Unspecified Vulnerability in Google Chrome (CNVD-2024-44479)

Google Chrome is a web browser from Google, an American company. A security vulnerability exists in Google Chrome prior to version 130.0.6723.58, which stems from an improper implementation of PictureInPicture, and can be exploited by remote attackers to perform UI spoofing via a crafted HTML pag...

KLA74117 Multiple vulnerabilities in Microsoft Browser

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, spoof user interface, bypass security restrictions. Below is a complete list of vulnerabilities: 1. Use after free vulnerability in Parce...

PT-2025-32251

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 139.0.7258.66 Description An inappropriate implementation in permissions within Google Chrome allows a remote attacker to perform UI spoofing through a specially crafted HTML page. The security severity is rated...

Google Chrome Security Update (stable-channel-update-for-desktop_15-2024-10) - Windows

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...

CVE-2024-9956

Inappropriate implementation in WebAuthentication in Google Chrome on Android prior to 130.0.6723.58 allowed a local attacker to perform privilege escalation via a crafted HTML page. Chromium security severity: Medium...

CVE-2024-9964

CVE-2024-9964 : In Google Chrome/Chromium, an inappropriate implementation in Payments allows a remote attacker to trigger UI spoofing by tricking a user into certain UI gestures via a crafted Chrome Extension. Public details across connected documents confirm UI-spoofing impact for Chrome/Chromi...

CVE-2024-9966

Inappropriate implementation in Navigations in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to bypass content security policy via a crafted HTML page. Chromium security severity: Low...

CVE-2024-9962

Inappropriate implementation in Permissions in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

CVE-2024-9958

Inappropriate implementation in PictureInPicture in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

CVE-2024-48948

The Elliptic package 6.5.7 for Node.js, in its for ECDSA implementation, does not correctly verify valid signatures if the hash contains at least four leading 0 bytes and when the order of the elliptic curve's base point is smaller than the hash, because of an truncateToN anomaly. This leads to...

CVE-2024-48948

The Elliptic package 6.5.7 for Node.js, in its for ECDSA implementation, does not correctly verify valid signatures if the hash contains at least four leading 0 bytes and when the order of the elliptic curve's base point is smaller than the hash, because of an truncateToN anomaly. This leads to...

[SECURITY] Fedora 41 Update: rust-tonic-build-0.12.3-1.fc41

Codegen module of tonic gRPC implementation...

Google Chrome < 130.0.6723.58 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 130.0.6723.58. It is, therefore, affected by multiple vulnerabilities as referenced in the 202410stable-channel-update-for-desktop15 advisory. - Use after free in AI. CVE-2024-9954 - Use after free in Web Authentication...

CVE-2024-48948

The Elliptic package 6.5.7 for Node.js, in its for ECDSA implementation, does not correctly verify valid signatures if the hash contains at least four leading 0 bytes and when the order of the elliptic curve's base point is smaller than the hash, because of an truncateToN anomaly. This leads to...

Google Chrome < 130.0.6723.58 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 130.0.6723.58. It is, therefore, affected by multiple vulnerabilities as referenced in the 202410stable-channel-update-for-desktop15 advisory. - Insufficient data validation in DevTools in Google Chrome on Windows prior t...

Google Chrome < 130.0.6723.59 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 130.0.6723.59. It is, therefore, affected by multiple vulnerabilities as referenced in the 202410stable-channel-update-for-desktop15 advisory. - Use after free in AI. CVE-2024-9954 - Use after free in Web Authentication...

CVE-2024-48948

The CVE-2024-48948 entry is linked to the Elliptic package for Node.js (v6.5.7). It describes a cryptographic signature verification issue in ECDSA caused by a _truncateToN anomaly: if the hash has at least four leading zero bytes and the base point order is smaller than the hash, valid signature...

chromium -- multiple security fixes

Chrome Releases reports: This update includes 17 security fixes: 367755363 High CVE-2024-9954: Use after free in AI. Reported by DarkNavy on 2024-09-18 370133761 Medium CVE-2024-9955: Use after free in Web Authentication. Reported by anonymous on 2024-09-29 370482421 Medium CVE-2024-9956:...

Amazon Linux 2023 : libgcrypt, libgcrypt-devel (ALAS2023-2024-736)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-736 advisory. A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA...

GHSA-J2HR-Q93X-GXVH SSOReady has an XML Signature Bypass via differential XML parsing

Affected versions are vulnerable to XML signature bypass attacks. An attacker can carry out signature bypass if you have access to certain IDP-signed messages. The underlying mechanism exploits differential behavior between XML parsers. Users of https://ssoready.com, the public hosted instance of...