CVE-2024-2849
published 2024-03-23CVE-2024-2849: A vulnerability classified as critical was found in SourceCodester Simple File Manager 1.0. This vulnerability affects unknown code. The manipulation of the…
PriorityP261critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.91%
55.5th percentile
A vulnerability classified as critical was found in SourceCodester Simple File Manager 1.0. This vulnerability affects unknown code. The manipulation of the argument photo leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257770 is the identifier assigned to this vulnerability.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ganeshrkt | simple_file_manager_web_app | — | — |
| msrc | microsoft_edge | — | — |
| sourcecodester | simple_file_manager | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
vendor_msrc8.8HIGH
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-9rc6-45fq-m9ff: A vulnerability classified as critical was found in SourceCodester Simple File Manager 1
ghsa_unreviewed·2024-03-23
CVE-2024-2849 [MEDIUM] CWE-434 GHSA-9rc6-45fq-m9ff: A vulnerability classified as critical was found in SourceCodester Simple File Manager 1
A vulnerability classified as critical was found in SourceCodester Simple File Manager 1.0. This vulnerability affects unknown code. The manipulation of the argument photo leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257770 is the identifier assigned to this vulnerability.
Microsoft
Chromium: CVE-2024-10827 Use after free in Serial
vendor_msrc·2024-11-12·CVSS 8.8
CVE-2024-10827 [HIGH] Chromium: CVE-2024-10827 Use after free in Serial
Chromium: CVE-2024-10827 Use after free in Serial
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
130.0.2849.80
11/07/2024
130.0.6723.117
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How can I see the version of the browser?
In
Microsoft
Chromium: CVE-2024-10826 Use after free in Family Experiences
vendor_msrc·2024-11-12·CVSS 8.8
CVE-2024-10826 [HIGH] Chromium: CVE-2024-10826 Use after free in Family Experiences
Chromium: CVE-2024-10826 Use after free in Family Experiences
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
130.0.2849.80
11/07/2024
130.0.6723.117
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How can I see the version of the b
Microsoft
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
vendor_msrc·2024-10-08·CVSS 6.5
CVE-2024-43596 [MEDIUM] CWE-843 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
130.0.2849.46
10/17/2024
130.0.6723.59
FAQ: According to the CVSS metric, the attack vector is network (AV:N) and user interaction is required (UI:R). What is the target context of the remote code execution?
Successful exploitation of this vulnerability requires the victim user to click a malicious link so that the attacker can initiate remote code execution on the renderer process.
FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?
The user would have to click on a specially crafted URL to be compromised by the attacker.
Microsoft Ed
Microsoft
Chromium: CVE-2024-9963 Insufficient data validation in Downloads
vendor_msrc·2024-10-08·CVSS 4.3
CVE-2024-9963 [MEDIUM] Chromium: CVE-2024-9963 Insufficient data validation in Downloads
Chromium: CVE-2024-9963 Insufficient data validation in Downloads
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
130.0.2849.46
10/17/2024
130.0.6723.59
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How can I see the version of th
Microsoft
Chromium: CVE-2024-9966 Inappropriate implementation in Navigations
vendor_msrc·2024-10-08·CVSS 5.3
CVE-2024-9966 [MEDIUM] Chromium: CVE-2024-9966 Inappropriate implementation in Navigations
Chromium: CVE-2024-9966 Inappropriate implementation in Navigations
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
130.0.2849.46
10/17/2024
130.0.6723.59
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How can I see the version of
Microsoft
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
vendor_msrc·2024-10-08·CVSS 7.6
CVE-2024-43578 [HIGH] CWE-122 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
130.0.2849.46
10/17/2024
130.0.6723.59
FAQ: How could an attacker exploit this vulnerability via the Network?
An attacker could host a specially crafted website designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action, typically by an enticement in an email or instant message, or by getting the user to open an attachment sent through email.
