9137 matches found
CVE-2024-29018 External DNS requests from 'internal' networks could lead to data exfiltration
Moby is an open source container framework that is a key component of Docker Engine, Docker Desktop, and other distributions of container tooling or runtimes. Moby's networking implementation allows for many networks, each with their own IP address range and gateway, to be defined. This feature i...
CVE-2024-29018
CVE-2024-29018 affects the Moby-based docker/libnetwork networking stack, where internal networks can forward DNS requests to an external nameserver due to how host loopback DNS resolution is bridged for internal networks. The issue enables an attacker controlling an authoritative DNS domain to c...
CVE-2024-2630
Inappropriate implementation in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...
CVE-2024-2631
Inappropriate implementation in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...
CVE-2024-2631
Inappropriate implementation in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...
Monero: [Monero wallet RPC] File precreation to file ownership and credentials leak
The Monero wallet RPC was found to have a vulnerability in the file creation process that could lead to potential credential leakage. The issue was located in the walletrpcserver::init method, where a file was created without using the OEXCL flag, allowing an attacker to pre-create the file and...
USN-6686-4 linux-kvm vulnerabilities
It was discovered that the DesignWare USB3 for Qualcomm SoCs driver in the Linux kernel did not properly handle certain error conditions during device registration. A local attacker could possibly use this to cause a denial of service system crash. CVE-2023-22995 It was discovered that a race...
CVE-2024-2630
Inappropriate implementation in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...
CVE-2024-2628
Inappropriate implementation in Downloads in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted URL. Chromium security severity: Medium...
chromium -- multiple security fixes
Chrome Releases reports: This update includes 12 security fixes: 327740539 High CVE-2024-2625: Object lifecycle issue in V8. Reported by Ganjiang Zhou@refrainareu of ChaMd5-H1 team on 2024-03-01 40945098 Medium CVE-2024-2626: Out of bounds read in Swiftshader. Reported by Cassidy Kim@cassidy6564 ...
Google Chrome < 123.0.6312.58 Multiple Vulnerabilities
The version of Google Chrome installed on the remote Windows host is prior to 123.0.6312.58. It is, therefore, affected by multiple vulnerabilities as referenced in the 202403stable-channel-update-for-desktop19 advisory. - Use after free in Canvas in Google Chrome prior to 123.0.6312.58 allowed a...
OPENSUSE-SU-2024:0084-1 Security update for chromium
This update for chromium fixes the following issue: Chromium 122.0.6261.128 boo1221335 CVE-2024-2400: Use after free in Performance Manager Chromium 122.0.6261.111 boo1220131,boo1220604,boo1221105 New upstream security release. CVE-2024-2173: Out of bounds memory access in V8. CVE-2024-2174:...
USN-6696-1: OpenJDK 8 vulnerabilities
Yi Yang discovered that the Hotspot component of OpenJDK 8 incorrectly handled array accesses in the C1 compiler. An attacker could possibly use this issue to cause a denial of service, execute arbitrary code or bypass Java sandbox restrictions. CVE-2024-20918 It was discovered that the Hotspot...
Cisco Products Affected by Broadcom MediaxChange Buffer Overflow (CVE-2021-33478)
The TrustZone implementation in certain Broadcom MediaxChange firmware could allow an unauthenticated, physically proximate attacker to achieve arbitrary code execution in the TrustZone Trusted Execution Environment TEE of an affected device. This, for example, affects certain Cisco IP Phone and...
[SECURITY] [DLA 3763-1] curl security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3763-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès March 17, 2024 https://wiki.debian.org/LTS -...
Debian dla-3763 : curl - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3763 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3763-1 [email protected] https://www.debian.org/lts/security/...
TurboBoost Commands vulnerable to arbitrary method invocation
Impact TurboBoost Commands has existing protections in place to guarantee that only public methods on Command classes can be invoked; however, the existing checks aren't as robust as they should be. It's possible for a sophisticated attacker to invoke more methods than should be permitted dependi...
HALO 2.13.1 CORS Issue
Title: HALO-2.13.1 Cross-origin resource sharing: arbitrary origin trusted Author: nu11secur1ty Date: 03/15/2024 Vendor: https://www.halo.run/ Software: https://github.com/halo-dev/halo Reference: https://portswigger.net/web-security/cors Description: The application implements an HTML5...
Moderate: Red Hat Security Advisory: .NET 8.0 security update
An update for .NET 8.0 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...
Moderate: .NET 7.0 security update
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.117 and .NET Runtime 7.0.17...