CVE-2024-11919

CVE-2024-11919 concerns Google Chrome for Android, where an inappropriate implementation in Intents could let a remote attacker perform UI spoofing via a crafted HTML page. The issue affects Chrome on Android prior to version 129.0.6668.58 . The connected Red Hat/Ubuntu/Debian and other CVE feeds...

CVE-2024-11919

Inappropriate implementation in Intents in Google Chrome on Android prior to 129.0.6668.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

CVE-2024-13983

CVE-2024-13983 concerns Google Chrome’s Lens feature on iOS before 136.0.7103.59, where an imperfect validation of QR codes allows a remote attacker to perform a UI masquerade via a crafted QR. The underlying issue is in Lens’ handling of QR input, enabling an interface spoofing attack. Affected ...

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, Inc USA. A security vulnerability exists in Google Chrome prior to version 130.0.6723.92, which stems from an improper implementation of Dawn and could lead to out-of-bounds memory access...

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, Inc USA. A security vulnerability exists in Google Chrome prior to version 129.0.6668.58, which stems from an improper implementation of Intents and could lead to UI spoofing...

Chromium: CVE-2025-13042 Inappropriate implementation in V8

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

KLA90263 DoS vulnerability in Microsoft Browser

Inappropriate implementation vulnerability was found in Microsoft Browser. Malicious users can exploit this vulnerability to cause denial of service. Original advisories CVE-2025-13042 Related products Microsoft-Edge CVE list CVE-2025-13042 critical Solution Install necessary updates from the...

openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap

A flaw was found in the OpenSSL CMS implementation RFC 3211 KEK Unwrap. This vulnerability allows memory corruption, an application level denial of service, or potential execution of attacker-supplied code via crafted CMS messages using password-based encryption PWRI...

CVE-2025-64517

sudo-rs is a memory safe implementation of sudo and su written in Rust. With Defaults targetpw or Defaults rootpw enabled, the password of the target account or root account instead of the invoking user is used for authentication. sudo-rs starting in version 0.2.5 and prior to version 0.2.10...

DEBIAN-CVE-2025-40206

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftobjref: validate objref and objrefmap expressions Referencing a synproxy stateful object from OUTPUT hook causes kernel crash due to infinite recursive calls: BUG: TASK stack guard page was hit at 000000008bda5b8c...

CVE-2025-64170

sudo-rs is a memory safe implementation of sudo and su written in Rust. Starting in version 0.2.7 and prior to version 0.2.10, if a user begins entering a password but does not press return for an extended period, a password timeout may occur. When this happens, the keystrokes that were entered a...

CVE-2025-64170 sudo-rs: Partial password reveal is possible after timeout

sudo-rs is a memory safe implementation of sudo and su written in Rust. Starting in version 0.2.7 and prior to version 0.2.10, if a user begins entering a password but does not press return for an extended period, a password timeout may occur. When this happens, the keystrokes that were entered a...

Linux Distros Unpatched Vulnerability : CVE-2025-40139

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - smc: Use skdstget and dstdevrcu in in smcclcprfxset. smcclcprfxset is called during connect and not under RCU nor RTNL. Using skdstgetsk-dev could trigger UAF...

Use of Hard-coded Credentials

Overview Affected versions of this package are vulnerable to Use of Hard-coded Credentials in the AuthN implementation. An attacker can gain unauthorized access to sensitive information, escalate privileges, and tamper with data by leveraging hard-coded credentials. Remediation Upgrade...

Fedora 42 : cef (2025-313f6d7702)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-313f6d7702 advisory. Update to 141.0.7390.122 High CVE-2025-12036 chromium: Inappropriate implementation in V8 High CVE-2025-11756: Use after free in Safe Browsing High...

chromium -- security fix

Chrome Releases reports: This update includes 1 security fix: 457351015 High CVE-2025-13042: Inappropriate implementation in V8. Reported by 303f06e3 on 2025-11-03...

CVE-2025-12729

Inappropriate implementation in Omnibox in Google Chrome on Android prior to 142.0.7444.137 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

CVE-2025-12728

Inappropriate implementation in Omnibox in Google Chrome on Android prior to 142.0.7444.137 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

CVE-2025-12726

Inappropriate implementation in Views in Google Chrome on Windows prior to 142.0.7444.137 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. Chromium security severity: High...

CVE-2025-12727

Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...