CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-0814
https://notcve.org/view.php?id=CVE-2024-0814
Incorrect security UI in Payments in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. (Chromium security severity: Medium) La interfaz de usuario de seguridad incorrecta en Payments en Google Chrome anterior a 121.0.6167.85 permitía a un atacante remoto falsificar potencialmente la interfaz de usuario de seguridad a través de una página HTML manipulada. (Severidad de seguridad de Chromium: media) • https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html https://crbug.com/1463935 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC • CWE-346: Origin Validation Error •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-0808
https://notcve.org/view.php?id=CVE-2024-0808
Integer underflow in WebUI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a malicious file. (Chromium security severity: High) El desbordamiento de enteros en WebUI en Google Chrome anterior a 121.0.6167.85 permitía a un atacante remoto explotar potencialmente la corrupción del montón a través de un archivo malicioso. (Severidad de seguridad de Chrome: alta) • https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html https://crbug.com/1504936 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-0812
https://notcve.org/view.php?id=CVE-2024-0812
Inappropriate implementation in Accessibility in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High) La implementación inadecuada de Accessibility en Google Chrome anterior a 121.0.6167.85 permitía a un atacante remoto explotar potencialmente la corrupción de objetos a través de una página HTML manipulada. (Severidad de seguridad de Chrome: alta) • https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html https://crbug.com/1484394 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-0807
https://notcve.org/view.php?id=CVE-2024-0807
Use after free in Web Audio in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Use after free en Web Audio en Google Chrome anterior a 121.0.6167.85 permitía a un atacante remoto explotar potencialmente la corrupción del montón a través de una página HTML manipulada. (Severidad de seguridad de Chrome: alta) • https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html https://crbug.com/1505080 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-39197 – Kernel: dccp: conntrack out-of-bounds read in nf_conntrack_dccp_packet()
https://notcve.org/view.php?id=CVE-2023-39197
An out-of-bounds read vulnerability was found in Netfilter Connection Tracking (conntrack) in the Linux kernel. This flaw allows a remote user to disclose sensitive information via the DCCP protocol. Se encontró una vulnerabilidad de lectura fuera de los límites en Netfilter Connection Tracking (conntrack) en el kernel de Linux. Esta falla permite que un usuario remoto revele información confidencial a través del protocolo DCCP. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Linux Kernel. • https://access.redhat.com/security/cve/CVE-2023-39197 https://bugzilla.redhat.com/show_bug.cgi?id=2218342 • CWE-125: Out-of-bounds Read •