Lucene search
K

5860 matches found

OSV
OSV
added 2024/10/10 10:11 p.m.11 views

GHSA-26JH-R8G2-6FPR Gradio's dropdown component pre-process step does not limit the values to those in the dropdown list

Impact What kind of vulnerability is it? Who is impacted? This vulnerability is a data validation issue in the Gradio Dropdown component's pre-processing step. Even if the allowcustomvalue parameter is set to False, attackers can bypass this restriction by sending custom requests with arbitrary...

6.9CVSS7.4AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2024/10/10 10:11 p.m.17 views

Gradio's dropdown component pre-process step does not limit the values to those in the dropdown list

Impact What kind of vulnerability is it? Who is impacted? This vulnerability is a data validation issue in the Gradio Dropdown component's pre-processing step. Even if the allowcustomvalue parameter is set to False, attackers can bypass this restriction by sending custom requests with arbitrary...

7.4AI score
Exploits0References2Affected Software1
OSV
OSV
added 2024/10/10 10:3 p.m.7 views

GHSA-4Q3C-CJ7G-JCWF Gradio has several components with post-process steps allow arbitrary file leaks

Impact What kind of vulnerability is it? Who is impacted? This is a data validation vulnerability affecting several Gradio components, which allows arbitrary file leaks through the post-processing step. Attackers can exploit these components by crafting requests that bypass expected input...

6.9CVSS7.5AI score0.00804EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2024/10/10 10:3 p.m.26 views

Gradio has several components with post-process steps allow arbitrary file leaks

Impact What kind of vulnerability is it? Who is impacted? This is a data validation vulnerability affecting several Gradio components, which allows arbitrary file leaks through the post-processing step. Attackers can exploit these components by crafting requests that bypass expected input...

7.5CVSS6.7AI score0.00804EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2024/10/10 6:15 p.m.12 views

CVE-2024-47962

Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can manipulate an insider to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current...

8.4CVSS0.03407EPSS
Exploits0References1
NVD
NVD
added 2024/10/10 6:15 p.m.8 views

CVE-2024-47963

Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process...

8.4CVSS0.00275EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/10/10 5:15 p.m.14 views

CVE-2024-47963 Out-of-bounds Write vulnerability in Delta Electronics CNCSoft-G2

Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process...

8.4CVSS0.00275EPSS
Exploits0References1
CVE
CVE
added 2024/10/10 5:15 p.m.58 views

CVE-2024-47963

Delta Electronics CNCSoft-G2 contains a DPAX file parsing flaw that can cause an out-of-bounds write, enabling remote code execution. The vulnerability requires user interaction (visiting a malicious page or opening a malicious file) and affects DPAX parsing logic; exploitation leads to code exec...

8.4CVSS7.7AI score0.00275EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/10/10 12:0 a.m.4 views

PT-2024-40012 · Gradio · Gradio

Name of the Vulnerable Software and Affected Versions: Gradio versions prior to 5.0 Description: This issue is a data validation problem in the Gradio Dropdown component's pre-processing step. It allows attackers to bypass input constraints by sending custom requests with arbitrary values, even...

6.9CVSS7.4AI score
Exploits0References3
SUSE CVE
SUSE CVE
added 2024/10/09 3:41 a.m.8 views

SUSE CVE-2023-2314

Insufficient data validation in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Low...

6.5CVSS8.6AI score0.003EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2024/10/09 12:0 a.m.19 views

CentOS 6 : chromium-browser (RHSA-2020:2544)

The remote CentOS Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2544 advisory. - Use after free in reader mode in Google Chrome on Android prior to 83.0.4103.61 allowed a remote attacker who had compromised the renderer process to...

9.6CVSS7.4AI score0.06414EPSS
Exploits13References31
Tenable Nessus
Tenable Nessus
added 2024/10/09 12:0 a.m.26 views

CentOS 6 : chromium-browser (RHSA-2020:4206)

The remote CentOS Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:4206 advisory. - Heap buffer overflow in storage in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access...

9.6CVSS7.4AI score0.03416EPSS
Exploits6References8
Tenable Nessus
Tenable Nessus
added 2024/10/09 12:0 a.m.28 views

CentOS 6 : chromium-browser (RHSA-2020:4235)

The remote CentOS Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:4235 advisory. - Use after free in payments in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTM...

8.8CVSS8.2AI score0.02553EPSS
Exploits4References28
Tenable Nessus
Tenable Nessus
added 2024/10/09 12:0 a.m.25 views

CentOS 6 : chromium-browser (RHSA-2020:1970)

The remote CentOS Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:1970 advisory. - Out of bounds read and write in PDFium in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a...

8.8CVSS7.9AI score0.02888EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2024/10/09 12:0 a.m.25 views

CentOS 6 : chromium-browser (RHSA-2020:3723)

The remote CentOS Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:3723 advisory. - Use after free in presentation API in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to potentially exploit heap corruption via a...

9.3CVSS7.3AI score0.02296EPSS
Exploits3References14
OpenVAS
OpenVAS
added 2024/10/08 12:0 a.m.15 views

openSUSE Security Advisory (openSUSE-SU-2024:0327-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.6CVSS9.2AI score0.00592EPSS
Exploits1References3
OSV
OSV
added 2024/10/07 9:7 a.m.14 views

OPENSUSE-SU-2024:0327-1 Security update for chromium

This update for chromium fixes the following issues: Chromium 129.0.6668.89 stable released 2024-09-24 boo1231232 CVE-2024-7025: Integer overflow in Layout CVE-2024-9369: Insufficient data validation in Mojo CVE-2024-9370: Inappropriate implementation in V8...

9.6CVSS9.1AI score0.00592EPSS
Exploits1References5
OpenVAS
OpenVAS
added 2024/10/07 12:0 a.m.20 views

Fedora: Security Advisory (FEDORA-2024-7aba3c1531)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.6CVSS8.6AI score0.05811EPSS
Exploits5References8
OpenVAS
OpenVAS
added 2024/10/07 12:0 a.m.16 views

Fedora: Security Advisory (FEDORA-2024-452b60addf)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.6CVSS8.6AI score0.05811EPSS
Exploits5References8
Tenable Nessus
Tenable Nessus
added 2024/10/06 12:0 a.m.20 views

Fedora 39 : chromium (2024-7aba3c1531)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-7aba3c1531 advisory. update to 129.0.6668.89 High CVE-2024-7025: Integer overflow in Layout High CVE-2024-9369: Insufficient data validation in Mojo High CVE-2024-9370:...

9.6CVSS8AI score0.05811EPSS
Exploits5References10
Rows per page
Query Builder