CVE-2022-4910

Inappropriate implementation in Autofill in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Medium...

CVE-2023-2313

CVE-2023-2313 concerns Google Chrome on Windows with an insecure Sandbox implementation in the Chromium-based renderer before version 112.0.5615.49. The vulnerability allows a remote attacker who has already compromised the renderer process to perform arbitrary read/write via a malicious file, in...

CVE-2022-4922

Inappropriate implementation in Blink in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

CVE-2022-4923

CVE-2022-4923 describes an Inappropriate implementation in Omnibox of Google Chrome before 99.0.4844.51, enabling a privileged network-position attacker to perform a man-in-the-middle via malicious traffic. Affected component: Omnibox within Chrome/Chromium; underlying cause cited as improper Omn...

CVE-2022-4915

CVE-2022-4915 is a Chrome/Chromium URL formatting vulnerability: an improper URL handling in Chrome prior to 103.0.5060.134 allowed a remote attacker to spoof domains via a crafted HTML page. Documents consistently reference Google Chrome/Chromium and a domain-spoofing impact; desktop Chrome vers...

CVE-2022-4913

Inappropriate implementation in Extensions in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who had compromised the renderer process to spoof extension storage via a crafted HTML page. Chromium security severity: High...

CVE-2022-4910

Inappropriate implementation in Autofill in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Medium...

CVE-2022-4906

CVE-2022-4906 concerns Blink/Chromium in Google Chrome prior to 108.0.5359.71. The vulnerability arises from an inappropriate implementation in Blink that permits a remote attacker to perform arbitrary read/write via a crafted HTML page, with high impact (C/H, I/H, A/H) and network attack vector....

CVE-2022-4906

Inappropriate implementation in Blink in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Chromium security severity: High...

SUSE-SU-2023:3013-1 Security update for openssl-3

This update for openssl-3 fixes the following issues: - CVE-2023-2975: Fixed AES-SIV implementation ignores empty associated data entries bsc1213383. - CVE-2023-3446: Fixed DHcheck excessive time with over sized modulus bsc1213487...

SUSE-SU-2023:3011-1 Security update for openssl-3

This update for openssl-3 fixes the following issues: - CVE-2023-2975: Fixed AES-SIV implementation ignores empty associated data entries bsc1213383. - CVE-2023-3446: Fixed DHcheck excessive time with over sized modulus bsc1213487...

java-17-openjdk security and bug fix update

1:17.0.8.0.7-2.0.1 - OpenJDK: ZIP file parsing infinite loop 8302483 CVE-2023-22036 - OpenJDK: weakness in AES implementation 8308682 CVE-2023-22041 - OpenJDK: improper handling of slash characters in URI-to-path conversion 8305312 CVE-2023-22049 - harfbuzz: OpenJDK: On^2 growth via consecutive...

Incorrect implementation of binary search in _find() in History.sol can make BaseVotingVault.sol break and cannot return correct staleIndex

Lines of code Vulnerability details Impact The binary search implemented in find in History.sol is incorrect and in some cases cannot return a correct stale index, and as a result some functions in baseVotingVault.sol can not work properly like queryVotePower. Although History.sol is not in scope...

CVE-2023-38489 Kirby vulnerable to Insufficient Session Expiration after a password change

Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 affects all Kirby sites with user accounts unless Kirby's API and Panel are disabled in the config. It can only be abused if a Kirby user is logged in on a device or browser th...

USN-6256-1: Linux kernel (IoT) vulnerabilities

Jiasheng Jiang discovered that the HSA Linux kernel driver for AMD Radeon GPU devices did not properly validate memory allocation in certain situations, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service system crash. CVE-2022-3108...

USN-6256-1 linux-iot vulnerabilities

Jiasheng Jiang discovered that the HSA Linux kernel driver for AMD Radeon GPU devices did not properly validate memory allocation in certain situations, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service system crash. CVE-2022-3108...

Debian DSA-5459-1 : amd64-microcode - security update

The remote Debian 11 / 12 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-5459 advisory. Tavis Ormandy discovered that under specific microarchitectural circumstances, a vector register in Zen 2 CPUs may not be written to 0 correctly. This flaw...

CVE-2023-39152

Always-incorrect control flow implementation in Jenkins Gradle Plugin 2.8 may result in credentials not being masked i.e., replaced with asterisks in the build log in some circumstances...

LSN-0096-1 Kernel Live Patch Security Notice

It was discovered that the Broadcom FullMAC USB WiFi driver in the Linux kernel did not properly perform data buffer size validation in some situations. A physically proximate attacker could use this to craft a malicious USB device that when inserted, could cause a denial of service system crash ...

CVE-2023-1386

A flaw was found in the 9p passthrough filesystem 9pfs implementation in QEMU. When a local user in the guest writes an executable file with SUID or SGID, none of these privileged bits are correctly dropped. As a result, in rare circumstances, this flaw could be used by malicious users in the gue...