9179 matches found
CVE-2023-2467
Google Chrome on Android prior to 113.0.5672.63 is affected by CVE-2023-2467 due to an inappropriate implementation in Prompts, which could allow a remote attacker to bypass permissions restrictions via a crafted HTML page. The impact is a permissions bypass without other code execution details p...
CVE-2023-2466
CVE-2023-2466 describes an Inappropriate implementation in Prompts in Google Chrome (Chromium) prior to 113.0.5672.63 that allows a remote attacker to spoof the contents of the security UI via a crafted HTML page. Connected sources confirm Chromium/Chrome prompt-related weaknesses with this CVE a...
CVE-2023-2466
Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to spoof the contents of the security UI via a crafted HTML page. Chromium security severity: Low...
CVE-2023-2463
Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to hide the contents of the Omnibox URL bar via a crafted HTML page. Chromium security severity: Medium...
CVE-2023-2464
Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to perform an origin spoof in the security UI via a crafted HTML page. Chromium security severity: Medium...
CVE-2023-2462
Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to obfuscate main origin data via a crafted HTML page. Chromium security severity: Medium...
CVE-2023-2462
The connected documents confirm CVE-2023-2462 affects Google Chrome/Chromium, tied to an inappropriate implementation in Prompts that allowed a remote attacker to obfuscate main origin data via a crafted HTML page. Impact is described as Medium; affected components relate to Chrome/Chromium promp...
CVE-2023-2464
Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to perform an origin spoof in the security UI via a crafted HTML page. Chromium security severity: Medium...
CVE-2023-2463
Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to hide the contents of the Omnibox URL bar via a crafted HTML page. Chromium security severity: Medium...
CVE-2023-2459
CVE-2023-2459 affects Chromium-based browsers (Google Chrome/Chromium). The vulnerability is an inappropriate implementation in Prompts that allows a remote attacker to bypass permission restrictions through a crafted HTML page. Severity is described as Medium. Technical details across connected ...
CVE-2023-2459
Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to bypass permission restrictions via a crafted HTML page. Chromium security severity: Medium...
CVE-2023-2459
Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to bypass permission restrictions via a crafted HTML page. Chromium security severity: Medium...
[SECURITY] [DLA 3408-1] jruby security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3408-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk April 30, 2023 https://wiki.debian.org/LTS -...
[SECURITY] Fedora 38 Update: php-laminas-diactoros2-2.25.2-1.fc38
A PHP package containing implementations of the accepted PSR-7 HTTP message interfaces 1, as well as a "server" implementation similar to node's http.Server 2. Documentation: https://docs.laminas.dev/laminas-diactoros/ Autoloader: /usr/share/php/Laminas/Diactoros2/autoload.php 1...
Incorrect implementation of RecordParser.readKeyValue()
Lines of code Vulnerability details Impact RecordParser.readKeyValue returns a wrong value if the terminator not found. This is a fundamental library and any contract using it may experience unexpected errors and problems due to this bug. Proof of Concept The implementation logic of...
Incorrect implementation of RRUtils.serialNumberGte
Lines of code Vulnerability details Impact Comparing serial numbers should follow RFC1982 due to the possibility of numbers wrapping around. RRUtils.serialNumberGte tried to follow the RFC but failed to do so, leading to incorrect results in comparison. Proof of Concept For a serial number i1 to ...
.NET 7.0 bugfix update
An update is available for dotnet7.0. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list .NET is a managed-software framework. It implements a subset of the .NET...
.NET 6.0 bug fix update
An update is available for dotnet6.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list .NET is a managed-software framework. It implements a subset of the .NET...
USN-6040-1 linux-hwe-5.15 vulnerabilities
It was discovered that the Traffic-Control Index TCINDEX implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2023-1281 It was discovered that the OverlayFS...
CVE-2023-29530 Laminas Diactoros vulnerable to HTTP Multiline Header Termination
Laminas Diactoros provides PSR HTTP Message implementations. In versions 2.18.0 and prior, 2.19.0, 2.20.0, 2.21.0, 2.22.0, 2.23.0, 2.24.0, and 2.25.0, users who create HTTP requests or responses using laminas/laminas-diactoros, when providing a newline at the start or end of a header key or value...