CVE-2025-0441

CVE-2025-0441 corresponds to an information-disclosure flaw in Google Chrome’s Fenced Frames implementation. Connected sources confirm the issue affects Google Chrome/Chromium, describing an inappropriate implementation in Fenced Frames that could allow a remote attacker to glean potentially sens...

PT-2025-1282 · Microsoft +5 · Edge +5

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 132.0.6834.83 Microsoft Edge affected versions not specified Description: The issue exists due to an inappropriate implementation of Fenced Frames in the browser, allowing a remote attacker to obtain potentiall...

qt6-webengine -- Multiple vulnerabilities

Qt qtwebengine-chromium repo reports: Backports for 9 security bugs in Chromium: CVE-2024-12693: Out of bounds memory access in V8 CVE-2024-12694: Use after free in Compositing CVE-2025-0436: Integer overflow in Skia CVE-2025-0437: Out of bounds read in Metrics CVE-2025-0438: Stack buffer overflo...

PT-2025-37027

Name of the Vulnerable Software and Affected Versions: curl affected versions not specified Description: The websocket code in curl did not update the 32-bit mask pattern for each new outgoing frame, as required by the specification. Instead, a fixed mask was used throughout the entire connection...

PT-2026-2888

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw in the mac80211 component related to the handling of Beacon frames. Specifically, the system does not properly discard Beacon frames sent to a...

CVE-2024-56609

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: use ieee80211purgetxqueue to purge TX skb When removing kernel modules by: rmmod rtw888723cs rtw888703b rtw888723x rtw88sdio rtw88core Driver uses skbqueuepurge to purge TX skb, but not report tx status causing "Have...

DEBIAN-CVE-2024-56609

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: use ieee80211purgetxqueue to purge TX skb When removing kernel modules by: rmmod rtw888723cs rtw888703b rtw888723x rtw88sdio rtw88core Driver uses skbqueuepurge to purge TX skb, but not report tx status causing "Have...

UBUNTU-CVE-2024-56609

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: use ieee80211purgetxqueue to purge TX skb When removing kernel modules by: rmmod rtw888723cs rtw888703b rtw888723x rtw88sdio rtw88core Driver uses skbqueuepurge to purge TX skb, but not report tx status causing "Have...

CVE-2024-56648 net: hsr: avoid potential out-of-bound access in fill_frame_info()

In the Linux kernel, the following vulnerability has been resolved: net: hsr: avoid potential out-of-bound access in fillframeinfo syzbot is able to feed a packet with 14 bytes, pretending it is a vlan one. Since fillframeinfo is relying on skb-maclen already, extend the check to cover this case...

CVE-2024-56609 wifi: rtw88: use ieee80211_purge_tx_queue() to purge TX skb

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: use ieee80211purgetxqueue to purge TX skb When removing kernel modules by: rmmod rtw888723cs rtw888703b rtw888723x rtw88sdio rtw88core Driver uses skbqueuepurge to purge TX skb, but not report tx status causing "Have...

The vulnerability of Firefox browser, related to improper limitation of the number of user interface layers or frames displayed, allows attackers to perform spoofing attacks.

The vulnerability of Firefox browsers is related to improper limitation of the number of user interface layers or frames that can be displayed. Exploiting this vulnerability allows a remote attacker to perform spoofing attacks...

BIT-NODE-MIN-2024-27983

An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It is possible to leave some data in nghttp2 memory after reset when headers with HTTP/2 CONTINUATION frame are sent to the server and then a T...

thorsten/phpmyfaq Unintended File Download Triggered by Embedded Frames

Summary A vulnerability exists in the FAQ Record component where a privileged attacker can trigger a file download on a victim's machine upon page visit by embedding it in an element without user interaction or explicit consent. Details In...

Mozilla Thunderbird < 115.18

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 115.18. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-70 advisory. - Enhanced Tracking Protection's Strict mode may have inadvertently allowed a CSP frame-src bypass and...

CBL Mariner 2.0 Security Update: kernel (CVE-2024-49997)

The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-49997 advisory. - In the Linux kernel, the following vulnerability has been resolved: net: ethernet: lantiqetop: fix memory...

Malicious code in privy-frames-drop (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis d7f03babad9cbb72b88a3dac7beadb5275fa4c3ab5364d435f372bf5dffbd8ee The OpenSSF Package Analysis project identified 'privy-frames-drop' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...

MAL-2024-11249 Malicious code in privy-frames-drop (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis d7f03babad9cbb72b88a3dac7beadb5275fa4c3ab5364d435f372bf5dffbd8ee The OpenSSF Package Analysis project identified 'privy-frames-drop' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...

SUSE CVE-2024-53104

In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Skip parsing frames of type UVCVSUNDEFINED in uvcparseformat This can lead to out of bounds writes since frames of this type were not taken into account when calculating the size of the frames buffer in...

UBUNTU-CVE-2024-53104

In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Skip parsing frames of type UVCVSUNDEFINED in uvcparseformat This can lead to out of bounds writes since frames of this type were not taken into account when calculating the size of the frames buffer in...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel, which arises from a skipped parsing of frames of type UVCVSUNDEFINED in the media: uvcvideo component, which is not taken...