Lucene search
K

9179 matches found

Tenable Nessus
Tenable Nessus
added 2023/04/15 12:0 a.m.31 views

Fedora 38 : chromium (2023-f07892dd59)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-f07892dd59 advisory. update to 112.0.5615.49. Fixes the following security issues: CVE-2023-1528 CVE-2023-1529 CVE-2023-1530 CVE-2023-1531 CVE-2023-1532 CVE-2023-1533...

9.8CVSS7.1AI score0.02925EPSS
Exploits0References22
Github Security Blog
Github Security Blog
added 2023/04/14 4:14 p.m.24 views

matrix-js-sdk vulnerable to invisible eavesdropping in group calls

Impact An attacker present in a room where an MSC3401 group call is taking place can eavesdrop on the video and audio of participants using matrix-js-sdk, without their knowledge. To affected matrix-js-sdk users, the attacker will not appear to be participating in the call. This attack is possibl...

5.3CVSS5.4AI score0.00543EPSS
Exploits0References5Affected Software1
SUSE CVE
SUSE CVE
added 2023/04/14 1:51 a.m.2 views

SUSE CVE-2023-26555

praecisparse in ntpd/refclockpalisade.c in NTP 4.2.8p15 has an out-of-bounds write. Any attack method would be complex, e.g., with a manipulated GPS receiver...

5.5CVSS7.9AI score0.00521EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/04/14 12:0 a.m.4 views

Cesanta MJS 安全漏洞

Cesanta MJS is an embedded JavaScript engine for C/C++ from Cesanta Ireland. It is designed for microcontrollers with limited resources. The main design goals are a small footprint and simple C/C++ interoperability. A security vulnerability exists in Cesanta MJS version v2.20.0, which stems from...

5.5CVSS5.7AI score0.00276EPSS
Exploits1References3
Code423n4
Code423n4
added 2023/04/14 12:0 a.m.14 views

Resizing tokenIds is wrong in CollectionBatchBuyOperator.execute()

Lines of code Vulnerability details Impact The implementation of resizing an array is wrong in assembly, so the length of the array tokenIds will be wrong. Proof of Concept In CollectionBatchBuyOperator.execute, tokenIds should be resized to tokensBought, and the implementation is as follows:...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/04/14 12:0 a.m.13 views

An attacker can contribute to the ETH crowdfund using a flash loan and control the party as he likes.

Lines of code Vulnerability details Impact An attacker can have more than half of the total voting power using a flash loan and abuse other contributors. Proof of Concept The main flaw is that the party can distribute funds right after the crowdfund is finalized within the same block. So the...

6.7AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/04/13 12:0 a.m.45 views

Debian DSA-5386-1 : chromium - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5386 advisory. - Heap buffer overflow in Visuals in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who had compromised the renderer process to potentially exploi...

8.8CVSS8AI score0.01077EPSS
Exploits0References31
OpenVAS
OpenVAS
added 2023/04/13 12:0 a.m.16 views

Ubuntu: Security Advisory (USN-6014-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.9AI score0.01762EPSS
Exploits18References2
Ubuntu
Ubuntu
added 2023/04/12 2:41 p.m.88 views

USN-6013-1: Linux kernel (AWS) vulnerabilities

Xuewei Feng, Chuanpu Fu, Qi Li, Kun Sun, and Ke Xu discovered that the TCP implementation in the Linux kernel did not properly handle IPID assignment. A remote attacker could use this to cause a denial of service connection termination or inject forged data. CVE-2020-36516 Ke Sun, Alyssa Milburn,...

7.8CVSS7.2AI score0.01762EPSS
Exploits18
Tenable Nessus
Tenable Nessus
added 2023/04/12 12:0 a.m.35 views

Fedora 36 : chromium (2023-78e350cb88)

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-78e350cb88 advisory. update to 112.0.5615.49. Fixes the following security issues: CVE-2023-1528 CVE-2023-1529 CVE-2023-1530 CVE-2023-1531 CVE-2023-1532 CVE-2023-1533...

