CVE-2023-4363

CVE-2023-4363–Inappropriate implementation in WebShare in Google Chrome (Android) prior to 116.0.5845.96 allowed a remote attacker to spoof the contents of a dialog URL via a crafted HTML page. Connected advisories confirm this CVE is tracked with Chromium updates; fixes are part of Chrome/Chromi...

CVE-2023-4361

Inappropriate implementation in Autofill in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. Chromium security severity: Medium...

CVE-2023-4363

Inappropriate implementation in WebShare in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to spoof the contents of a dialog URL via a crafted HTML page. Chromium security severity: Medium...

CVE-2023-4360

Inappropriate implementation in Color in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. Chromium security severity: Medium...

CVE-2023-4360

Inappropriate implementation in Color in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. Chromium security severity: Medium...

CVE-2023-4350

CVE-2023-4350 is an issue in Chromium-based Chrome on Android involving an inappropriate implementation in Fullscreen that could allow a remote attacker to spoof the Omnibox (URL bar) via a crafted HTML page. The vulnerability originates from the Fullscreen implementation and affects Android buil...

chromium -- multiple vulnerabilities

Chrome Releases reports: This update includes 26 security fixes: 1448548 High CVE-2023-2312: Use after free in Offline. Reported by avaue at S.S.L. on 2023-05-24 1458303 High CVE-2023-4349: Use after free in Device Trust Connectors. Reported by Weipeng Jiang @Krace of VRI on 2023-06-27 1454817 Hi...

Google Chrome < 116.0.5845.96 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 116.0.5845.96. It is, therefore, affected by multiple vulnerabilities as referenced in the 202308stable-channel-update-for-desktop15 advisory. - Insufficient policy enforcement in Extensions API in Google Chrome prior to...

Google Chrome < 116.0.5845.96 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 116.0.5845.96. It is, therefore, affected by multiple vulnerabilities as referenced in the 202308stable-channel-update-for-desktop15 advisory. - Insufficient policy enforcement in Extensions API in Google Chrome prior t...

Important: Red Hat Security Advisory: .NET 6.0 security, bug fix, and enhancement update

An update for .NET 6.0 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

PT-2023-17752 · Google · Android

Name of the Vulnerable Software and Affected Versions: No specific software or version information is provided in the input descriptions. Description: In the processMessageImpl function of ClientModeImpl.java, there is a possible credential disclosure in the TOFU flow due to a logic error in the...

[SECURITY] Fedora 38 Update: ntpsec-1.2.2a-1.fc38

NTPsec is a more secure and improved implementation of the Network Time Protocol derived from the original NTP project...

CVE-2023-39945

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.11.0, 2.10.2, 2.9.2, and 2.6.5, a data submessage sent to PDP port raises unhandled BadParamException in fastcdr, which in turn crashes fastdds. Versions 2.11.0,...

Heap overflow

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.11.1, 2.10.2, 2.9.2, and 2.6.6, heap can be overflowed by providing a PIDPROPERTYLIST parameter that contains a CDR string with length larger than the size of...

CVE-2023-39949 Improper validation of sequence numbers leading to remotely reachable assertion failure

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.9.1 and 2.6.5, improper validation of sequence numbers may lead to remotely reachable assertion failure. This can remotely crash any Fast-DDS process. Versions...

CVE-2023-39946

Summary: CVE-2023-39946 affects eProsima Fast DDS. Prior to versions 2.11.1, 2.10.2, 2.9.2, and 2.6.6, a heap overflow can be triggered by a PID_PROPERTY_LIST containing a crafted CDR string. In ParameterPropertyList_t::push_back_helper, the second memcpy can copy user-controlled data from the CD...

CVE-2023-39946

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.11.1, 2.10.2, 2.9.2, and 2.6.6, heap can be overflowed by providing a PIDPROPERTYLIST parameter that contains a CDR string with length larger than the size of...

GaugeController._get_sum() returns wrong value, breaking vote accounting

Lines of code Vulnerability details Impact The function to account for past historic total gauge weights getsum is supposed to return the sum for the future week. Instead it returns the sum for the oldest updated week. The returned value is used in voteforgaugeweights to compute the sum after the...

GaugeController` allows for quick vote and withdraw

Lines of code Vulnerability details This issue was identified in the original Curve Finance audit, finding ID TOB-CURVE-DAO-004. It remains unresolved in the mkt.market implementation, but was fixed in the Curve implementation. Impact A malicious voter is able to use full voting power for multipl...

Contrary to sponsor's intent, the gauge's weight will not be updated properly if governance do not change weight before any voting

Lines of code Vulnerability details Impact This is the intended procedure based on Sponsor's answer in discord: Q: when we add new gauge we don't set any weight point or any data for it, did the new gauge will get the weight and power by time when users vote for it ?! A: Yes, the idea is that the...