Lucene search
K

9179 matches found

Cvelist
Cvelist
added 2023/04/04 9:39 p.m.23 views

CVE-2023-1823

Inappropriate implementation in FedCM in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Low...

6.7AI score0.00889EPSS
Exploits0References6
CVE
CVE
added 2023/04/04 9:39 p.m.144 views

CVE-2023-1823

CVE-2023-1823 concerns Google Chrome's FedCM: an improper FedCM implementation allows a remote attacker to bypass navigation restrictions via a crafted HTML page. Affected product/component: Chrome/Chromium FedCM integration. Root cause: Inappropriate implementation in FedCM. Impact: navigation r...

6.5CVSS6.3AI score0.00889EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2023/04/04 4:46 a.m.22 views

CVE-2022-25745 Always Incorrect Control Flow Implementation in MODEM

Memory corruption in modem due to improper input validation while handling the incoming CoAP message...

9.8CVSS9.8AI score0.00417EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2023/04/04 12:0 a.m.38 views

Google Chrome < 112.0.5615.49 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 112.0.5615.49. It is, therefore, affected by multiple vulnerabilities as referenced in the 202304stable-channel-update-for-desktop advisory. - Heap buffer overflow in Browser History in Google Chrome prior to...

8.8CVSS8AI score0.01077EPSS
Exploits0References29
Google Chrome Security Advisories
Google Chrome Security Advisories
added 2023/04/04 12:0 a.m.319 views

Stable Channel Update for Desktop

The Chrome team is delighted to announce the promotion of Chrome 112 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks. Chrome 112.0.5615.49 Linux and Mac, 112.0.5615.49/50 Windows contains a number of fixes and improvements -- a list of changes is...

8.8CVSS9.2AI score0.01077EPSS
Exploits2Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/04/04 12:0 a.m.152 views

Google Chrome < 112.0.5615.49 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 112.0.5615.49. It is, therefore, affected by multiple vulnerabilities as referenced in the 202304stable-channel-update-for-desktop advisory. - Heap buffer overflow in Browser History in Google Chrome prior to 112.0.5615.4...

8.8CVSS7.9AI score0.01077EPSS
Exploits0References29
CNNVD
CNNVD
added 2023/04/04 12:0 a.m.6 views

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, an American company. A security bypass vulnerability exists in Google Chrome FedCM, which stems from an improper implementation in FedCM. An attacker can exploit this vulnerability to bypass security restrictions...

6.5CVSS8.6AI score0.00889EPSS
Exploits0References10
CNNVD
CNNVD
added 2023/04/04 12:0 a.m.4 views

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, an American company. A security bypass vulnerability exists in Google Chrome WebShare that originates from improper implementation in WebShare. An attacker can exploit this vulnerability to bypass security restrictions...

6.5CVSS8.6AI score0.00847EPSS
Exploits0References10
The Hacker News
The Hacker News
added 2023/04/03 11:20 a.m.41 views

"It's The Service Accounts, Stupid": Why Do PAM Deployments Take (almost) Forever To Complete?

Privileged Access Management PAM solutions are regarded as the common practice to prevent identity threats to administrative accounts. In theory, the PAM concept makes absolute sense: place admin credentials in a vault, rotate their passwords, and closely monitor their sessions. However, the hars...

7.1AI score
Exploits0
OSV
OSV
added 2023/03/31 12:58 p.m.15 views

USN-5991-1 linux-gcp-4.15 vulnerabilities

It was discovered that the System V IPC implementation in the Linux kernel did not properly handle large shared memory counts. A local attacker could use this to cause a denial of service memory exhaustion. CVE-2021-3669 It was discovered that a use-after-free vulnerability existed in the SGI GRU...

7.9CVSS7AI score0.03702EPSS
Exploits5References12
NVD
NVD
added 2023/03/30 7:15 p.m.20 views

CVE-2023-28644

Nextcloud server is an open source home cloud implementation. In releases of the 25.0.x branch before 25.0.3 an inefficient fetch operation may impact server performances and/or can lead to a denial of service. This issue has been addressed and it is recommended that the Nextcloud Server is...

