|
256921
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Use after free in Dawn in Google Chrome prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
CWE-416
Use After Free
|
CVE-2024-6991
|
2024-08-8 07:09 |
2024-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256922
|
3.1 |
LOW
Network
|
google
|
chrome
|
Race in Frames in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium secur…
|
CWE-362
Race Condition
|
CVE-2024-6996
|
2024-08-8 07:06 |
2024-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256923
|
- |
|
-
|
-
|
Insufficient checks when processing graphics shared memory could have led to memory corruption. This could be leveraged by an attacker to perform a sandbox escape. This vulnerability affects Firefox …
|
-
|
CVE-2024-7519
|
2024-08-8 06:35 |
2024-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256924
|
4.3 |
MEDIUM
Network
|
google
|
chrome
|
Inappropriate implementation in HTML in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML…
|
NVD-CWE-noinfo
|
CVE-2024-7001
|
2024-08-8 06:33 |
2024-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256925
|
7.5 |
HIGH
Network
|
zscaler
|
client_connector
|
Anti-tampering can be disabled under certain conditions without signature validation. This affects Zscaler Client Connector <4.2.0.190 with anti-tampering enabled.
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2024-23456
|
2024-08-8 06:30 |
2024-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256926
|
7.8 |
HIGH
Local
|
zscaler
|
client_connector
|
The Zscaler Updater process does not validate the digital signature of the installer before execution, allowing arbitrary code to be locally executed. This affects Zscaler Client Connector on MacOS <…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2024-23460
|
2024-08-8 06:29 |
2024-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256927
|
7.8 |
HIGH
Local
|
zscaler
|
client_connector
|
While copying individual autoupdater log files, reparse point check was missing which could result into crafted attacks, potentially leading to a local privilege escalation. This issue affects Zscale…
|
CWE-346
Origin Validation Error
|
CVE-2024-23458
|
2024-08-8 06:29 |
2024-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256928
|
6.5 |
MEDIUM
Network
|
zscaler
|
client_connector
|
An Improper Validation of signature in Zscaler Client Connector on Windows allows an authenticated user to disable anti-tampering. This issue affects Client Connector on Windows <4.2.0.190.
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2023-28806
|
2024-08-8 06:29 |
2024-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256929
|
8.8 |
HIGH
Network
|
datagear
|
datagear
|
A vulnerability was found in DataGear up to 5.0.0. It has been declared as critical. Affected by this vulnerability is the function evaluateVariableExpression of the file ConversionSqlParamValueMappe…
|
CWE-917
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
|
CVE-2024-7552
|
2024-08-8 06:29 |
2024-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256930
|
9.8 |
CRITICAL
Network
|
zscaler
|
client_connector
|
An Improper Input Validation vulnerability in Zscaler Client Connector on MacOS allows OS Command Injection. This issue affects Zscaler Client Connector on MacOS <4.2.
|
CWE-78
OS Command
|
CVE-2024-23483
|
2024-08-8 06:23 |
2024-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
