CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9858 – Insecure user permissions in Google Cloud Migrate to Containers for Windows
https://notcve.org/view.php?id=CVE-2024-9858
There exists an insecure default user permission in Google Cloud Migrate to containers from version 1.1.0 to 1.2.2 Windows installs. A local "m2cuser" was greated with administrator privileges. This posed a security risk if the "analyze" or "generate" commands were interrupted or skipping the action to delete the local user “m2cuser”. We recommend upgrading to 1.2.3 or beyond Existe un permiso de usuario predeterminado inseguro en las instalaciones de Google Cloud Migrate to Containers desde la versión 1.1.0 a la 1.2.2 de Windows. Se otorgaron privilegios de administrador a un "m2cuser" local. • https://cloud.google.com/migrate/containers/docs/m2c-cli-relnotes#october_8_2024 • CWE-276: Incorrect Default Permissions •
CVSS: -EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9966
https://notcve.org/view.php?id=CVE-2024-9966
Inappropriate implementation in Navigations in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low) • https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_15.html https://issues.chromium.org/issues/364773822 •
CVSS: -EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9965
https://notcve.org/view.php?id=CVE-2024-9965
Insufficient data validation in DevTools in Google Chrome on Windows prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Low) • https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_15.html https://issues.chromium.org/issues/352651673 •
CVSS: -EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9964
https://notcve.org/view.php?id=CVE-2024-9964
Inappropriate implementation in Payments in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low) • https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_15.html https://issues.chromium.org/issues/361711121 •
CVSS: -EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9963
https://notcve.org/view.php?id=CVE-2024-9963
Insufficient data validation in Downloads in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) • https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_15.html https://issues.chromium.org/issues/328278718 •