CVE-2024-3845

CRITICAL Year: 2024
CVSS v3 Score
9.8
Critical
Weakness Type
CWE-358
View all →

Vulnerability Description

Inappropriate implementation in Networks in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass mixed content policy via a crafted HTML page. (Chromium security severity: Low)

Related Vulnerabilities

CVE-2016-10229

CRITICAL
CVSS:9.8(Critical)

udp.c in the Linux kernel before 4.5 allows remote attackers to execute arbitrary code via UDP traffic that triggers an unsafe second checksum calculation during execution of a recv system call with t...

CWE-3582016

CVE-2023-3266

CRITICAL
CVSS:9.8(Critical)

A non-feature complete authentication mechanism exists in the production application allowing an attacker to bypass all authentication checks if LDAP authentication is selected.An unauthenticated atta...

CWE-3582023

CVE-2018-0268

CRITICAL
CVSS:10.0(Critical)

A vulnerability in the container management subsystem of Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and gain elevated priv...

CWE-3582018

CVE-2019-6742

CRITICAL
CVSS:10.0(Critical)

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S9 prior to 1.4.20.2. Authentication is not required to exploit this vulnerability. T...

CWE-3582019

CVE-2023-39403

CRITICAL
CVSS:9.1(Critical)

Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.

CWE-3582023

CVE-2016-10834

HIGH
CVSS:8.8(High)

cPanel before 55.9999.141 allows account-suspension bypass via ftp (SEC-105).

CWE-3582016