Monthly
Object lifecycle issue in Dawn in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
Object lifecycle issue in WebShare in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)
Iterator failure issue in the WantAgent module. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.
Iterator failure issue in the multi-mode input module. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.
Iterator failure vulnerability in the card management module. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Iterator failure vulnerability in the card management module. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
CVE-2024-41169 is an unauthenticated information disclosure vulnerability in Apache Zeppelin's raft server protocol that allows remote attackers to enumerate and view server resources, including sensitive directories and files, without authentication. Versions 0.10.1 through 0.12.0 are affected. The vulnerability has a CVSS score of 7.5 (High) with a network-accessible attack vector and no authentication requirements, making it trivially exploitable by unauthenticated remote actors.
An Improper Control of a Resource Through its Lifetime vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Citrix ADC and Gateway contain an unauthenticated remote code execution vulnerability exploited by APT5 (Chinese state-sponsored) in zero-day attacks against critical infrastructure in December 2022.
Object lifecycle issue in Dawn in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
Object lifecycle issue in WebShare in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)
Iterator failure issue in the WantAgent module. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.
Iterator failure issue in the multi-mode input module. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.
Iterator failure vulnerability in the card management module. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Iterator failure vulnerability in the card management module. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
CVE-2024-41169 is an unauthenticated information disclosure vulnerability in Apache Zeppelin's raft server protocol that allows remote attackers to enumerate and view server resources, including sensitive directories and files, without authentication. Versions 0.10.1 through 0.12.0 are affected. The vulnerability has a CVSS score of 7.5 (High) with a network-accessible attack vector and no authentication requirements, making it trivially exploitable by unauthenticated remote actors.
An Improper Control of a Resource Through its Lifetime vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Citrix ADC and Gateway contain an unauthenticated remote code execution vulnerability exploited by APT5 (Chinese state-sponsored) in zero-day attacks against critical infrastructure in December 2022.