CVE-2024-6996

Race in Frames in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

CVE-2024-6996

Race in Frames in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

CVE-2024-6996

Race in Frames in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

CVE-2024-6996

Race in Frames in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

Medium: thunderbird

Issue Overview: A heap overflow vulnerability exists in libvpx - Encoding a frame that has larger dimensions than the originally configured size with VP9 may result in a heap overflow in libvpx. We recommend upgrading to version 1.13.1 or above CVE-2023-6349 Affected Packages: thunderbird Note:...

Medium: nerdctl

Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...

PT-2024-18882 · Qualcomm · Snapdragon +170

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue involves information disclosure when handling beacon or probe response frames in a Station STA. No details are provided about the estimated...

qt5-webengine -- Multiple vulnerabilities

Backports for 6 security bugs in Chromium: CVE-2024-5496: Use after free in Media Session CVE-2024-5846: Use after free in PDFium CVE-2024-6291: Use after free in Swiftshader CVE-2024-6989: Use after free in Loader CVE-2024-6996: Race in Frames CVE-2024-7536: Use after free in WebAudio...

PT-2024-18888 · Qualcomm · Snapdragon +122

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue involves information disclosure when handling beacon probe frames during scan entry generation on the client side. Recommendations: At the...

PT-2024-25071 · Qualcomm · Snapdragon +155

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is related to a transient Denial of Service DOS that occurs while parsing probe response and association response frames. This happens when th...

golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS

A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service DoS attack...

golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS

A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service DoS attack...

The vulnerability of the Frames component in Google Chrome and Microsoft Edge browsers allows a hacker to execute arbitrary code.

The vulnerability of the Frames component in Google Chrome and Microsoft Edge is related to synchronization errors when using a shared resource. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

AZL-47207 CVE-2024-42083 affecting package kernel for versions less than 6.6.43.1-7

In the Linux kernel, the following vulnerability has been resolved: ionic: fix kernel panic due to multi-buffer handling Currently, the ionicrunxdp doesn't handle multi-buffer packets properly for XDPTX and XDPREDIRECT. When a jumbo frame is received, the ionicrunxdp first makes xdp frame with al...

DEBIAN-CVE-2024-42083

In the Linux kernel, the following vulnerability has been resolved: ionic: fix kernel panic due to multi-buffer handling Currently, the ionicrunxdp doesn't handle multi-buffer packets properly for XDPTX and XDPREDIRECT. When a jumbo frame is received, the ionicrunxdp first makes xdp frame with al...

UBUNTU-CVE-2024-42083

In the Linux kernel, the following vulnerability has been resolved: ionic: fix kernel panic due to multi-buffer handling Currently, the ionicrunxdp doesn't handle multi-buffer packets properly for XDPTX and XDPREDIRECT. When a jumbo frame is received, the ionicrunxdp first makes xdp frame with al...

UBUNTU-CVE-2024-41091

In the Linux kernel, the following vulnerability has been resolved: tun: add missing verification for short frame The cited commit missed to check against the validity of the frame length in the tunxdpone path, which could cause a corrupted skb to be sent downstack. Even before the skb is...

CVE-2024-41090

In the Linux kernel, the following vulnerability has been resolved: tap: add missing verification for short frame The cited commit missed to check against the validity of the frame length in the tapgetuserxdp path, which could cause a corrupted skb to be sent downstack. Even before the skb is...

SUSE CVE-2024-41091

In the Linux kernel, the following vulnerability has been resolved: tun: add missing verification for short frame The cited commit missed to check against the validity of the frame length in the tunxdpone path, which could cause a corrupted skb to be sent downstack. Even before the skb is...

Chromium: CVE-2024-6996 Race in Frames

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...