CVE-2024-7003

CVE-2024-7003

Título es
CVE-2024-7003

Mar, 06/08/2024 – 16:15

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2024-7003

Descripción en
Inappropriate implementation in FedCM in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

06/08/2024
06/08/2024
Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Gravedad 3.1 (CVSS 3.1 Base Score)
9.80

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
CRITICAL

Referencias

  • https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_23.html

  • https://issues.chromium.org/issues/338233148

    • Enviar en el boletín
    Off

    CVE-2024-6997

    CVE-2024-6997

    Título es
    CVE-2024-6997

    Mar, 06/08/2024 – 16:15

    Tipo
    CWE-416

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-6997

    Descripción en
    Use after free in Tabs in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

    06/08/2024
    06/08/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    8.80

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_23.html

  • https://issues.chromium.org/issues/325293263

    • Enviar en el boletín
    Off

    CVE-2024-7004

    CVE-2024-7004

    Título es
    CVE-2024-7004

    Mar, 06/08/2024 – 16:15

    Tipo
    CWE-20

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-7004

    Descripción en
    Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a malicious file. (Chromium security severity: Low)

    06/08/2024
    06/08/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_23.html

  • https://issues.chromium.org/issues/40063014

    • Enviar en el boletín
    Off

    CVE-2024-7001

    CVE-2024-7001

    Título es
    CVE-2024-7001

    Mar, 06/08/2024 – 16:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-7001

    Descripción en
    Inappropriate implementation in HTML in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

    06/08/2024
    06/08/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_23.html

  • https://issues.chromium.org/issues/347509736

    • Enviar en el boletín
    Off

    CVE-2024-7000

    CVE-2024-7000

    Título es
    CVE-2024-7000

    Mar, 06/08/2024 – 16:15

    Tipo
    CWE-416

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-7000

    Descripción en
    Use after free in CSS in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

    06/08/2024
    06/08/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_23.html

  • https://issues.chromium.org/issues/339877158

    • Enviar en el boletín
    Off

    CVE-2024-6999

    CVE-2024-6999

    Título es
    CVE-2024-6999

    Mar, 06/08/2024 – 16:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-6999

    Descripción en
    Inappropriate implementation in FedCM in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

    06/08/2024
    06/08/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_23.html

  • https://issues.chromium.org/issues/340893685

    • Enviar en el boletín
    Off

    CVE-2024-6996

    CVE-2024-6996

    Título es
    CVE-2024-6996

    Mar, 06/08/2024 – 16:15

    Tipo
    CWE-362

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-6996

    Descripción en
    Race in Frames in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

    06/08/2024
    06/08/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_23.html

  • https://issues.chromium.org/issues/333708039

    • Enviar en el boletín
    Off

    CVE-2024-6994

    CVE-2024-6994

    Título es
    CVE-2024-6994

    Mar, 06/08/2024 – 16:15

    Tipo
    CWE-122

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-6994

    Descripción en
    Heap buffer overflow in Layout in Google Chrome prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

    06/08/2024
    06/08/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_23.html

  • https://issues.chromium.org/issues/339686368

    • Enviar en el boletín
    Off

    CVE-2024-6991

    CVE-2024-6991

    Título es
    CVE-2024-6991

    Mar, 06/08/2024 – 16:15

    Tipo
    CWE-416

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-6991

    Descripción en
    Use after free in Dawn in Google Chrome prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

    06/08/2024
    06/08/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_23.html

  • https://issues.chromium.org/issues/346618785

    • Enviar en el boletín
    Off

    CVE-2024-7564

    CVE-2024-7564

    Título es
    CVE-2024-7564

    Mar, 06/08/2024 – 16:15

    Tipo
    CWE-22

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-7564

    Descripción en
    Logsign Unified SecOps Platform Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability.

    The specific flaw exists within the get_response_json_result endpoint. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-24680.

    06/08/2024
    06/08/2024
    Vector CVSS:3.1
    CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    4.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://www.zerodayinitiative.com/advisories/ZDI-24-1021/

    • Enviar en el boletín
    Off