Astra Linux - уязвимость в chromium

The use of frames with free in Google Chrome before version 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...

Astra Linux - уязвимость в chromium

The use of after-free in Frames in Google Chrome before version 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...

Important: Red Hat Security Advisory: nodejs:22 security update

An update for the nodejs:22 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Fedora 42 : chromium (2026-583eef79a8)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-583eef79a8 advisory. Update to 145.0.7632.75 CVE-2026-2441: Use after free in CSS CVE-2026-2313: Use after free in CSS CVE-2026-2314: Heap buffer overflow in Codecs...

CVE-2025-62813

LZ4 through 1.10.0 allows attackers to cause a denial of service application crash or possibly have unspecified other impact when the application processes untrusted LZ4 frames. For example, LZ4FcreateCDictadvanced in lib/lz4frame.c mishandles NULL checks...

EUVD-2022-42616

Malicious code in bioql PyPI...

EUVD-2022-15463

Malicious code in bioql PyPI...

RLSA-2024:4252 Moderate: nghttp2 security update

libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 HTTP/2 protocol in C. Security Fixes: nghttp2: CONTINUATION frames DoS CVE-2024-28182 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refe...

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a code execution vulnerability that stems from a security issue with Frames. An attacker can exploit the vulnerability to execute arbitrary code on the system...

CVE-2024-20354

Summary: CVE-2024-20354 affects Cisco Aironet Access Point (AP) Software. The vulnerability stems from incomplete cleanup of resources when dropping certain malformed encrypted wireless frames, allowing an unauthenticated, adjacent attacker (wireless client) to cause degradation of service or a p...

Design/Logic Flaw

A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause the user to be tricked into performing unintended actions when external address frames are not properly restricted. Affected Products: NetBotz 4 - 355/450/455/550/570 V4.7.0 and prior...

DEBIAN-CVE-2023-1811

Use after free in Frames in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

DEBIAN-CVE-2020-26141

An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The Wi-Fi implementation does not verify the Message Integrity Check authenticity of fragmented TKIP frames. An adversary can abuse this to inject and possibly decrypt packets in WPA or WPA2 networks that support the...

CVE-2012-2280

EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before SP4 P14 do not properly use frames, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "Cross frame scripting vulnerability."...

Design/Logic Flaw

Use-after-free vulnerability in Google Chrome before 16.0.912.75 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving animation frames...

CVE-2008-3456

phpMyAdmin before 2.11.8 does not sufficiently prevent its pages from using frames that point to pages in other domains, which makes it easier for remote attackers to conduct spoofing or phishing activities via a cross-site framing attack...

CVE-2002-1187

Cross-site scripting vulnerability XSS in Internet Explorer 5.01 through 6.0 allows remote attackers to read and execute files on the local system via web pages using the or element and javascript, aka "Frames Cross Site Scripting," as demonstrated using the PrivacyPolicy.dlg resource...

CVE-2002-1151

The cross-site scripting protection for Konqueror in KDE 2.2.2 and 3.0 through 3.0.3 does not properly initialize the domains on sub-frames and sub-iframes, which can allow remote attackers to execute script and steal cookies from subframes that are in other domains...