CVE-2024-9966

CVE-2024-9966

Título es
CVE-2024-9966

Mar, 15/10/2024 – 21:15

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2024-9966

Descripción en
Inappropriate implementation in Navigations in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)

15/10/2024
15/10/2024
Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
Pendiente de análisis

Referencias

  • https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_15.html

  • https://issues.chromium.org/issues/364773822

    • Enviar en el boletín
    Off

    CVE-2024-9965

    CVE-2024-9965

    Título es
    CVE-2024-9965

    Mar, 15/10/2024 – 21:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-9965

    Descripción en
    Insufficient data validation in DevTools in Google Chrome on Windows prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Low)

    15/10/2024
    15/10/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_15.html

  • https://issues.chromium.org/issues/352651673

    • Enviar en el boletín
    Off

    CVE-2024-9964

    CVE-2024-9964

    Título es
    CVE-2024-9964

    Mar, 15/10/2024 – 21:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-9964

    Descripción en
    Inappropriate implementation in Payments in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)

    15/10/2024
    15/10/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_15.html

  • https://issues.chromium.org/issues/361711121

    • Enviar en el boletín
    Off

    CVE-2024-9963

    CVE-2024-9963

    Título es
    CVE-2024-9963

    Mar, 15/10/2024 – 21:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-9963

    Descripción en
    Insufficient data validation in Downloads in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

    15/10/2024
    15/10/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_15.html

  • https://issues.chromium.org/issues/328278718

    • Enviar en el boletín
    Off

    CVE-2024-9962

    CVE-2024-9962

    Título es
    CVE-2024-9962

    Mar, 15/10/2024 – 21:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-9962

    Descripción en
    Inappropriate implementation in Permissions in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

    15/10/2024
    15/10/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_15.html

  • https://issues.chromium.org/issues/364508693

    • Enviar en el boletín
    Off

    CVE-2024-9961

    CVE-2024-9961

    Título es
    CVE-2024-9961

    Mar, 15/10/2024 – 21:15

    Tipo
    CWE-416

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-9961

    Descripción en
    Use after free in ParcelTracking in Google Chrome on iOS prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

    15/10/2024
    15/10/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_15.html

  • https://issues.chromium.org/issues/357776197

    • Enviar en el boletín
    Off

    CVE-2024-9960

    CVE-2024-9960

    Título es
    CVE-2024-9960

    Mar, 15/10/2024 – 21:15

    Tipo
    CWE-416

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-9960

    Descripción en
    Use after free in Dawn in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

    15/10/2024
    15/10/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_15.html

  • https://issues.chromium.org/issues/354748063

    • Enviar en el boletín
    Off

    CVE-2024-9959

    CVE-2024-9959

    Título es
    CVE-2024-9959

    Mar, 15/10/2024 – 21:15

    Tipo
    CWE-416

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-9959

    Descripción en
    Use after free in DevTools in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium)

    15/10/2024
    15/10/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_15.html

  • https://issues.chromium.org/issues/368672129

    • Enviar en el boletín
    Off

    CVE-2024-45085

    CVE-2024-45085

    Título es
    CVE-2024-45085

    Mar, 15/10/2024 – 22:15

    Tipo
    CWE-754

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-45085

    Descripción en
    IBM WebSphere Application Server 8.5 is vulnerable to a denial of service, under certain configurations, caused by an unexpected specially crafted request. A remote attacker could exploit this vulnerability to cause an error resulting in a denial of service.

    16/10/2024
    16/10/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    5.90

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://www.ibm.com/support/pages/node/7173128

    • Enviar en el boletín
    Off

    CVE-2024-10004

    CVE-2024-10004

    Título es
    CVE-2024-10004

    Mar, 15/10/2024 – 22:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-10004

    Descripción en
    Opening an external link to an HTTP website when Firefox iOS was previously closed and had an HTTPS tab open could in some cases result in the padlock icon showing an HTTPS indicator incorrectly This vulnerability affects Firefox for iOS

    16/10/2024
    16/10/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://bugzilla.mozilla.org/show_bug.cgi?id=1904885

  • https://www.mozilla.org/security/advisories/mfsa2024-54/

    • Enviar en el boletín
    Off