CVE-2024-3844

MEDIUM Year: 2024
CVSS v3 Score
4.3
Medium
Weakness Type
CWE-358
View all →

Vulnerability Description

Inappropriate implementation in Extensions in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)

Related Vulnerabilities

CVE-2017-2604

MEDIUM
CVSS:4.3(Medium)

In Jenkins before versions 2.44, 2.32.2 low privilege users were able to act on administrative monitors due to them not being consistently protected by permission checks (SECURITY-371).

CWE-3582017

CVE-2017-2611

MEDIUM
CVSS:4.3(Medium)

Jenkins before versions 2.44, 2.32.2 is vulnerable to an insufficient permission check for periodic processes (SECURITY-389). The URLs /workspaceCleanup and /fingerprintCleanup did not perform permiss...

CWE-3582017

CVE-2020-10743

MEDIUM
CVSS:4.3(Medium)

It was discovered that OpenShift Container Platform's (OCP) distribution of Kibana could open in an iframe, which made it possible to intercept and manipulate requests. This flaw allows an attacker to...

CWE-3582020

CVE-2022-27219

MEDIUM
CVSS:4.3(Medium)

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). Affected application is missing general HTTP security headers in the web server configured on port 443. T...

CWE-3582022

CVE-2022-27220

MEDIUM
CVSS:4.3(Medium)

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). Affected application is missing general HTTP security headers in the web server configured on port 6220. ...

CWE-3582022

CVE-2024-33510

MEDIUM
CVSS:4.3(Medium)

An improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability [CWE-74] in FortiOS version 7.4.3 and below, version 7.2.8 and below, version 7.0.16...

CWE-3582024