CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2024-5274 – Google Chromium V8 Type Confusion Vulnerability
https://notcve.org/view.php?id=CVE-2024-5274
Type Confusion in V8 in Google Chrome prior to 125.0.6422.112 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) Type Confusion en V8 en Google Chrome anterior a 125.0.6422.112 permitía a un atacante remoto ejecutar código arbitrario dentro de una sandbox a través de una página HTML manipulada. (Severidad de seguridad de Chrome: alta) Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. • https://github.com/mistymntncop/CVE-2024-5274 https://github.com/Alchemist3dot14/CVE-2024-5274-Detection https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_23.html https://issues.chromium.org/issues/341663589 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVC3FNI7HZLVSRIFBVUSBHI233DZYBKP https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T6IBUYVPD4MIFQNNYBGAPI5MOECWXXOB • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 6.5EPSS: 0%CPEs: 13EXPL: 0CVE-2024-5166 – Insecure Direct Object Reference In Looker
https://notcve.org/view.php?id=CVE-2024-5166
An Insecure Direct Object Reference in Google Cloud's Looker allowed metadata exposure across authenticated Looker users sharing the same LookML model. Una referencia de objeto directa insegura en Looker de Google Cloud permitió la exposición de metadatos entre usuarios autenticados de Looker que compartían el mismo modelo LookML. • https://cloud.google.com/looker/docs/best-practices/query-id-update-instructions • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5160
https://notcve.org/view.php?id=CVE-2024-5160
Heap buffer overflow in Dawn in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) El desbordamiento de búfer de almacenamiento dinámico en Dawn en Google Chrome anterior a 125.0.6422.76 permitía a un atacante remoto realizar una escritura en memoria fuera de los límites a través de una página HTML manipulada. (Severidad de seguridad de Chrome: alta) • https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_21.html https://issues.chromium.org/issues/338161969 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KEVD4433KTOCYY6V4I7MMYKQ6URUS4L https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FX6IYZ6XF7B2WE66NFPNI2NHWJFI6VDF • CWE-122: Heap-based Buffer Overflow •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5159
https://notcve.org/view.php?id=CVE-2024-5159
Heap buffer overflow in ANGLE in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) El desbordamiento de búfer de almacenamiento dinámico en ANGLE en Google Chrome anterior a 125.0.6422.76 permitía a un atacante remoto realizar una lectura de memoria fuera de los límites a través de una página HTML manipulada. (Severidad de seguridad de Chrome: alta) • https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_21.html https://issues.chromium.org/issues/335613092 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KEVD4433KTOCYY6V4I7MMYKQ6URUS4L https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FX6IYZ6XF7B2WE66NFPNI2NHWJFI6VDF • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5158
https://notcve.org/view.php?id=CVE-2024-5158
Type Confusion in V8 in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to potentially perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) Type Confusion en V8 en Google Chrome anterior a 125.0.6422.76 permitía a un atacante remoto realizar potencialmente lectura/escritura arbitraria a través de una página HTML manipulada. (Severidad de seguridad de Chrome: alta) • https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_21.html https://issues.chromium.org/issues/338908243 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KEVD4433KTOCYY6V4I7MMYKQ6URUS4L https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FX6IYZ6XF7B2WE66NFPNI2NHWJFI6VDF • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •