Lucene search
K

100 matches found

OSV
OSV
added 2019/07/05 11:15 p.m.9 views

AZL-41613 CVE-2019-10638 affecting package hyperv-daemons for versions less than 6.6.35.1-1

In the Linux kernel before 5.1.7, a device can be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols e.g., UDP and ICMP. When such traffic is sent to multiple destination IP addresses, it is possible to obtain hash collisions of indices to the counter...

6.5CVSS6.6AI score0.02571EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2018/10/24 10:6 p.m.5 views

chromium-browser: URL spoof in Omnibox

Incorrect handling of history on iOS in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...

4.3CVSS7.4AI score0.01212EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2018/03/12 6:21 p.m.7 views

chromium-browser: incorrect handling of url fragment identifiers in blink

Insufficient encoding of URL fragment identifiers in Blink in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform a DOM based XSS attack via a crafted HTML page...

6.1CVSS7.4AI score0.01159EPSS
Exploits0References5
CNVD
CNVD
added 2017/05/05 12:0 a.m.9 views

Google Chrome Omnibox URL Forgery Vulnerability (CNVD-2017-07272)

Google Chrome is a web browser developed by Google Inc. in the United States. A URL forgery vulnerability exists in Google Chrome Omnibox, which allows remote attackers to exploit this vulnerability by submitting a special WEB page and tricking the user into parsing it, which can be used to spoof...

5.3CVSS8.7AI score0.01204EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2017/03/23 12:0 a.m.8 views

The vulnerability of the Windows operating system allows a perpetrator to obtain confidential information from the process memory.

The vulnerability of the Uniscribe component of the Windows operating system is related to the lack of protection for service data. Exploiting this vulnerability allows a malicious actor, acting remotely, to obtain confidential information from the process’s memory through a specially crafted web...

4.3CVSS5.8AI score0.22471EPSS
Exploits0References3
CNVD
CNVD
added 2017/03/07 12:0 a.m.2 views

Cross-Site Scripting Vulnerability in Laravel PHP Framework

Laravel PHP Framework is a CMS system based on the php language. A cross-site scripting vulnerability exists in Laravel PHP Framework. The program fails to filter user-supplied input, which allows an attacker to construct a malicious web page and trick users into parsing it to execute arbitrary...

6.8AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2016/12/27 12:0 a.m.7 views

Microsoft Edge browser vulnerability, allowing attackers to gain access to the “My Documents” folder

The vulnerability of Microsoft Edge relates to the lack of protection for service data. Exploiting this vulnerability allows a malicious actor to gain access to the “My Documents” folder through a specially crafted web page...

2.6CVSS7.2AI score0.64892EPSS
Exploits0References4
OSV
OSV
added 2016/10/05 9:59 p.m.3 views

CVE-2016-6426

The jspringsecurityswitchuser function in Cisco Unified Intelligence Center CUIC 8.5.4 through 9.11, as used in Unified Contact Center Express 10.01 through 11.01, allows remote attackers to create user accounts by visiting an unspecified web page, aka Bug IDs CSCuy75027 and CSCuy81653...

7.5CVSS5.8AI score0.01301EPSS
Exploits0References3
CNVD
CNVD
added 2016/04/27 12:0 a.m.3 views

Google Chrome pdfium Heap Memory Misreference Vulnerability

Google Chrome is an open source WEB browser. Google Chrome pdfium handling suffers from a heap memory misreference vulnerability that allows an attacker to construct a malicious WEB page and trick the user into parsing it, which can crash the application or execute arbitrary code...

7.4AI score
Exploits0References1
CNVD
CNVD
added 2015/09/27 12:0 a.m.1 views

Mozilla Firefox and Firefox ESR 'ReadbackResultWriterD3D11::Run' Buffer Overflow Vulnerability

Mozilla Firefox is an open source web browser. A security vulnerability exists in the Mozilla Firefox 'ReadbackResultWriterD3D11::Run' function, which allows attackers to construct a malicious WEB page and trick the user into parsing it, which can crash the application or execute arbitrary code...

