22 matches found
CVE-2025-52635
A rusted types in scripts not enforced in CSP vulnerability has been identified in HCL AION.This issue affects AION: 2.0...
EUVD-2018-10081
Malware in sbrugna...
EUVD-2018-17833
Malware in sbrugna...
SUSE-SU-2025:02531-1 Security update for MozillaFirefox
This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 140.1.0 ESR MFSA-RESERVE-2025-1968423 bmo1968423 JavaScript engine only wrote partial return value to stack MFSA-RESERVE-2025-1971581 bmo1971581 Large branch table could lead to truncated instruction...
PT-2024-29485 · Sentry · Sentry
Name of the Vulnerable Software and Affected Versions: Sentry versions 10.0.0 through 24.7.0 Description: The issue allows an unsanitized payload sent by an Integration platform integration to store arbitrary HTML tags on the Sentry side, which could be rendered on the Issues page. This creates a...
PT-2020-6884 · Apple +7 · Ipados +14
Name of the Vulnerable Software and Affected Versions: iOS versions prior to 13.6 iPadOS versions prior to 13.6 tvOS versions prior to 13.4.8 watchOS versions prior to 6.2.8 Safari versions prior to 13.1.2 iTunes versions prior to 12.10.8 for Windows iCloud for Windows versions prior to 11.3 iClo...
DEBIAN-CVE-2020-6501
Insufficient policy enforcement in CSP in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass content security policy via a crafted HTML page...
CVE-2020-6501
Insufficient policy enforcement in CSP in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass content security policy via a crafted HTML page...
Design/Logic Flaw
Incorrect enforcement of CSP for tags in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass content security policy via a crafted HTML page...
CVE-2018-6114
Incorrect enforcement of CSP for tags in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass content security policy via a crafted HTML page...
CVE-2018-18350
Incorrect handling of CSP enforcement during navigations in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass content security policy via a crafted HTML page...
CVE-2018-18350
Incorrect handling of CSP enforcement during navigations in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass content security policy via a crafted HTML page...
CVE-2018-18350
CVE-2018-18350 is part of a set of Chromium/browser CSP-policy issues fixed in the 71.0.3578.80 update. The described vulnerability is an access/ CSP enforcement bypass in Blink during navigations, allowing a crafted HTML page to bypass content security policy and potentially lead to arbitrary co...
CVE-2018-18350
Incorrect handling of CSP enforcement during navigations in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass content security policy via a crafted HTML page...
CVE-2018-18350
Incorrect handling of CSP enforcement during navigations in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass content security policy via a crafted HTML page...
CVE-2018-18350
Incorrect handling of CSP enforcement during navigations in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass content security policy via a crafted HTML page...
CVE-2018-6070
Lack of CSP enforcement on WebUI pages in Bink in Google Chrome prior to 65.0.3325.146 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension...
CVE-2018-6070
Lack of CSP enforcement on WebUI pages in Bink in Google Chrome prior to 65.0.3325.146 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension...
Design/Logic Flaw
Lack of CSP enforcement on WebUI pages in Bink in Google Chrome prior to 65.0.3325.146 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension...
CVE-2018-6070
CVE-2018-6070 is a CSP bypass vulnerability in Google Chrome/Chromium where an attacker could lure a user to install a crafted extension to bypass Content Security Policy. Technical details across connected records confirm the flaw resides in how extensions interact with WebUI CSP enforcement, en...