CVE-2024-5836

Inappropriate Implementation in DevTools in Google Chrome prior to 126.0.6478.54 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. Chromium security severity: High...

CVE-2024-5834

Inappropriate implementation in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

CVE-2024-5834

Inappropriate implementation in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

USN-6828-1: Linux kernel (Intel IoTG) vulnerabilities

Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service system crash. CVE-2023-47233 It was...

Rockwell Automation ControlLogix, GuardLogix, and CompactLogix

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.3 ATTENTION : Low attack complexity Vendor : Rockwell Automation Equipment : ControlLogix, GuardLogix, CompactLogix Vulnerability : Always-Incorrect Control Flow Implementation 2. RISK EVALUATION Successful exploitation of this vulnerability could...

chromium -- multiple security fixes

Chrome Releases reports: This update includes 21 security fixes: 342456991 High CVE-2024-5830: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab on 2024-05-24 339171223 High CVE-2024-5831: Use after free in Dawn. Reported by wgslfuzz on 2024-05-07 340196361 High CVE-2024-5832: U...

Stable Channel Update for Desktop

The Chrome team is delighted to announce the promotion of Chrome 126 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks. Chrome 126.0.6478.54 Linux 126.0.6478.56/57 Windows, Mac contains a number of fixes and improvements -- a list of changes is...

Google Chrome < 126.0.6478.56 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 126.0.6478.56. It is, therefore, affected by multiple vulnerabilities as referenced in the 202406stable-channel-update-for-desktop advisory. - Use after free in PDFium in Google Chrome prior to 126.0.6478.54 allowed a...

Cisco Firepower Threat Defense Software SSL/TLS DoS (cisco-sa-asaftd-ssl-dos-uu7mV5p6)

A vulnerability in the hardware-based SSL/TLS cryptography functionality of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software for Cisco Firepower 2100 Series Appliances could allow an unauthenticated, remote attacker to cause an affected device to relo...

Cisco Adaptive Security Appliance Software SSL/TLS DoS (cisco-sa-asaftd-ssl-dos-uu7mV5p6)

A vulnerability in the hardware-based SSL/TLS cryptography functionality of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software for Cisco Firepower 2100 Series Appliances could allow an unauthenticated, remote attacker to cause an affected device to relo...

CVE-2024-36405 Control-flow timing leak in Kyber reference implementation when compiled with Clang 15-18 for -Os, -O1 and other options

liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. A control-flow timing lean has been identified in the reference implementation of the Kyber key encapsulation mechanism when it is compiled with Clang 15-18 for -Os, -O1, and other...

CVE-2024-37880

The Kyber reference implementation before 9b8d306, when compiled by LLVM Clang through 18.x with some common optimization options, has a timing side channel that allows attackers to recover an ML-KEM 512 secret key in minutes. This occurs because polyfrommsg in poly.c does not prevent Clang from...

CVE-2024-37880

The Kyber reference implementation before 9b8d306, when compiled by LLVM Clang through 18.x with some common optimization options, has a timing side channel that allows attackers to recover an ML-KEM 512 secret key in minutes. This occurs because polyfrommsg in poly.c does not prevent Clang from...

CVE-2024-37880

The Kyber reference implementation before 9b8d306, when compiled by LLVM Clang through 18.x with some common optimization options, has a timing side channel that allows attackers to recover an ML-KEM 512 secret key in minutes. This occurs because polyfrommsg in poly.c does not prevent Clang from...

CVE-2024-37880

The CVE affects the Kyber reference implementation prior to 9b8d306. The vulnerability is a timing side channel where poly_frommsg in poly.c can yield a vulnerable secret-dependent branch when compiled with LLVM Clang (through 18.x) with common optimizations, enabling attackers to recover an ML-K...

CVE-2024-1694

Inappropriate implementation in Google Updator prior to 1.3.36.351 in Google Chrome allowed a local attacker to bypass discretionary access control via a malicious file. Chromium security severity: High...

CVE-2024-1694

CVE-2024-1694 affects Google Updator prior to 1.3.36.351 used by Google Chrome. The underlying issue is an improper access control implementation that allows a local attacker to bypass discretionary access control via a malicious file. Affected component is the Google Updator (in Chrome); impact ...

CVE-2024-36792

An issue in the implementation of the WPS in Netgear WNR614 JNR1010V2/N300-V1.1.0.541.0.1 allows attackers to gain access to the router's pin...

CVE-2024-36792

An issue in the implementation of the WPS in Netgear WNR614 JNR1010V2/N300-V1.1.0.541.0.1 allows attackers to gain access to the router's pin...

BIT-GOLANG-2024-24789 Mishandling of corrupt central directory record in archive/zip

The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects...