Page 78 of 703 results (0.032 seconds)

CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0

Use after free in Core in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de memoria previamente liberada en Core en Google Chrome versiones anteriores a 103.0.5060.53, permitía a un atacante remoto explotar potencialmente la corrupción de la pila por medio de una página HTML diseñada Chrome has an issue where raw_ptr broke implicit scoped_refptr for receivers in base::Bind. • https://chromereleases.googleblog.com/2022/06/stable-channel-update-for-desktop_21.html https://crbug.com/1335458 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5BQRTR4SIUNIHLLPWTGYSDNQK7DYCRSB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H2C4XOJVIILDXTOSMWJXHSQNEXFWSOD7 https://security.gentoo.org/glsa/202208-25 • CWE-416: Use After Free •

CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 1

Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 103.0.5060.53 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from a user's local files via a crafted HTML page. Una aplicación insuficiente de políticas en DevTools en Google Chrome en Windows versiones anteriores a 103.0.5060.53, permitía que un atacante que convenciera a un usuario de instalar una extensión maliciosa obtuviera información potencialmente confidencial de los archivos locales de un usuario por medio de una página HTML diseñada • https://chromereleases.googleblog.com/2022/06/stable-channel-update-for-desktop_21.html https://crbug.com/1116450 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5BQRTR4SIUNIHLLPWTGYSDNQK7DYCRSB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H2C4XOJVIILDXTOSMWJXHSQNEXFWSOD7 https://security.gentoo.org/glsa/202208-25 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0

Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 103.0.5060.53 allowed a remote attacker to bypass file system access via a crafted HTML page. La aplicación insuficiente de políticas en la API del sistema de archivos de Google Chrome en Windows versiones anteriores a 103.0.5060.53, permitía a un atacante remoto omitir el acceso al sistema de archivos por medio de una página HTML diseñada • https://chromereleases.googleblog.com/2022/06/stable-channel-update-for-desktop_21.html https://crbug.com/1307930 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5BQRTR4SIUNIHLLPWTGYSDNQK7DYCRSB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H2C4XOJVIILDXTOSMWJXHSQNEXFWSOD7 https://security.gentoo.org/glsa/202208-25 •

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0

Synapse is an open source home server implementation for the Matrix chat network. In versions prior to 1.61.1 URL previews of some web pages can exhaust the available stack space for the Synapse process due to unbounded recursion. This is sometimes recoverable and leads to an error for the request causing the problem, but in other cases the Synapse process may crash altogether. It is possible to exploit this maliciously, either by malicious users on the homeserver, or by remote users sending URLs that a local user's client may automatically request a URL preview for. Remote users are not able to exploit this directly, because the URL preview endpoint is authenticated. • https://github.com/matrix-org/synapse/commit/fa1308061802ac7b7d20e954ba7372c5ac292333 https://github.com/matrix-org/synapse/security/advisories/GHSA-22p3-qrh9-cx32 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7EARKKJZ2W7WUITFDT4EG4NVATFYJQHF https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGSDQ4YAITCUACAB7SXQZDJIU3IQ4CJD https://spec.matrix.org/v1.2/client-server-api/#get_matrixmediav3preview_url • CWE-674: Uncontrolled Recursion •

CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1

NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2. Una Desreferencia de Puntero NULL en el repositorio de GitHub vim/vim versiones anteriores a 8.,2 • https://github.com/vim/vim/commit/79481367a457951aabd9501b510fd7e3eb29c3d8 https://huntr.dev/bounties/8dae6ab4-7a7a-4716-a65c-9b090fa057b5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFD2A4YLBR7OIRHTL7CK6YNMEIQ264CN https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U743FMJGFQ35GBPCQ6OWMVZEJPDFVEWM https://security.gentoo.org/glsa/202208-32 https://security.gentoo.org/glsa/202305-16 • CWE-476: NULL Pointer Dereference •