212 matches found
CVE-2024-5684
An attacker with access to the private network the charger is connected to or local access to the Ethernet-Interface can exploit a faulty implementation of the JWT-library in order to bypass the password authentication to the web configuration interface and then has full access as the user would...
Authentication Bypass
friendsofsymfony/user-bundle is vulnerable to Authentication Bypass. The vulnerability is due to an insecure user refresh implementation due to using the primary key instead of the username, which can result in authentication bypass if users are allowed to change usernames...
CVE-2024-4950
CVE-2024-4950 pertains to Chromium/Google Chrome prior to 125.0.6422.60, where an inappropriate implementation in Downloads could let a remote attacker lure a user into specific UI gestures to spoof UI via a crafted HTML page. Affected products are Chrome/Chromium browsers; the underlying issue i...
CVE-2024-3845
Inappropriate implementation in Networks in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass mixed content policy via a crafted HTML page. Chromium security severity: Low...
CVE-2024-3838
Inappropriate implementation in Autofill in Google Chrome prior to 124.0.6367.60 allowed an attacker who convinced a user to install a malicious app to perform UI spoofing via a crafted app. Chromium security severity: Medium...
CVE-2024-3156
Inappropriate implementation in V8 in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Chromium security severity: High...
CVE-2024-3156
CVE-2024-3156 affects Chromium/Google Chrome via an inappropriate implementation in V8, allowing remote memory-out-of-bounds access through a crafted HTML page on versions prior to 123.0.6312.105. Debian security advisory confirms the fix is in chromium 123.0.6312.105-1~deb12u1 for stable (bookwo...
CVE-2024-2630
Inappropriate implementation in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...
CVE-2024-2631
Inappropriate implementation in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...
CVE-2024-1672
Inappropriate implementation in Content Security Policy in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass content security policy via a crafted HTML page. Chromium security severity: Medium...
CVE-2024-1676
Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to spoof security UI via a crafted HTML page. Chromium security severity: Low...
CVE-2024-1676
Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to spoof security UI via a crafted HTML page. Chromium security severity: Low...
CVE-2024-0809
Inappropriate implementation in Autofill in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. Chromium security severity: Low...
PKCE Downgrade Attack
yiisoft/yii2-authclient is vulnerable to PKCE Downgrade Attack. The vulnerability is caused due to an insecure implementation of PKCE. The application doesn't use authCodeVerifier securely. An attacker can gain unauthorized access to protected resources by exploiting this vulnerability...
CVE-2023-6511
Inappropriate implementation in Autofill in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. Chromium security severity: Low...
Return values of approve() not checked
Lines of code 321, 215, 184, 450, 761, 217, 157, 234, 339, 386https://github.com/Tapioca-DAO/t...
CVE-2023-5480
Inappropriate implementation in Payments in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to bypass XSS preventions via a malicious file. Chromium security severity: High...
CVE-2023-5858
Inappropriate implementation in WebApp Provider in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. Chromium security severity: Low...
CVE-2023-21366
In Scudo, there is a possible way for an attacker to predict heap allocation patterns due to insecure implementation/design. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
PT-2023-18141 · Scudo · Scudo
Name of the Vulnerable Software and Affected Versions: Scudo affected versions not specified Description: The issue is related to an insecure implementation or design in Scudo, allowing an attacker to predict heap allocation patterns. This could lead to local information disclosure without...