9.8CVSS7.6AI score0.02925EPSS
Exploits0References22
OSV
OSV
added 2023/04/11 10:55 p.m.10 views

USN-6009-1 linux-gcp vulnerabilities

It was discovered that the System V IPC implementation in the Linux kernel did not properly handle large shared memory counts. A local attacker could use this to cause a denial of service memory exhaustion. CVE-2021-3669 It was discovered that a use-after-free vulnerability existed in the SGI GRU...

7.9CVSS7AI score0.03702EPSS
Exploits5References12
ALT Linux
ALT Linux
added 2023/04/11 12:0 a.m.64 views

Security fix for the ALT Linux 10 package yandex-browser-stable version 23.3.1.916-alt1

April 11, 2023 Yandex Browser Team 23.3.1.916-alt1 - Browser updated to 23.3.1 + Critical CVE-2023-0941: Use after free in Prompts. + High CVE-2023-0927: Use after free in Web Payments API. + High CVE-2023-0928: Use after free in SwiftShader. + High CVE-2023-0929: Use after free in Vulkan. + High...

7.8AI score0.00883EPSS
Exploits0
CNVD
CNVD
added 2023/04/07 12:0 a.m.21 views

Google Chrome WebShare Security Bypass Vulnerability

Google Chrome is a web browser from Google, an American company. A security bypass vulnerability exists in Google Chrome WebShare that originates from improper implementation in WebShare. An attacker can exploit this vulnerability to bypass security restrictions...

6.5CVSS6.5AI score0.00847EPSS
Exploits0References1
CNVD
CNVD
added 2023/04/07 12:0 a.m.21 views

Google Chrome FedCM Security Bypass Vulnerability

Google Chrome is a web browser from Google, an American company. A security bypass vulnerability exists in Google Chrome FedCM, which stems from an improper implementation in FedCM. An attacker can exploit this vulnerability to bypass security restrictions...

6.5CVSS6.6AI score0.00889EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2023/04/06 7:0 a.m.27 views

Chromium: CVE-2023-1813 Inappropriate implementation in Extensions

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

6.5CVSS7.2AI score0.00712EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/04/06 12:0 a.m.115 views

Amazon Linux 2 : containerd (ALASDOCKER-2023-023)

The version of containerd installed on the remote host is prior to 1.6.19-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2023-023 advisory. containerd is an open source container runtime. A bug was found in containerd's CRI implementation where a user c...

7.8CVSS7.2AI score0.01022EPSS
Exploits1References8
Kaspersky
Kaspersky
added 2023/04/06 12:0 a.m.43 views

KLA48814 Multiple vulnerabilities in Microsoft Browser

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to spoof user interface, cause denial of service, execute arbitrary code, gain privileges. Below is a complete list of vulnerabilities: 1. Security UI vulnerability in Navigation can be...

8.8CVSS8.6AI score0.01077EPSS
Exploits0References18
OSV
OSV
added 2023/04/05 2:1 p.m.16 views

OSV-2023-281 Heap-buffer-overflow in unsigned long simdutf::haswell::convert_masked_utf8_to_utf16<

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=57673 Crash type: Heap-buffer-overflow WRITE 16 Crash state: unsigned long simdutf::haswell::convertmaskedutf8toutf16 simdutf::haswell::implementation::convertutf8toutf16le roundtrip.cc...

7.2AI score
Exploits0References1
UbuntuCve
UbuntuCve
added 2023/04/04 10:15 p.m.26 views

CVE-2023-1813

Inappropriate implementation in Extensions in Google Chrome prior to 112.0.5615.49 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS6.7AI score0.00712EPSS
Exploits0References4
Prion
Prion
added 2023/04/04 10:15 p.m.21 views

Design/Logic Flaw

Inappropriate implementation in Extensions in Google Chrome prior to 112.0.5615.49 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted HTML page. Chromium security severity: Medium...

4.3CVSS6.4AI score0.00712EPSS
Exploits0References6Affected Software3
Rows per page
Query Builder