CVE-2023-29198 Context isolation bypass via nested unserializable return value in Electron

Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Electron apps using contextIsolation and contextBridge are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach...

CVE-2023-39956 Electron: Out-of-package code execution when launched with arbitrary cwd

Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Electron apps that are launched as command line executables are impacted. Specifically this issue can only be exploited if the following conditions are met: 1. The app is launched with...

CVE-2023-39956

CVE-2023-39956 affects Electron: out-of-package code execution when an Electron app is launched as a command-line executable with an attacker-controlled working directory and the ability to write files there. Impact is described as low risk by threat-models, but higher due to bypassing protection...

CVE-2023-39956 Electron: Out-of-package code execution when launched with arbitrary cwd

Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Electron apps that are launched as command line executables are impacted. Specifically this issue can only be exploited if the following conditions are met: 1. The app is launched with...

penettings.com Cross Site Scripting vulnerability OBB-3651012

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2023-2686)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Regular Expression Denial Of Service (ReDoS)

@adobe/css-tools is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability exists in index.ts due to improper input validations which allows an attacker to cause an application slowdown when parsing CSS...

FreeBSD : electron25 -- multiple vulnerabilities (970dcbe0-a947-41a4-abe9-7aaba87f41fe)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 970dcbe0-a947-41a4-abe9-7aaba87f41fe advisory. - Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.110 allowed a remote...

FreeBSD : electron22 -- multiple vulnerabilities (579c7489-c23d-454a-b0fc-ed9d80ea46e0)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 579c7489-c23d-454a-b0fc-ed9d80ea46e0 advisory. - Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.110 allowed a remote...

Out-Of-Bounds Memory Access

Google Chrome is vulnerable to Out-Of-Bounds Memory Access. The vulnerability exists in the CSS, which allows an attacker to perform an out of bounds memory read via a maliciously crafted HTML page...

openSUSE 15 Security Update : chromium (openSUSE-SU-2023:0237-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2023:0237-1 advisory. - Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read vi...

@bitfoot/theme-ngx-globular (>=0.1.1 <=0.1.15), @dashkite/genie-pug (>=0.1.0 <=0.7.14) +42 more potentially affected by CVE-2023-26364 via @adobe/css-tools (>=4.2.0 <=4.3.0-rc.1)

@adobe/css-tools NPM version =4.2.0, =0.1.1, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.0.3, =0.1.26, =3.2.0, =3.1.0, =0.1.0, =0.0.1, =0.0.3, =7.5.3, =7.5.5 - @parker-industries/tensile-ui =0.0.1 and more Source cves: CVE-2023-26364 Source advisory: OSV:GHSA-HPX4-R86G-5JRG...

@adobe/css-tools Regular Expression Denial of Service (ReDOS) while Parsing CSS

Impact @adobe/css-tools version 4.3.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a denial of service while attempting to parse CSS. Patches The issue has been resolved in 4.3.1. Workarounds None References N/A...

GHSA-HPX4-R86G-5JRG @adobe/css-tools Regular Expression Denial of Service (ReDOS) while Parsing CSS

Impact @adobe/css-tools version 4.3.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a denial of service while attempting to parse CSS. Patches The issue has been resolved in 4.3.1. Workarounds None References N/A...

Microsoft Edge (Chromium) < 116.0.1938.62 Multiple Vulnerabilities

The version of Microsoft Edge installed on the remote Windows host is prior to 116.0.1938.62. It is, therefore, affected by multiple vulnerabilities as referenced in the August 25, 2023 advisory. - Microsoft Edge Chromium-based Elevation of Privilege Vulnerability CVE-2023-36741 - Out of bounds...

aporia.it Cross Site Scripting vulnerability OBB-3617269

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Chromium: CVE-2023-4428: Out of bounds memory access in CSS

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

SUSE CVE-2023-4428

Out of bounds memory access in CSS in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: High...

FreeBSD : chromium -- multiple vulnerabilities (5fa332b9-4269-11ee-8290-a8a1599412c6)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 5fa332b9-4269-11ee-8290-a8a1599412c6 advisory. - Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.110 allowed a remote...

CVE-2023-4428

Out of bounds memory access in CSS in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: High...