CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-1059 – Gentoo Linux Security Advisory 202405-14
https://notcve.org/view.php?id=CVE-2024-1059
30 Jan 2024 — Use after free in Peer Connection in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: High) El use after free en Peer Connection en Google Chrome anterior a 121.0.6167.139 permitía a un atacante remoto explotar potencialmente la corrupción de la pila a través de una página HTML manipulada. (Severidad de seguridad de Chromium: alta) Multiple vulnerabilities have been discovered in Chromium and its der... • https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_30.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 1%CPEs: 3EXPL: 0CVE-2023-46838 – Linux: netback processing of zero-length transmit fragment
https://notcve.org/view.php?id=CVE-2023-46838
29 Jan 2024 — Transmit requests in Xen's virtual network protocol can consist of multiple parts. While not really useful, except for the initial part any of them may be of zero length, i.e. carry no data at all. Besides a certain initial portion of the to be transferred data, these parts are directly translated into what Linux calls SKB fragments. Such converted request parts can, when for a particular SKB they are all of length zero, lead to a de-reference of NULL in core networking code. Las solicitudes de transmisión ... • https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html • CWE-476: NULL Pointer Dereference •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-0809 – Debian Security Advisory 5607-1
https://notcve.org/view.php?id=CVE-2024-0809
23 Jan 2024 — Inappropriate implementation in Autofill in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low) La implementación inapropiada de Autocompletar en Google Chrome anterior a 121.0.6167.85 permitió a un atacante remoto evitar las restricciones de Autocompletar a través de una página HTML manipulada. (Severidad de seguridad de Chrome: baja) Multiple vulnerabilities have been discovered in Chromium and its deriva... • https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 1CVE-2024-0811 – Debian Security Advisory 5607-1
https://notcve.org/view.php?id=CVE-2024-0811
23 Jan 2024 — Inappropriate implementation in Extensions API in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Low) La implementación inadecuada en Extensions API en Google Chrome anterior a 121.0.6167.85 permitió a un atacante que convenció a un usuario de instalar una extensión maliciosa para filtrar datos de orígenes cruzados a través de una extensión de Chrome manipula... • https://packetstorm.news/files/id/177172 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-0804 – Debian Security Advisory 5607-1
https://notcve.org/view.php?id=CVE-2024-0804
23 Jan 2024 — Insufficient policy enforcement in iOS Security UI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) La aplicación insuficiente de políticas en iOS Security UI en Google Chrome anterior a 121.0.6167.85 permitió que un atacante remoto filtrara datos de orígenes cruzados a través de una página HTML manipulada. (Severidad de seguridad de Chromium: media) Multiple vulnerabilities have been discovered in Chrom... • https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-0805 – Debian Security Advisory 5607-1
https://notcve.org/view.php?id=CVE-2024-0805
23 Jan 2024 — Inappropriate implementation in Downloads in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Medium) La implementación inadecuada en Downloads en Google Chrome anterior a 121.0.6167.85 permitió a un atacante remoto realizar una suplantación de dominio a través de un nombre de dominio manipulado. (Severidad de seguridad de Chromium: media) Multiple vulnerabilities have been discovered in Chromium and its derivat... • https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-0806 – Debian Security Advisory 5607-1
https://notcve.org/view.php?id=CVE-2024-0806
23 Jan 2024 — Use after free in Passwords in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium) Use after free en Passwords en Google Chrome anterior a 121.0.6167.85 permitía a un atacante remoto explotar potencialmente la corrupción del montón a través de una interacción de interfaz de usuario específica. (Severidad de seguridad de Chromium: media) Multiple vulnerabilities have been discovered in Chromium... • https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-0813 – Debian Security Advisory 5607-1
https://notcve.org/view.php?id=CVE-2024-0813
23 Jan 2024 — Use after free in Reading Mode in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium) Use after free en Reading Mode en Google Chrome anterior a 121.0.6167.85 permitió a un atacante convencer a un usuario de instalar una extensión maliciosa para explotar potencialmente la corrupción del montón a través de una interacción específica de la interfaz... • https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-0814 – Debian Security Advisory 5607-1
https://notcve.org/view.php?id=CVE-2024-0814
23 Jan 2024 — Incorrect security UI in Payments in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. (Chromium security severity: Medium) La interfaz de usuario de seguridad incorrecta en Payments en Google Chrome anterior a 121.0.6167.85 permitía a un atacante remoto falsificar potencialmente la interfaz de usuario de seguridad a través de una página HTML manipulada. (Severidad de seguridad de Chromium: media) Multiple vulnerabilities have been disco... • https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html • CWE-346: Origin Validation Error •
CVSS: 10.0EPSS: 1%CPEs: 3EXPL: 0CVE-2024-0808 – Debian Security Advisory 5607-1
https://notcve.org/view.php?id=CVE-2024-0808
23 Jan 2024 — Integer underflow in WebUI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a malicious file. (Chromium security severity: High) El desbordamiento de enteros en WebUI en Google Chrome anterior a 121.0.6167.85 permitía a un atacante remoto explotar potencialmente la corrupción del montón a través de un archivo malicioso. (Severidad de seguridad de Chrome: alta) Multiple vulnerabilities have been discovered in Chromium and its derivatives, the worst ... • https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html • CWE-191: Integer Underflow (Wrap or Wraparound) •