7.5CVSS9.1AI score0.03467EPSS
Exploits0References1
CNVD
CNVD
added 2015/08/19 12:0 a.m.1 views

Apple Safari Cross-Domain Image Data Access Vulnerability

Apple Safari is an open source WEB browser. A security vulnerability exists in Apple Safari that allows remote attackers to exploit a vulnerability to construct malicious WEB pages that can be tricked into parsing by the user to access image data across domains...

5CVSS6.5AI score0.02655EPSS
Exploits0References1
CNVD
CNVD
added 2015/07/20 12:0 a.m.1 views

Unspecified vulnerability in Oracle MySQL Server:Optimizer component (CNVD-2015-04910)

Oracle MySQL Server is a relational and popular database. A security vulnerability exists in the Server:Optimizer subcomponent of Oracle MySQL Server, which can be exploited by remote attackers to construct a malicious WEB page and trick users into parsing it, which can impact system availability...

3.5CVSS7.2AI score0.06964EPSS
Exploits0References1
CNVD
CNVD
added 2015/07/12 12:0 a.m.1 views

Adobe Flash Player and AIR Heap Buffer Overflow Vulnerability (CNVD-2015-04556 )

Adobe Flash Player is a player that parses SWF content. Adobe AIR is a technology developed for the integration of web and desktop applications, which allows you to control cloud-based programs on the web without having to go through a browser. A heap buffer overflow vulnerability exists in the...

10CVSS7.8AI score0.27251EPSS
Exploits0References1
CNVD
CNVD
added 2015/05/07 12:0 a.m.3 views

Oracle Data Quality TSS12.DscXB.XB ActiveX Control Memory Misreference Vulnerability

Oracle Data Quality is a suite of software that provides a comprehensive data quality management environment. A memory misreference vulnerability in the onloadstatechange method of the TSS12.DscXB.XB ActiveX control in Oracle Data Quality allows remote attackers to construct a malicious WEB page...

6.8CVSS7.7AI score0.0189EPSS
Exploits0References1
CNVD
CNVD
added 2015/01/26 12:0 a.m.3 views

Google Chrome Speech Memory Misreference Vulnerability

Google Chrome is a simple and efficiently designed web browsing tool developed by Google. A memory misreference vulnerability in the Google Chrome Speech implementation browser/speech/ttsmessagefilter.cc allows attackers to exploit the vulnerability to construct a malicious WEB page that can be...

7.5CVSS7.3AI score0.01605EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2009/06/11 10:41 p.m.3 views

Firefox information disclosure flaw

Mozilla Firefox 3 before 3.0.11 associates an incorrect principal with a file: URL loaded through the location bar, which allows user-assisted remote attackers to bypass intended access restrictions and read files via a crafted HTML document, aka a "file-URL-to-file-URL scripting" attack...

5.4CVSS5.9AI score0.07124EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2005/09/22 8:16 p.m.5 views

security flaw

Firefox before 1.0.7 and Mozilla before Suite 1.7.12 allows remote attackers to execute Javascript with chrome privileges via an about: page such as about:mozilla...

6.4CVSS6AI score0.02763EPSS
Exploits0References4
VulnCheck KEV
VulnCheck KEV
added 2004/11/09 12:0 a.m.3 views

VulnCheck KEV: CVE-2004-0839

Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup...

5CVSS5.9AI score0.33081EPSS
Exploits1References1
Packet Storm
Packet Storm
added 1999/12/09 12:0 a.m.23 views

ie.frameloop.txt

Microsoft Internet Explorer 4.x 5.x - Frame Loop Vulnerability PROBLEM: It is possible to create a malicious webpage that when visited by an IE user all of their system resources are devoured and depending on the system its possible that the machine can even crash and reboot itself. The reason yo...

7.4AI score
Exploits0
exploitpack
exploitpack
added 1999/10/11 12:0 a.m.13 views

Microsoft Internet Explorer 5.04.0.1 - iFrame

Microsoft Internet Explorer 5.04.0.1 - iFrame Microsoft Internet Explorer 5.0 for Windows 2000/Windows 95/Windows 98/Windows NT 4,Internet Explorer 4.0.1 for Windows 98/Windows NT 4.0/Unix 5.0 IFRAME Vulnerability source: https://www.securityfocus.com/bid/696/info Internet Explorer 5 will allow a...

7.4AI score
Exploits0
Rows per page
Query Builder