9185 matches found
CVE-2023-1231
Inappropriate implementation in Autofill in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to potentially spoof the contents of the omnibox via a crafted HTML page. Chromium security severity: Medium...
Design/Logic Flaw
Inappropriate implementation in Autofill in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to potentially spoof the contents of the omnibox via a crafted HTML page. Chromium security severity: Medium...
Information disclosure
Inappropriate implementation in Internals in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to spoof the origin of an iframe via a crafted HTML page. Chromium security severity: Low...
CVE-2023-1229
Inappropriate implementation in Permission prompts in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Medium...
Design/Logic Flaw
Inappropriate implementation in Permission prompts in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Medium...
CVE-2023-1230
Inappropriate implementation in WebApp Installs in Google Chrome on Android prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious WebApp to spoof the contents of the PWA installer via a crafted HTML page. Chromium security severity: Medium...
CVE-2023-1234
Inappropriate implementation in Intents in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Chromium security severity: Low...
CVE-2023-1234
Inappropriate implementation in Intents in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Chromium security severity: Low...
CVE-2023-1236
CVE-2023-1236 affects Google Chrome (Chromium-based) prior to 111.0.5563.64 via an inappropriate implementation in Internals that allowed remote spoofing of an iframe origin through a crafted HTML page. The issue is logged as a Low severity in Chromium terms (CVSS 3.1 base 4.3, MEDIUM overall). R...
CVE-2023-1236
Inappropriate implementation in Internals in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to spoof the origin of an iframe via a crafted HTML page. Chromium security severity: Low...
CVE-2023-1231
Inappropriate implementation in Autofill in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to potentially spoof the contents of the omnibox via a crafted HTML page. Chromium security severity: Medium...
CVE-2023-1230
CVE-2023-1230 concerns an Inappropriate implementation in WebApp Installs in Google Chrome on Android before version 111.0.5563.64. The issue allows an attacker who persuades a user to install a malicious WebApp to spoof the contents of the PWA installer via a crafted HTML page. Affected product ...
CVE-2023-1230
Inappropriate implementation in WebApp Installs in Google Chrome on Android prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious WebApp to spoof the contents of the PWA installer via a crafted HTML page. Chromium security severity: Medium...
CVE-2023-1231
Inappropriate implementation in Autofill in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to potentially spoof the contents of the omnibox via a crafted HTML page. Chromium security severity: Medium...
CVE-2023-1229
The CVE-2023-1229 entry concerns Google Chrome (Chromium-based) prior to version 111.0.5563.64. Affected component: Permission prompts implementation. Root cause: Inappropriate implementation in Permission prompts allowed a remote attacker to bypass navigation restrictions via a crafted HTML page...
CVE-2023-1229
Inappropriate implementation in Permission prompts in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Medium...
USN-5935-1: Linux kernel vulnerabilities
It was discovered that the Upper Level Protocol ULP subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execut...
USN-5934-1: Linux kernel (Raspberry Pi) vulnerabilities
It was discovered that the Upper Level Protocol ULP subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execut...
Internet Bug Bounty: Apache Airflow Google Cloud Sql Provider Remote Command Execution
An improper input validation vulnerability was discovered in Apache Airflow Google Provider before version 8.10.0, which could allow an attacker to execute remote commands on the victim's machine by modifying the existing connection configuration information. The vulnerability was discovered by X...
LSN-0092-1: Kernel Live Patch Security Notice
Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service system crash or execute arbitrary code.CVE-2022-4378 Tamás Koczka discovered that the Bluetooth L2CAP handshake...