FAQ: According to the CVSS metrics, su
Microsoft
Chromium: CVE-2024-9961 Use after free in Parcel Tracking
vendor_msrc·2024-10-08·CVSS 8.8
CVE-2024-9961 [HIGH] Chromium: CVE-2024-9961 Use after free in Parcel Tracking
Chromium: CVE-2024-9961 Use after free in Parcel Tracking
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
130.0.2849.46
10/17/2024
130.0.6723.59
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How can I see the version of the browse
Microsoft
Chromium: CVE-2024-9960 Use after free in Dawn
vendor_msrc·2024-10-08·CVSS 7.5
CVE-2024-9960 [HIGH] Chromium: CVE-2024-9960 Use after free in Dawn
Chromium: CVE-2024-9960 Use after free in Dawn
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
130.0.2849.46
10/17/2024
130.0.6723.59
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How can I see the version of the browser?
In your
Microsoft
Chromium: CVE-2024-9954 Use after free in AI
vendor_msrc·2024-10-08·CVSS 8.8
CVE-2024-9954 [HIGH] Chromium: CVE-2024-9954 Use after free in AI
Chromium: CVE-2024-9954 Use after free in AI
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
130.0.2849.46
10/17/2024
130.0.6723.59
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How can I see the version of the browser?
In your M
Microsoft
Chromium: CVE-2024-9965 Insufficient data validation in DevTools
vendor_msrc·2024-10-08·CVSS 8.8
CVE-2024-9965 [HIGH] Chromium: CVE-2024-9965 Insufficient data validation in DevTools
Chromium: CVE-2024-9965 Insufficient data validation in DevTools
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
130.0.2849.46
10/17/2024
130.0.6723.59
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How can I see the version of the
Microsoft
Chromium: CVE-2024-9959 Use after free in DevTools
vendor_msrc·2024-10-08·CVSS 8.8
CVE-2024-9959 [HIGH] Chromium: CVE-2024-9959 Use after free in DevTools
Chromium: CVE-2024-9959 Use after free in DevTools
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
130.0.2849.46
10/17/2024
130.0.6723.59
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How can I see the version of the browser?
In
Microsoft
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
vendor_msrc·2024-10-08·CVSS 5.9
CVE-2024-43587 [MEDIUM] CWE-122 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
130.0.2849.46
10/17/2024
130.0.6723.59
FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?
Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.
Microsoft Edge (Chromium-based): Microsoft Edge (Chromium-based)
Microsoft: Microsoft
Customer Action Required: Yes
Impact: Remote Code Execution
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely
Microsoft
Chromium: CVE-2024-9962 Inappropriate implementation in Permissions
vendor_msrc·2024-10-08·CVSS 4.3
CVE-2024-9962 [MEDIUM] Chromium: CVE-2024-9962 Inappropriate implementation in Permissions
Chromium: CVE-2024-9962 Inappropriate implementation in Permissions
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
130.0.2849.46
10/17/2024
130.0.6723.59
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How can I see the version of
Microsoft
Chromium: CVE-2024-9955 Use after free in Web Authentication
vendor_msrc·2024-10-08·CVSS 8.8
CVE-2024-9955 [HIGH] Chromium: CVE-2024-9955 Use after free in Web Authentication
Chromium: CVE-2024-9955 Use after free in Web Authentication
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
130.0.2849.46
10/17/2024
130.0.6723.59
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How can I see the version of the bro
Microsoft
Chromium: CVE-2024-9958 Inappropriate implementation in PictureInPicture
vendor_msrc·2024-10-08·CVSS 4.3
CVE-2024-9958 [MEDIUM] Chromium: CVE-2024-9958 Inappropriate implementation in PictureInPicture
Chromium: CVE-2024-9958 Inappropriate implementation in PictureInPicture
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
130.0.2849.46
10/17/2024
130.0.6723.59
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How can I see the versio
Microsoft
Chromium: CVE-2024-9964 Inappropriate implementation in Payments
vendor_msrc·2024-10-08·CVSS 4.3
CVE-2024-9964 [MEDIUM] Chromium: CVE-2024-9964 Inappropriate implementation in Payments
Chromium: CVE-2024-9964 Inappropriate implementation in Payments
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
130.0.2849.46
10/17/2024
130.0.6723.59
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How can I see the version of the
Microsoft
Microsoft Edge (Chromium-based) Spoofing Vulnerability
vendor_msrc·2024-10-08·CVSS 4.3
CVE-2024-43577 [MEDIUM] CWE-449 Microsoft Edge (Chromium-based) Spoofing Vulnerability
Microsoft Edge (Chromium-based) Spoofing Vulnerability
FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?
