EUVD-2024-3276

Malicious code in bioql PyPI...

CVE-2024-52291

Craft is a content management system CMS. A vulnerability in CraftCMS allows an attacker to bypass local file system validation by utilizing a double file:// scheme e.g., file://file:////. This enables the attacker to specify sensitive folders as the file system, leading to potential file...

CVE-2024-52291

CraftCMS has a local file system validation bypass flaw (CVE-2024-52291) that can be triggered by a double file:// scheme to point the base filesystem at sensitive folders. The root cause stems from FileHelper::normalizePath only removing a leading file://, enabling bypass when a second file:// i...

Experts Detail Chromium Browser Security Flaw Putting Confidential Data at Risk

Details have emerged about a now-patched vulnerability in Google Chrome and Chromium-based browsers that, if successfully exploited, could have made it possible to siphon files containing confidential data. "The issue arose from the way the browser interacted with symlinks when processing files a...

DEBIAN-CVE-2022-3656

Insufficient data validation in File System in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. Chromium security severity: Medium...

OPENSUSE-SU-2022:10180-1 Security update for chromium

This update for chromium fixes the following issues: Chromium 107.0.5304.87 boo1204819 CVE-2022-3723: Type Confusion in V8 Chromium 107.0.5304.68 boo1204732 CVE-2022-3652: Type Confusion in V8 CVE-2022-3653: Heap buffer overflow in Vulkan CVE-2022-3654: Use after free in Layout CVE-2022-3655: Hea...

USN-5377-1: Linux kernel (BlueField) vulnerabilities

It was discovered that the network traffic control implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2022-1055 Yiqi Sun and Kevin Wang discovered that the...