CyberSecurityBoard
Sponsor Register Login

CVE-2025-1920

Type Confusion in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Publication date: Mon, 10 Mar 2025 00:00:00 +0000


Cyber News related to CVE-2025-1920

CVE-2024-26748 - In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: fix memory double free when handle zero packet 829 if (request->complete) { 830 spin_unlock(&priv_dev->lock); 831 usb_gadget_giveback_request(&priv_ep->endpoint, 832 ...
1 year ago Tenable.com
Chrome Security Update - Patch for Multiple High-Severity Vulnerabilities - The repeated appearance of type confusion flaws suggests that Chrome’s JavaScript engine remains a high-value target for attackers, necessitating continuous scrutiny by Google’s security teams. This update follows a pattern of heightened scrutiny ...
2 months ago Cybersecuritynews.com CVE-2025-1920
CISA Releases Thirteen Industrial Control Systems Focusing Vulnerabilities & Exploits - An improper output neutralization for logs vulnerability CVE-2024-5594 in Siemens SINEMA Remote Connect Server.  It allows a malicious OpenVPN peer to send garbage to the OpenVPN log or cause high CPU load. The advisory includes missing ...
2 months ago Cybersecuritynews.com CVE-2024-5594
CISA Releases 20 ICS Advisories Detailing Vulnerabilities & Exploits - Vulnerabilities in the SIPROTEC 5 series include Cleartext storage of sensitive information (CVE-2024-53651), which has a CVSS v3 base score of 4.6. Mitigation involves firmware updates and restricting network access. This SCADA management software ...
3 months ago Cybersecuritynews.com CVE-2024-53651 CVE-2025-25067 CVE-2025-24865 CVE-2025-22896 CVE-2025-23411 CVE-2023-37482 CVE-2024-54015 CVE-2022-38465 CVE-2025-24811 CVE-2025-20615 CVE-2025-24836 CVE-2025-23421 CVE-2024-53977 CVE-2025-23363 CVE-2025-1283 CVE-2025-23403 CVE-2025-26473 CVE-2025-25281 CVE-2025-24861
CVE-2025-1920 - Type Confusion in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) ...
2 months ago CVE-2025-1920 CVE-2025-2135
Microsoft has started testing Wi-Fi 7 support in Windows 11 - Microsoft has started testing support for Wi-Fi 7 in Windows 11, which offers multi-gigabit speeds and improved throughput, latency, and reliability compared to previous Wi-Fi generations. Introduced last month, Wi-Fi 7 brings notable advancements, ...
1 year ago Bleepingcomputer.com
Apple backports zero-day patches to older iPhones and Macs - Apple has released security updates that backport fixes for actively exploited vulnerabilities that were exploited as zero-days to older versions of its operating systems. Specifically, the latest update for iOS 18.4 and iPadOS 18.4 fixes 77 ...
2 months ago Bleepingcomputer.com CVE-2025-30456
CVE-2010-1920 - Directory traversal vulnerability in scr/soustab.php in OpenMairie openAnnuaire 2.00, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype] ...
15 years ago
CVE-2020-1920 - A regular expression denial of service (ReDoS) vulnerability in the validateBaseUrl function can cause the application to use excessive resources, become unresponsive, or crash. This was introduced in react-native version 0.59.0 and fixed in version ...
2 years ago
CVE-2021-1920 - Integer underflow can occur due to improper handling of incoming RTCP packets in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, ...
3 years ago
CVE-2002-1920 - Buffer overflow in FtpXQ 2.5 allows remote attackers to cause a denial of service (crash) via a MKD command with a long directory name. ...
16 years ago
CVE-2015-1920 - IBM WebSphere Application Server (WAS) 6.1 through 6.1.0.47, 7.0 before 7.0.0.39, 8.0 before 8.0.0.11, and 8.5 before 8.5.5.6 allows remote attackers to execute arbitrary code by sending crafted instructions in a management-port session. ...
8 years ago
CVE-2004-1920 - X-Micro WLAN 11b Broadband Router 1.2.2, 1.2.2.3, 1.2.2.4, and 1.6.0.0 has a hardcoded "super" username and password, which could allow remote attackers to gain access. ...
7 years ago
CVE-2006-1920 - SQL injection vulnerability in index.php in PMTool 1.2.2 allows remote attackers to execute arbitrary SQL commands via the order parameter in the include files (1) user.inc.php, (2) customer.inc.php, and (3) project.inc.php. NOTE: the provenance of ...
7 years ago
CVE-2011-1920 - The make include files in NetBSD before 1.6.2, as used in pmake 1.111 and other products, allow local users to overwrite arbitrary files via a symlink attack on a /tmp/_depend##### temporary file, related to (1) bsd.lib.mk and (2) bsd.prog.mk. ...
7 years ago
CVE-2013-1920 - Xen 4.2.x, 4.1.x, and earlier, when the hypervisor is running "under memory pressure" and the Xen Security Module (XSM) is enabled, uses the wrong ordering of operations when extending the per-domain event channel tracking table, which causes ...
7 years ago
CVE-2007-1920 - SQL injection vulnerability in index.php in the aktualnosci module in SmodBIP 1.06 and earlier allows remote attackers to execute arbitrary SQL commands via the zoom parameter, possibly related to home.php. ...
7 years ago
CVE-2012-1920 - @Mail WebMail Client in AtMail Open-Source 1.04 and earlier allows remote attackers to obtain configuration information via a direct request to install/info.php, which calls the phpinfo function. ...
7 years ago
CVE-2016-1920 - Samsung KNOX 1.0.0 uses the shared certificate on Android, which allows local users to conduct man-in-the-middle attacks as demonstrated by installing a certificate and running a VPN service. ...
6 years ago
CVE-2008-1920 - Heap-based buffer overflow in the boxelyRenderer module in the Personal Status Manager feature in ICQ 6.0 build 6043 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted personal status message. ...
6 years ago
CVE-2005-1920 - The (1) Kate and (2) Kwrite applications in KDE KDE 3.2.x through 3.4.0 do not properly set the same permissions on the backup file as were set on the original file, which could allow local users and possibly remote attackers to obtain sensitive ...
6 years ago
CVE-2009-1920 - The JScript scripting engine 5.1, 5.6, 5.7, and 5.8 in JScript.dll in Microsoft Windows, as used in Internet Explorer, does not properly load decoded scripts into memory before execution, which allows remote attackers to execute arbitrary code via a ...
6 years ago
CVE-2018-1920 - IBM Marketing Platform 9.1.0, 9.1.2 and 10.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM ...
5 years ago
CVE-2019-1920 - A vulnerability in the 802.11r Fast Transition (FT) implementation for Cisco IOS Access Points (APs) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected interface. The vulnerability ...
4 years ago
CVE-2022-1920 - Integer overflow in matroskademux element in gst_matroska_demux_add_wvpk_header function which allows a heap overwrite while parsing matroska files. Potential for arbitrary code execution through heap overwrite. ...
2 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)