Chromium: CVE-2022-3661 Insufficient data validation in Extensions

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2022-3656 Insufficient data validation in File System

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Arbitrary Code Execution

badaso/core is vulnerable to arbitrary code executions. The vulnerability is due to the application not properly validating the data uploaded by users which allows an attacker to perform arbitrary code execution...

Contact Form 7 Database Addon < 1.2.6.5 - CSV Injection

The plugin does not validate data when output it back in a CSV file, which could lead to CSV injection PoC Use a Contact Form 7 form and submit an Excel formula in the message field, such as "=5+5" without quotes. Export the entry as CSV using the plugin and import it into Excel...

Google Chrome Security Bypass Vulnerability (CNVD-2022-85089)

Google Chrome is a web browser from Google, Inc. A security vulnerability exists in Google Chrome, which stems from insufficient data validation in Extensions. An attacker could use this vulnerability to bypass security restrictions...

Google Chrome Security Bypass Vulnerability (CNVD-2022-85084)

Google Chrome is a web browser from Google, Inc. A security vulnerability exists in Google Chrome, which is caused by insufficient data validation in the bypass file system. An attacker could use this vulnerability to bypass security restrictions...

Debian DSA-5261-1 : chromium - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5261 advisory. Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure. For the...

Microsoft Edge (Chromium) < 107.0.1418.24 Multiple Vulnerabilities

The version of Microsoft Edge installed on the remote Windows host is prior to 107.0.1418.24. It is, therefore, affected by multiple vulnerabilities as referenced in the October 27, 2022 advisory. - Type Confusion in V8. CVE-2022-3652 - Heap buffer overflow in Vulkan. CVE-2022-3653 - Use after fr...

GHSA-FWVC-9XHJ-26V5 Badaso vulnerable to Remote Code Execution via malicious file upload

Badaso allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users...

CVE-2022-41711

Badaso version 2.6.0 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users...

CVE-2022-41711

Badaso version 2.6.0 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users...

Denial Of Service (DoS)

github.com/fluxcd is vulnerable to Denial of Service. The vulnerability exists due to the lack of data fields validation in the metav1.Duration parameter in multiple fluxcd repositories which allows an attacker to cause an application crash...

CVE-2022-41711

Badaso version 2.6.0 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users...

Google Chrome 输入验证错误漏洞

Google Chrome is a web browser from Google, Inc. A security vulnerability exists in Google Chrome, which is caused by insufficient data validation in the bypass file system. An attacker could use this vulnerability to bypass security restrictions...

CVE-2022-41711

Badaso version 2.6.0 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users...

CVE-2022-41711

CVE-2022-41711 affects Badaso core (v2.6.0). An unauthenticated attacker can execute arbitrary code on the server due to improper validation of user-uploaded data. Public disclosures in multiple feeds (e.g., Red Hat, Veracode, GHSA) describe remote code execution via malicious file uploads, with ...

FreeBSD : chromium -- multiple vulnerabilities (b4ef02f4-549f-11ed-8ad9-3065ec8fd3ec)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the b4ef02f4-549f-11ed-8ad9-3065ec8fd3ec advisory. - Type Confusion in V8. CVE-2022-3652 - Heap buffer overflow in Vulkan. CVE-2022-3653 - Use...

Stable Channel Update for Desktop

The Chrome team is delighted to announce the promotion of Chrome 107 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks. Chrome 107.0.5304.62 for Mac, 107.0.5304.68 for linux and 107.0.5304.62/63 Windows contains a number of fixes and improvements -- a...

chromium -- multiple vulnerabilities

Chrome Releases reports: This release contains 14 security fixes, including: 1369871 High CVE-2022-3652: Type Confusion in V8. Reported by srodulv and ZNMchtss at S.S.L Team on 2022-09-30 1354271 High CVE-2022-3653: Heap buffer overflow in Vulkan. Reported by SeongHwan Park SeHwa on 2022-08-19...

The vulnerability of the InnoDB component of the MySQL Server database management system, which allows a hacker to cause a service failure.

The vulnerability of the InnoDB component in the MySQL Database Management System exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service failures...