A Comprehensive Assessment of the General Personal Data Protection Law (LGPD)

Most nations need to protect sensitive data for any number of reasons. Assuring legal compliance, protecting national security, preventing abuse and prejudice, improving global competitiveness, and upholding ethical standards are all vital requirements. Data privacy enhances the safety, security,...

UI Spoofing

Google Chrome is vulnerable to security UI spoofing. The vulnerability is due to inappropriate implementation in Navigation...

Bypassing Content Security Policy

Google Chrome is vulnerable to bypassing Content Security Policy. The vulnerability is due to inappropriate implementation in Content Security Policy...

NLnet Labs Routinator Security Breach

NLnet Labs Routinator is an RPKI Resource Public Key Infrastructure authenticator written in Rust by the NLnet Labs team in the Netherlands. A security vulnerability exists in NLnet Labs Routinator version 0.13.1 and prior versions, which stems from the termination of Routinator when an incoming...

Ubuntu: Security Advisory (USN-6652-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 38 : chromium (2024-6a879cfa63)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-6a879cfa63 advisory. Update to 122.0.6261.57 High CVE-2024-1669: Out of bounds memory access in Blink High CVE-2024-1670: Use after free in Mojo Medium CVE-2024-1671:...

CVE-2024-26600 phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP

In the Linux kernel, the following vulnerability has been resolved: phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP If the external phy working together with phy-omap-usb2 does not implement sendsrp, we may still attempt to call it. This can happen on an idle Ethernet gadget triggeri...

USN-6652-1: Linux kernel (Azure) vulnerabilities

Marek Marczykowski-Górecki discovered that the Xen event channel infrastructure implementation in the Linux kernel contained a race condition. An attacker in a guest VM could possibly use this to cause a denial of service paravirtualized device unavailability. CVE-2023-34324 Zheng Wang discovered...

Chromium: CVE-2024-1676 Inappropriate implementation in Navigation

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2024-1674 Inappropriate implementation in Navigation

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Debian dsa-5629 : chromium - security update

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5629 advisory. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5629-1...

CVE-2023-52160

The implementation of PEAP in wpasupplicant through 2.10 allows authentication bypass. For a successful attack, wpasupplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eappeapdecrypt vulnerability can then be abused to skip Phase 2...

CVE-2023-52160

The implementation of PEAP in wpasupplicant through 2.10 allows authentication bypass. For a successful attack, wpasupplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eappeapdecrypt vulnerability can then be abused to skip Phase 2...

CVE-2024-25124 Fiber has Insecure CORS Configuration, Allowing Wildcard Origin with Credentials

Fiber is a web framework written in go. Prior to version 2.52.1, the CORS middleware allows for insecure configurations that could potentially expose the application to multiple CORS-related vulnerabilities. Specifically, it allows setting the Access-Control-Allow-Origin header to a wildcard whil...

CVE-2024-1676

Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to spoof security UI via a crafted HTML page. Chromium security severity: Low...

CVE-2024-1676

Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to spoof security UI via a crafted HTML page. Chromium security severity: Low...

CVE-2024-1672

Inappropriate implementation in Content Security Policy in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass content security policy via a crafted HTML page. Chromium security severity: Medium...

Design/Logic Flaw

Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Medium...

Information disclosure

Inappropriate implementation in Content Security Policy in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass content security policy via a crafted HTML page. Chromium security severity: Medium...

CVE-2024-1676

Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to spoof security UI via a crafted HTML page. Chromium security severity: Low...