CVE-2024-1676

Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to spoof security UI via a crafted HTML page. Chromium security severity: Low...

CVE-2024-1676

Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to spoof security UI via a crafted HTML page. Chromium security severity: Low...

CVE-2024-1674

CVE-2024-1674 is a Chrome/Chromium vulnerability: an inappropriate Navigation implementation allowed remote bypass of navigation restrictions via a crafted HTML page. Affected product is Google Chrome (Chromium core); vulnerable builds prior to 122.0.6261.57. Impact described as navigation bypass...

CVE-2024-1671

Inappropriate implementation in Site Isolation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass content security policy via a crafted HTML page. Chromium security severity: Medium...

CVE-2024-1671

Inappropriate implementation in Site Isolation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass content security policy via a crafted HTML page. Chromium security severity: Medium...

CVE-2024-1671

Inappropriate implementation in Site Isolation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass content security policy via a crafted HTML page. Chromium security severity: Medium...

Google Chrome Security Update (stable-channel-update-for-desktop_20-2024-02) - Windows

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...

Security Bulletin: IBM Cloud Pak for Data Scheduling is vulnerable to multiple ansible-operator and opm vulnerabilities

Summary Ansible-operator and opm is used by IBM Cloud Pak for Data Scheduling as part of the Ansible operator used for installation of the Scheduler. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2022-23471 DESCRIPTION: containerd is...

Observable Discrepancy

Overview com.liferay.portal:com.liferay.portal.impl is a package part of Liferay. Affected versions of this package are vulnerable to Observable Discrepancy via the authentication process. An attacker can obtain information about the existence of user accounts by analyzing differences in response...

Open Redirect

Overview com.liferay.portal:com.liferay.portal.impl is a package part of Liferay. Affected versions of this package are vulnerable to Open Redirect via the redirect, FORWARDURL, noSuchEntryRedirect, and other parameters that rely on the HtmlUtil.escapeRedirect process. An attacker can redirect...

Open Redirect

Overview com.liferay.portal:com.liferay.portal.impl is a package part of Liferay. Affected versions of this package are vulnerable to Open Redirect via the redirect parameter, FORWARDURL parameter, and other parameters that rely on the HtmlUtil.escapeRedirect. An attacker can cause users to be...

CVE-2024-21892

On Linux, Node.js ignores certain environment variables if those may have been set by an unprivileged user while the process is running with elevated privileges with the only exception of CAPNETBINDSERVICE. Due to a bug in the implementation of this exception, Node.js incorrectly applies this...

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, an American company. A security bypass vulnerability previously existed in Google Chrome version 122.0.6261.57, which stemmed from a mal-implementation issue in the Navigation module. An attacker could exploit this vulnerability to bypass security...

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a security bypass vulnerability that is due to an improper implementation in site isolation. An attacker can exploit this vulnerability to bypass security restrictions...

chromium -- multiple security fixes

Chrome Releases reports: This update includes 12 security fixes: 41495060 High CVE-2024-1669: Out of bounds memory access in Blink. Reported by Anonymous on 2024-01-26 41481374 High CVE-2024-1670: Use after free in Mojo. Reported by Cassidy Kim@cassidy6564 on 2023-12-06 41487933 Medium...

Google Chrome < 122.0.6261.57 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 122.0.6261.57. It is, therefore, affected by multiple vulnerabilities as referenced in the 202402stable-channel-update-for-desktop20 advisory. - Insufficient policy enforcement in Download in Google Chrome prior to...

GLSA-202402-23 : Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202402-23 Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities - Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.216 allowed an attacker in a privileged network position to install a...

CVE-2024-26327

An issue was discovered in QEMU 7.1.0 through 8.2.1. registervfs in hw/pci/pciesriov.c mishandles the situation where a guest writes NumVFs greater than TotalVFs, leading to a buffer overflow in VF implementations...

Amazon Linux 2 : ipa (ALAS-2024-2457)

It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2457 advisory. A Cross-site request forgery vulnerability exists in ipa/session/loginpassword in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform...

GLSA-202402-14 : QtWebEngine: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202402-14 QtWebEngine: Multiple Vulnerabilities - Use after free in Garbage Collection in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium...