161
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Use after free in Accessibility in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform arbitrary read/write via a crafted H…
Update
|
CWE-416
Use After Free
|
CVE-2022-4921
|
2024-10-3 23:35 |
2023-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
162
|
9.6 |
CRITICAL
Network
|
google
|
chrome
|
Heap buffer overflow in Blink in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a cr…
Update
|
CWE-787
Out-of-bounds Write
|
CVE-2022-4920
|
2024-10-3 23:35 |
2023-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
163
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Use after free in Base Internals in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)
Update
|
CWE-416
Use After Free
|
CVE-2022-4919
|
2024-10-3 23:35 |
2023-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
164
|
8.8 |
HIGH
Network
|
apache
|
nifi
|
Apache NiFi 0.0.2 through 1.22.0 include Processors and Controller Services that support HTTP URL references for retrieving drivers, which allows an authenticated and authorized user to configure a l…
Update
|
CWE-94
Code Injection
|
CVE-2023-36542
|
2024-10-3 23:35 |
2023-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
165
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Use after free in DevTools in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (…
Update
|
CWE-416
Use After Free
|
CVE-2021-4322
|
2024-10-3 23:35 |
2023-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
166
|
5.4 |
MEDIUM
Network
|
themedy
|
toolbox
|
The Themedy Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's themedy_col, themedy_social_link, themedy_alertbox, and themedy_pullleft shortcodes in all versi…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-9177
|
2024-10-3 23:32 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
167
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
cgroup/cpuset: fix panic caused by partcmd_update
We find a bug as below:
BUG: unable to handle page fault for address: 00000003
…
Update
|
NVD-CWE-noinfo
|
CVE-2024-44975
|
2024-10-3 23:32 |
2024-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
168
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
mm, slub: do not call do_slab_free for kfence object
In 782f8906f805 the freeing of kfence objects was moved from deep
inside do_…
Update
|
NVD-CWE-noinfo
|
CVE-2024-44973
|
2024-10-3 23:23 |
2024-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
169
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink
When all the strides in a WQE have been consumed, the WQE is unlinked
from t…
Update
|
NVD-CWE-noinfo
|
CVE-2024-44970
|
2024-10-3 23:22 |
2024-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
170
|
7.5 |
HIGH
Network
cisco
|
ios_xr
|
A vulnerability in the multicast traceroute version 2 (Mtrace2) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to exhaust the UDP packet memory of an affected device…
Update
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2024-20304
|
2024-10-3 23:20 |
2024-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|