An attacker would have to send the victim a malicious file that the victim would have to execute.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
130.0.2849.46
10/17/2024
130.0.6723.59
FAQ: How could an attacker exploit this vulnerability via the Network?
An attacker could host a specially crafted website designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would h
Microsoft
Chromium: CVE-2024-10487: Out of bounds write in Dawn
vendor_msrc·2024-10-08·CVSS 8.8
CVE-2024-10487 [HIGH] Chromium: CVE-2024-10487: Out of bounds write in Dawn
Chromium: CVE-2024-10487: Out of bounds write in Dawn
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
130.0.2849.68
10/31/2024
130.0.6723.91/.92
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How can I see the version of the browse
Microsoft
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
vendor_msrc·2024-10-08·CVSS 7.5
CVE-2024-43566 [HIGH] CWE-190 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
130.0.2849.46
10/17/2024
130.0.6723.59
FAQ: According to the CVSS metric, the attack vector is network (AV:N) and user interaction is required (UI:R). What is the target context of the remote code execution?
Successful exploitation of this vulnerability requires the victim user to click a malicious link so that the attacker can initiate remote code execution on the renderer process.
FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?
The user would have to click on a specially crafted URL to be compromised by the attacker.
Microsoft Ed
Microsoft
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
vendor_msrc·2024-10-08·CVSS 7.6
CVE-2024-43579 [HIGH] CWE-122 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
130.0.2849.46
10/17/2024
130.0.6723.59
FAQ: According to the CVSS metrics, successful exploitation of this vulnerability could lead to a high loss of confidentiality (C:H), and integrity (I:H) and some loss of availability (A:L). What is the impact of this vulnerability?
An attacker who successfully exploited this vulnerability could view sensitive information (Confidentiality), make changes to disclosed information (Integrity), and they might be able to force a crash within the browser tab (Availability).
FAQ: According to the CVSS metric, the attack vector is network (AV:N) and user interaction is
Microsoft
Chromium: CVE-2024-10488 Use after free in WebRTC
vendor_msrc·2024-10-08·CVSS 8.8
CVE-2024-10488 [HIGH] Chromium: CVE-2024-10488 Use after free in WebRTC
Chromium: CVE-2024-10488 Use after free in WebRTC
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
130.0.2849.68
10/31/2024
130.0.6723.91/.92
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How can I see the version of the browser?
Microsoft
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
vendor_msrc·2024-10-08·CVSS 6.5
CVE-2024-43595 [MEDIUM] CWE-126 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?
The user would have to click on a specially crafted URL to be compromised by the attacker.
FAQ: According to the CVSS metric, the attack vector is network (AV:N) and user interaction is required (UI:R). What is the target context of the remote code execution?
Successful exploitation of this vulnerability requires the victim user to click a malicious link so that the attacker can initiate remote code execution on the renderer process.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
130.0.2849.46
10/17/2024
130.0.6723.59
Microsoft Ed
Microsoft
Chromium: CVE-2024-9956 Inappropriate implementation in Web Authentication
vendor_msrc·2024-10-08·CVSS 7.8
CVE-2024-9956 [HIGH] Chromium: CVE-2024-9956 Inappropriate implementation in Web Authentication
Chromium: CVE-2024-9956 Inappropriate implementation in Web Authentication
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
130.0.2849.46
10/17/2024
130.0.6723.59
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How can I see the vers
Microsoft
Chromium: CVE-2024-9957 Use after free in UI
vendor_msrc·2024-10-08·CVSS 8.8
CVE-2024-9957 [HIGH] Chromium: CVE-2024-9957 Use after free in UI
Chromium: CVE-2024-9957 Use after free in UI
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
130.0.2849.46
10/17/2024
130.0.6723.59
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How can I see the version of the browser?
In your M
Microsoft
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
vendor_msrc·2024-10-08·CVSS 5.9
CVE-2024-49023 [MEDIUM] CWE-416 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
130.0.2849.46
10/17/2024
130.0.6723.59
FAQ: How could an attacker exploit this vulnerability via the Network?
An attacker could host a specially crafted website designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action, typically by an enticement in an email or instant message, or by getting the user to open an attachment sent through email.
FAQ: According to the CVSS metrics, su
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-03-23
Published