Debian: Security Advisory (DSA-4020-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE Security Update : chromium (openSUSE-2017-1221)

This update to Chromium 62.0.3202.75 fixes the following security issues : - CVE-2017-5124: UXSS with MHTML - CVE-2017-5125: Heap overflow in Skia - CVE-2017-5126: Use after free in PDFium - CVE-2017-5127: Use after free in PDFium - CVE-2017-5128: Heap overflow in WebGL - CVE-2017-5129: Use after...

Security update for chromium (important)

This update to Chromium 62.0.3202.75 fixes the following security issues: - CVE-2017-5124: UXSS with MHTML - CVE-2017-5125: Heap overflow in Skia - CVE-2017-5126: Use after free in PDFium - CVE-2017-5127: Use after free in PDFium - CVE-2017-5128: Heap overflow in WebGL - CVE-2017-5129: Use after...

chromium-browser: uxss with mhtml

Incorrect application of sandboxing in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted MHTML page...

Webkit (Chome 61) - MHTML Universal Cross-site Scripting

Webkit Chome 61 - MHTML Universal Cross-site Scripting MIME-Version: 1.0 Content-Type: multipart/related; type="text/html"; boundary="----MultipartBoundary--" CVE-2017-5124 ------MultipartBoundary-- Content-Type: application/xml; ------MultipartBoundary-- Content-Type: text/html Content-Location:...

Webkit (Chome < 61) - 'MHTML' Universal Cross-site Scripting

MIME-Version: 1.0 Content-Type: multipart/related; type="text/html"; boundary="----MultipartBoundary--" CVE-2017-5124 ------MultipartBoundary-- Content-Type: application/xml; ------MultipartBoundary-- Content-Type: text/html Content-Location: https://google.com alert'Location origin:...

Code injection

In Apache Spark before 2.2.0, it is possible for an attacker to take advantage of a user's trust in the server to trick them into visiting a link that points to a shared Spark cluster and submits data including MHTML to the Spark master, or history server. This data, which could contain a script,...

CVE-2017-7678

CVE-2017-7678 affects Apache Spark up to version 2.2.0, where the web UI may reflect user-supplied data (including MHTML) back to the user. The root cause is improper validation of input by the Spark web UI, allowing an attacker to lure a user into a link pointing to a shared Spark cluster and tr...

MS11-037: Vulnerability in MHTML could allow information disclosure: June 14, 2011

MS11-037: Vulnerability in MHTML could allow information disclosure: June 14, 2011 INTRODUCTION Microsoft has released security bulletin MS11-037. To view the complete security bulletin, visit one of the following Microsoft websites: Home users:...

chromium-browser: various fixes from internal audits

The PageCaptureSaveAsMHTMLFunction::ReturnFailure function in browser/extensions/api/pagecapture/pagecaptureapi.cc in Google Chrome before 49.0.2623.108 allows attackers to cause a denial of service or possibly have unspecified other impact by triggering an error in creating an MHTML document...

Google Chrome PageCaptureSaveAsMHTMLFunction::ReturnFailure Denial of Service Vulnerability

Google Chrome is a web browsing tool developed by Google. Google Chrome versions prior to 49.0.2623.108, browser/extensions/api/pagecapture/pagecaptureapi.cc/PageCaptureSaveAsMHTMLFunction:. A denial of service vulnerability exists in the ReturnFailure implementation, which can be exploited by...

CVE-2016-1650

The PageCaptureSaveAsMHTMLFunction::ReturnFailure function in browser/extensions/api/pagecapture/pagecaptureapi.cc in Google Chrome before 49.0.2623.108 allows attackers to cause a denial of service or possibly have unspecified other impact by triggering an error in creating an MHTML document...

CVE-2016-1650

The PageCaptureSaveAsMHTMLFunction::ReturnFailure function in browser/extensions/api/pagecapture/pagecaptureapi.cc in Google Chrome before 49.0.2623.108 allows attackers to cause a denial of service or possibly have unspecified other impact by triggering an error in creating an MHTML document...

Design/Logic Flaw

The PageCaptureSaveAsMHTMLFunction::ReturnFailure function in browser/extensions/api/pagecapture/pagecaptureapi.cc in Google Chrome before 49.0.2623.108 allows attackers to cause a denial of service or possibly have unspecified other impact by triggering an error in creating an MHTML document...

UBUNTU-CVE-2016-1650

The PageCaptureSaveAsMHTMLFunction::ReturnFailure function in browser/extensions/api/pagecapture/pagecaptureapi.cc in Google Chrome before 49.0.2623.108 allows attackers to cause a denial of service or possibly have unspecified other impact by triggering an error in creating an MHTML document...

CVE-2016-1650

Removed by vendor...

CVE-2016-1650

The PageCaptureSaveAsMHTMLFunction::ReturnFailure function in browser/extensions/api/pagecapture/pagecaptureapi.cc in Google Chrome before 49.0.2623.108 allows attackers to cause a denial of service or possibly have unspecified other impact by triggering an error in creating an MHTML document...

Microsoft Internet Explorer MHTML Content Blocks Information Disclosure - Ver2 (CVE-2011-0096)

MHTML MIME Encapsulation of Aggregate HTML is an Internet standard that defines the MIME structure that is used to wrap HTML content. An information disclosure vulnerability has been reported in Microsoft Windows MHTML protocol. The vulnerability is due to the way MHTML interprets MIME-formatted...

CVE-2014-0968

Cross-site scripting XSS vulnerability in the GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.x and 11.x before 11.0 FP4 and InfoSphere Master Data Management Server for Product Information Management 9.0 and 9.1 allows remote authenticated users to inject...

Cross site scripting

Cross-site scripting XSS vulnerability in the GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.x and 11.x before 11.0 FP4 and InfoSphere Master Data Management Server for Product Information Management 9.0 and 9.1 allows remote authenticated users to inject...