Access Control Vulnerability in Gerrit chromiumos project configuration in Google ChromeOS 131.0.6778.268 allows an attacker with a registered Gerrit account to inject malicious code into ChromeOS projects and potentially achieve Remote Code Execution and Denial of Service via editing trusted pipe…

Out-of-Bounds Read in ip_set_bitmap_ip.c in Google ChromeOS Kernel Versions 6.1, 5.15, 5.10, 5.4, 4.19. on All devices where Termina is used allows an attacker with CAP_NET_ADMIN privileges to cause memory corruption and potentially escalate privileges via crafted ipset commands.

ComponentInstaller Modification in ComponentInstaller in Google ChromeOS 124.0.6367.34 on Chromebooks allows enrolled users with local access to unenroll devices and intercept device management requests via loading components from the unencrypted stateful partition.

DNS Leak in Native System VPN in Google ChromeOS Dev Channel on ChromeOS 129.0.6668.36 allows network observers to expose plaintext DNS queries via failure to properly tunnel DNS traffic during VPN state transitions.

Overview   The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory. (CWE-35)   Descriptio…

Overview   XML documents optionally contain a Document Type Definition (DTD), which, among other features, enables the definition of XML entities. It is possible to define an entity by providing a substitution string in the form of a URI. Once the content of the URI is read, it is fed back i…

Overview   XML documents optionally contain a Document Type Definition (DTD), which, among other features, enables the definition of XML entities. It is possible to define an entity by providing a substitution string in the form of a URI. Once the content of the URI is read, it is fed back i…

Overview   The software does not neutralize or incorrectly neutralize user-controllable input before it is placed in output that is used as a web page that is served to other users. (CWE-79)   Description   Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.…

Overview   The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory. (CWE-35)   Descriptio…

Overview   The product receives input from an upstream component, but it does not restrict or incorrectly restricts the input before it is used as an identifier for a resource that may be outside the intended sphere of control. (CWE-99)   Description   Hitachi Vantara Pentaho D…