Search CVE reports
31 – 40 of 39796 results
linkify-it is a links recognition library with full Unicode support. Prior to 5.0.1, LinkifyIt.prototype.match, the package's primary public API, has O(N²) algorithmic complexity for inputs containing many fuzzy links or emails...
1 affected package
node-markdown-it
| Package | 24.04 LTS |
|---|---|
| node-markdown-it | Needs evaluation |
UAParser.js is a JavaScript library to detect browsers, operating systems, CPUs, and devices from user-agent data. From 2.0.1 until 2.0.10, a regular expression denial-of-service vulnerability exists when using the Client Hints...
1 affected package
node-ua-parser-js
| Package | 24.04 LTS |
|---|---|
| node-ua-parser-js | Needs evaluation |
Symfony Polyfill backports PHP features and provides compatibility layers for extensions and functions. From 1.17.1 until 1.38.1, symfony/polyfill-intl-idn accepts xn-- labels whose Punycode payload is empty or decodes to...
1 affected package
php-symfony-polyfill
| Package | 24.04 LTS |
|---|---|
| php-symfony-polyfill | Needs evaluation |
Insufficient validation of untrusted input in Navigation in Google Chrome prior to 150.0.7871.125 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML...
1 affected package
chromium-browser
| Package | 24.04 LTS |
|---|---|
| chromium-browser | Not affected |
Use after free in UI in Google Chrome on Linux prior to 150.0.7871.125 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium...
1 affected package
chromium-browser
| Package | 24.04 LTS |
|---|---|
| chromium-browser | Not affected |
Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.125 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
1 affected package
chromium-browser
| Package | 24.04 LTS |
|---|---|
| chromium-browser | Not affected |
Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.125 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: High)
1 affected package
chromium-browser
| Package | 24.04 LTS |
|---|---|
| chromium-browser | Not affected |
Use after free in Skia in Google Chrome prior to 150.0.7871.125 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
2 affected packages
chromium-browser, libskia
| Package | 24.04 LTS |
|---|---|
| chromium-browser | Not affected |
| libskia | Not in release |
Use after free in Core in Google Chrome on Windows prior to 150.0.7871.125 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
1 affected package
chromium-browser
| Package | 24.04 LTS |
|---|---|
| chromium-browser | Not affected |
Use after free in GPU in Google Chrome on Android prior to 150.0.7871.125 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security...
1 affected package
chromium-browser
| Package | 24.04 LTS |
|---|---|
| chromium-browser | Not affected |