SUSE CVE-2015-1248

The FileSystem API in Google Chrome before 40.0.2214.91 allows remote attackers to bypass the SafeBrowsing for Executable Files protection mechanism by creating a .exe file in a temporary filesystem and then referencing this file with a filesystem:http: URL...

GHSA-PWRJ-F53C-F89J OpenStack Glance v2 API unrestricted path traversal through filesystem:// scheme

The V2 API in OpenStack Image Registry and Delivery Service Glance before 2014.1.4 and 2014.2.x before 2014.2.2 allows remote authenticated users to read or delete arbitrary files via a full pathname in a filesystem:// URL in the image location property. NOTE: this vulnerability exists because of...

Google Chrome Content Security Policy Access Restriction Bypass Vulnerability (CNVD-2015-07973)

Google Chrome is a web browser developed by the American company Google Google. A security vulnerability exists in the WebKit/Source/core/frame/csp/CSPSourceList.cpp file in the Content Security Policy CSP implementation of Google Chrome prior to version 47.0.2526.73 in the '...

The vulnerability of the File System API interface of Google Chrome allows a remote attacker to bypass the SafeBrowsing security mechanism.

The vulnerability of the Google Chrome browser’s File System API allows a malicious actor to bypass the SafeBrowsing security mechanism for executable files. This can be achieved by creating an executable file in a temporary file system, and then accessing it using a request of the...

chromium-browser: SafeBrowsing bypass

The FileSystem API in Google Chrome before 40.0.2214.91 allows remote attackers to bypass the SafeBrowsing for Executable Files protection mechanism by creating a .exe file in a temporary filesystem and then referencing this file with a filesystem:http: URL...

CVE-2015-1195

The V2 API in OpenStack Image Registry and Delivery Service Glance before 2014.1.4 and 2014.2.x before 2014.2.2 allows remote authenticated users to read or delete arbitrary files via a full pathname in a filesystem: URL in the image location property. NOTE: this vulnerability exists because of a...

CVE-2015-1195

The V2 API in OpenStack Image Registry and Delivery Service Glance before 2014.1.4 and 2014.2.x before 2014.2.2 allows remote authenticated users to read or delete arbitrary files via a full pathname in a filesystem: URL in the image location property. NOTE: this vulnerability exists because of a...

Design/Logic Flaw

The V2 API in OpenStack Image Registry and Delivery Service Glance before 2014.1.4 and 2014.2.x before 2014.2.2 allows remote authenticated users to read or delete arbitrary files via a full pathname in a filesystem: URL in the image location property. NOTE: this vulnerability exists because of a...