5860 matches found
GHSA-26JH-R8G2-6FPR Gradio's dropdown component pre-process step does not limit the values to those in the dropdown list
Impact What kind of vulnerability is it? Who is impacted? This vulnerability is a data validation issue in the Gradio Dropdown component's pre-processing step. Even if the allowcustomvalue parameter is set to False, attackers can bypass this restriction by sending custom requests with arbitrary...
Gradio's dropdown component pre-process step does not limit the values to those in the dropdown list
Impact What kind of vulnerability is it? Who is impacted? This vulnerability is a data validation issue in the Gradio Dropdown component's pre-processing step. Even if the allowcustomvalue parameter is set to False, attackers can bypass this restriction by sending custom requests with arbitrary...
GHSA-4Q3C-CJ7G-JCWF Gradio has several components with post-process steps allow arbitrary file leaks
Impact What kind of vulnerability is it? Who is impacted? This is a data validation vulnerability affecting several Gradio components, which allows arbitrary file leaks through the post-processing step. Attackers can exploit these components by crafting requests that bypass expected input...
Gradio has several components with post-process steps allow arbitrary file leaks
Impact What kind of vulnerability is it? Who is impacted? This is a data validation vulnerability affecting several Gradio components, which allows arbitrary file leaks through the post-processing step. Attackers can exploit these components by crafting requests that bypass expected input...
CVE-2024-47962
Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can manipulate an insider to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current...
CVE-2024-47963
Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process...
CVE-2024-47963 Out-of-bounds Write vulnerability in Delta Electronics CNCSoft-G2
Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process...
CVE-2024-47963
Delta Electronics CNCSoft-G2 contains a DPAX file parsing flaw that can cause an out-of-bounds write, enabling remote code execution. The vulnerability requires user interaction (visiting a malicious page or opening a malicious file) and affects DPAX parsing logic; exploitation leads to code exec...
PT-2024-40012 · Gradio · Gradio
Name of the Vulnerable Software and Affected Versions: Gradio versions prior to 5.0 Description: This issue is a data validation problem in the Gradio Dropdown component's pre-processing step. It allows attackers to bypass input constraints by sending custom requests with arbitrary values, even...
SUSE CVE-2023-2314
Insufficient data validation in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Low...
CentOS 6 : chromium-browser (RHSA-2020:2544)
The remote CentOS Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2544 advisory. - Use after free in reader mode in Google Chrome on Android prior to 83.0.4103.61 allowed a remote attacker who had compromised the renderer process to...
CentOS 6 : chromium-browser (RHSA-2020:4206)
The remote CentOS Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:4206 advisory. - Heap buffer overflow in storage in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access...
CentOS 6 : chromium-browser (RHSA-2020:4235)
The remote CentOS Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:4235 advisory. - Use after free in payments in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTM...
CentOS 6 : chromium-browser (RHSA-2020:1970)
The remote CentOS Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:1970 advisory. - Out of bounds read and write in PDFium in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a...
CentOS 6 : chromium-browser (RHSA-2020:3723)
The remote CentOS Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:3723 advisory. - Use after free in presentation API in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to potentially exploit heap corruption via a...
openSUSE Security Advisory (openSUSE-SU-2024:0327-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
OPENSUSE-SU-2024:0327-1 Security update for chromium
This update for chromium fixes the following issues: Chromium 129.0.6668.89 stable released 2024-09-24 boo1231232 CVE-2024-7025: Integer overflow in Layout CVE-2024-9369: Insufficient data validation in Mojo CVE-2024-9370: Inappropriate implementation in V8...
Fedora: Security Advisory (FEDORA-2024-7aba3c1531)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory (FEDORA-2024-452b60addf)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 39 : chromium (2024-7aba3c1531)
The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-7aba3c1531 advisory. update to 129.0.6668.89 High CVE-2024-7025: Integer overflow in Layout High CVE-2024-9369: Insufficient data validation in Mojo High CVE-2024-9370:...