727 matches found
PYSEC-2019-11
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If django.utils.text.Truncator's chars and words methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability i...
Xiaomi Mi6 Browser Authorization Bypass Vulnerability
Xiaomi Mi6 Browser is a web browser from Xiaomi Technology Xiaomi, a Chinese company. An authorization bypass vulnerability exists in Xiaomi Mi6 Browser. An attacker can exploit this vulnerability to bypass authorization with a specially crafted HTML response...
UBUNTU-CVE-2018-6148
Incorrect implementation in Content Security Policy in Google Chrome prior to 67.0.3396.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page...
UBUNTU-CVE-2019-5810
Information leak in autofill in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page...
XSS Vulnerability at Private Messages in JEESNS System
JEESNS is an open source social management system developed on the JAVA enterprise level platform. JEESNS system at the private message XSS vulnerability , an attacker can use the vulnerability to inject arbitrary Web script or HTML...
CVE-2019-11641
Anomali Agave formerly Drupot through 1.0.0 fails to avoid fingerprinting by including predictable data and minimal variation in size within HTML templates, giving attackers the ability to detect and avoid this system...
The vulnerability of Google Chrome, related to improper input data validation, allows a hacker to execute arbitrary code.
The vulnerability of Google Chrome is related to an incorrect optimization assumption in the V8 module. Exploiting this vulnerability allows a remote attacker to execute arbitrary code in a isolated software environment, using a specially created HTML page...
UBUNTU-CVE-2019-5760
Insufficient checks of pointer validity in WebRTC in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
chromium-browser: Use after free in Blink
Incorrect object lifecycle management in Blink in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
The vulnerability of the MediaRecorder component in the Google Chrome web browser, which allows a hacker to trigger a service failure
The vulnerability of the MediaRecorder component in the Google Chrome web browser arises from an operation that goes beyond the buffer limits in memory. Exploiting this vulnerability could allow a malicious actor to cause a service failure through a specially created HTML page...
CVE-2016-9651
A missing check for whether a property of a JS object is private in V8 in Google Chrome prior to 55.0.2883.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page...
Bootstrap Cross-Site Scripting Vulnerability (CNVD-2019-23270)
Bootstrap is an open source web front-end framework developed using HTML, CSS and JavaScript . A cross-site scripting vulnerability exists in affix in Bootstrap versions prior to 3.4.0, which can be exploited by remote attackers to inject arbitrary web script or HTML...
CVE-2018-6095
Inappropriate dismissal of file picker on keyboard events in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to read local files via a crafted HTML page...
UBUNTU-CVE-2018-6094
Inline metadata in GarbageCollection in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
UBUNTU-CVE-2018-6076
Insufficient encoding of URL fragment identifiers in Blink in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform a DOM based XSS attack via a crafted HTML page...
CVE-2018-8564
A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka "Microsoft Edge Spoofing Vulnerability." This affects Microsoft Edge...
The vulnerability of the Chrome web browser’s angle library, allowing a hacker to execute arbitrary code
The vulnerability of the Chrome web browser’s angle library arises from an operation that goes beyond the buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code, cause system failures, or disclose sensitive information through a specially...
DEBIAN-CVE-2018-19206
steps/mail/func.inc in Roundcube before 1.3.8 has XSS via crafted use of , as demonstrated by an onload attribute in a BODY element, within an HTML attachment...
Google Chrome Extensions UI Spoofing Vulnerability
Google Chrome is a web browser developed by Google, Inc.Extensions is one of the browser extensions. A security vulnerability exists in Extensions in Google Chrome versions prior to 70.0.3538.67. The vulnerability can be exploited by remote attackers to spoof the contents of an extension pop-up...
chromium-browser: User confirmation bypass in external protocol handling
The default selected dialog button in CustomHandlers in Google Chrome prior to 69.0.3497.81 allowed a remote attacker who convinced the user to perform certain operations to open external programs via a crafted HTML page...