CVSS: 10.0EPSS: 1%CPEs: 3EXPL: 0CVE-2024-5837 – Debian Security Advisory 5710-1
https://notcve.org/view.php?id=CVE-2024-5837
11 Jun 2024 — Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) Type Confusion en V8 en Google Chrome anterior a 126.0.6478.54 permitía a un atacante remoto realizar potencialmente un acceso a la memoria fuera de los límites a través de una página HTML manipulada. (Severidad de seguridad de Chrome: alta) Multiple vulnerabilities have been discovered in QtWebEngine, the worst ... • https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-5836 – Debian Security Advisory 5710-1
https://notcve.org/view.php?id=CVE-2024-5836
11 Jun 2024 — Inappropriate Implementation in DevTools in Google Chrome prior to 126.0.6478.54 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: High) La implementación inapropiada en DevTools en Google Chrome anterior a 126.0.6478.54 permitió a un atacante que convenció a un usuario de instalar una extensión maliciosa para ejecutar código arbitrario a través de una extensión de Chrome manipulada. (Severidad de ... • https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html • CWE-474: Use of Function with Inconsistent Implementations •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-5835 – Debian Security Advisory 5710-1
https://notcve.org/view.php?id=CVE-2024-5835
11 Jun 2024 — Heap buffer overflow in Tab Groups in Google Chrome prior to 126.0.6478.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) El desbordamiento del búfer del montón en Tab Groups en Google Chrome anteriores a 126.0.6478.54 permitió a un atacante remoto que convenció a un usuario para realizar gestos de interfaz de usuario específicos para explotar potencialmente la corrupción del ... • https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 1%CPEs: 3EXPL: 0CVE-2024-5834 – Debian Security Advisory 5710-1
https://notcve.org/view.php?id=CVE-2024-5834
11 Jun 2024 — Inappropriate implementation in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) La implementación inapropiada en Dawn en Google Chrome anterior a 126.0.6478.54 permitió a un atacante remoto ejecutar código arbitrario a través de una página HTML manipulada. (Severidad de seguridad de Chrome: alta) Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to arbitrary ... • https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 1%CPEs: 3EXPL: 0CVE-2024-5833 – Debian Security Advisory 5710-1
https://notcve.org/view.php?id=CVE-2024-5833
11 Jun 2024 — Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) Type Confusion en V8 en Google Chrome anterior a 126.0.6478.54 permitía a un atacante remoto realizar potencialmente un acceso a la memoria fuera de los límites a través de una página HTML manipulada. (Severidad de seguridad de Chrome: alta) Multiple vulnerabilities have been discovered in QtWebEngine, the worst ... • https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-5832 – Debian Security Advisory 5710-1
https://notcve.org/view.php?id=CVE-2024-5832
11 Jun 2024 — Use after free in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Use after free en Dawn en Google Chrome anterior a 126.0.6478.54 permitía a un atacante remoto explotar potencialmente la corrupción del montón a través de una página HTML manipulada. (Severidad de seguridad de Chrome: alta) Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to arbi... • https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-5831 – Debian Security Advisory 5710-1
https://notcve.org/view.php?id=CVE-2024-5831
11 Jun 2024 — Use after free in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Use after free en Dawn en Google Chrome anterior a 126.0.6478.54 permitía a un atacante remoto explotar potencialmente la corrupción del montón a través de una página HTML manipulada. (Severidad de seguridad de Chrome: alta) Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to arbi... • https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html • CWE-416: Use After Free •
CVSS: 10.0EPSS: 19%CPEs: 3EXPL: 0CVE-2024-5830 – Debian Security Advisory 5710-1
https://notcve.org/view.php?id=CVE-2024-5830
11 Jun 2024 — Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) Type Confusion en V8 en Google Chrome anterior a 126.0.6478.54 permitía a un atacante remoto realizar una escritura en la memoria fuera de los límites a través de una página HTML manipulada. (Severidad de seguridad de Chrome: alta) Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead ... • https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html • CWE-787: Out-of-bounds Write CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 1CVE-2024-2408 – PHP is vulnerable to the Marvin Attack
https://notcve.org/view.php?id=CVE-2024-2408
09 Jun 2024 — The openssl_private_decrypt function in PHP, when using PKCS1 padding (OPENSSL_PKCS1_PADDING, which is the default), is vulnerable to the Marvin Attack unless it is used with an OpenSSL version that includes the changes from this pull request: https://github.com/openssl/openssl/pull/13817 (rsa_pkcs1_implicit_rejection). These changes are part of OpenSSL 3.2 and have also been backported to stable versions of various Linux distributions, as well as to the PHP builds provided for Windows since the previous re... • https://github.com/php/php-src/security/advisories/GHSA-hh26-4ppw-5864 • CWE-203: Observable Discrepancy CWE-385: Covert Timing Channel •
CVSS: 10.0EPSS: 94%CPEs: 5EXPL: 71CVE-2024-4577 – PHP-CGI OS Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2024-4577
09 Jun 2024 — In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc. En las vers... • https://packetstorm.news/files/id/179085 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •