet Explorer 6.0 URL Local Resource Access Weakness
No description provided by source. source: http://www.securityfocus.com/bid/10472/info Microsoft Internet Explorer is prone to a security weakness that may permit unauthorized access to local resources on a client computer. This will effectively bypass security restrictions implemented in Interne...
Adobe Releases Patch for Flash Bug Being Used in Targeted Attacks
Adobe has released a patch for a serious Flash vulnerability that is being used in targeted attacks right now. The updates fix the vulnerability in Windows, Mac, Linux and Android systems. There is an exploit in the wild that is targeting systems running vulnerable versions of Flash on Windows in...
Winamp 5.04 - '.wsz' Skin File Remote Code Execution
This 0day exploit is known to be circulating in the wild There is no patch for this vulnerability - Do not use Winamp ! https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/418.rar skinhead.rar - 171 Ko index.html ----------- Load.php --------- foo.wsz foo.zip...
Microsoft Internet Explorer 6 - URL Local Resource Access
source: https://www.securityfocus.com/bid/10472/info Microsoft Internet Explorer is prone to a security weakness that may permit unauthorized access to local resources on a client computer. This will effectively bypass security restrictions implemented in Internet Explorer 6 SP1. Specifically, a...
ezbounce remote format string vulnerability
A security hole exists that can be used to crash the proxy and execute arbitrary code. An exploit is circulating that takes advantage of this, and in some cases succeeds in obtaining a login shell on the machine...
Solaris 2.x7.08 IRIX 6.5.x OpenBSD 2.x NetBSD 1.x Debian 3 HP-UX 10 - TelnetD Remote Buffer Overflow
Solaris 2.x7.08 IRIX 6.5.x OpenBSD 2.x NetBSD 1.x Debian 3 HP-UX 10 - TelnetD Remote Buffer Overflow // source: https://www.securityfocus.com/bid/3064/info A boundary condition error exists in telnet daemons derived from the BSD telnet daemon. Under certain circumstances, the buffer overflow can...