7.5CVSS6.3AI score0.00624EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2023/03/30 9:22 a.m.47 views

CVE-2023-26545

A double-free flaw was found in the Linux kernel when the MPLS implementation handled sysctl allocation failures. This issue could allow a local user to cause a denial of service or possibly execute arbitrary code...

4.7CVSS6.6AI score0.00331EPSS
Exploits0References3
Code423n4
Code423n4
added 2023/03/30 12:0 a.m.10 views

WstEth.withdraw() improper implementation of slippage check

Lines of code Vulnerability details Impact In the current implementation of withdraw, the amount is not controlled by minOut. Impact: Users can get rekt. Proof of Concept function withdrawuint256 amount external onlyOwner IWStETHWSTETH.unwrapamount; uint256 stEthBal =...

6.8AI score
Exploits0
AlpineLinux
AlpineLinux
added 2023/03/30 12:0 a.m.73 views

CVE-2023-27534

A path traversal vulnerability exists in curl 8.0.0 SFTP implementation causes the tilde character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can...

8.8CVSS9.2AI score0.02195EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2023/03/29 12:0 a.m.38 views

SUSE SLES15 / openSUSE 15 Security Update : containerd (SUSE-SU-2023:1628-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:1628-1 advisory. - containerd is an open source container runtime. A bug was found in containerd's CRI implementation where a user can exhaust...

6.5CVSS7.3AI score0.01022EPSS
Exploits0References4
Prion
Prion
added 2023/03/28 3:15 p.m.46 views

Design/Logic Flaw

The function X509VERIFYPARAMadd0policy is documented to implicitly enable the certificate policy check when doing certificate verification. However the implementation of the function does not enable the check which allows certificates with invalid or incorrect policies to pass the certificate...

5CVSS6.2AI score0.01629EPSS
Exploits0References10Affected Software1
OpenVAS
OpenVAS
added 2023/03/28 12:0 a.m.27 views

Mageia: Security Advisory (MGASA-2023-0016)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS6.8AI score0.007EPSS
Exploits0References5
vulnersOsv
vulnersOsv
added 2023/03/27 10:17 p.m.9 views

io.apiman:apiman-distro-db (>=1.1.2.Final <=1.2.6.Beta3), io.apiman:apiman-distro-db-es (>=1.1.2.Final <=1.2.6.Beta3) +23 more potentially affected by CVE-2023-28640 via io.apiman:apiman-manager-api-rest-impl (>=1.1.2.Final <=3.0.0.RC6)

io.apiman:apiman-manager-api-rest-impl MAVEN version =1.1.2.Final, =1.1.2.Final, =1.1.2.Final, =1.1.6.Final, =1.2.2.Final, =1.2.2.Final, =1.2.2.Final, =1.1.2.Final, =1.2.1.Final, =1.1.5.Final, =1.1.2.Final, =1.2.2.Final, =1.1.2.Final, =1.1.2.Final, =1.1.2.Final, =1.1.2.Final, =1.2.0.Final and mor...

6.4CVSS6AI score0.0034EPSS
Exploits0
Cvelist
Cvelist
added 2023/03/27 9:23 p.m.33 views

CVE-2023-28102 Command injection in discordrb

discordrb is an implementation of the Discord API using Ruby. In discordrb before commit 91e13043ffa the encoder.rb file unsafely constructs a shell string using the file parameter, which can potentially leave clients of discordrb vulnerable to command injection. The library is not directly...

8.3CVSS9.9AI score0.02546EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2023/03/27 8:43 p.m.7 views

CVE-2023-28638 Stack references to locations outside buffers may become invalid if they exist during a GC compaction in Snappier

Snappier is a high performance C implementation of the Snappy compression algorithm. This is a buffer overrun vulnerability that can affect any user of Snappier 1.1.0. In this release, much of the code was rewritten to use byte references rather than pointers to pinned buffers. This change...

7CVSS7AI score0.00549EPSS
Exploits0References2
Rows per page
Query Builder