100 matches found
AZL-41613 CVE-2019-10638 affecting package hyperv-daemons for versions less than 6.6.35.1-1
In the Linux kernel before 5.1.7, a device can be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols e.g., UDP and ICMP. When such traffic is sent to multiple destination IP addresses, it is possible to obtain hash collisions of indices to the counter...
chromium-browser: URL spoof in Omnibox
Incorrect handling of history on iOS in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...
chromium-browser: incorrect handling of url fragment identifiers in blink
Insufficient encoding of URL fragment identifiers in Blink in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform a DOM based XSS attack via a crafted HTML page...
Google Chrome Omnibox URL Forgery Vulnerability (CNVD-2017-07272)
Google Chrome is a web browser developed by Google Inc. in the United States. A URL forgery vulnerability exists in Google Chrome Omnibox, which allows remote attackers to exploit this vulnerability by submitting a special WEB page and tricking the user into parsing it, which can be used to spoof...
The vulnerability of the Windows operating system allows a perpetrator to obtain confidential information from the process memory.
The vulnerability of the Uniscribe component of the Windows operating system is related to the lack of protection for service data. Exploiting this vulnerability allows a malicious actor, acting remotely, to obtain confidential information from the process’s memory through a specially crafted web...
Cross-Site Scripting Vulnerability in Laravel PHP Framework
Laravel PHP Framework is a CMS system based on the php language. A cross-site scripting vulnerability exists in Laravel PHP Framework. The program fails to filter user-supplied input, which allows an attacker to construct a malicious web page and trick users into parsing it to execute arbitrary...
Microsoft Edge browser vulnerability, allowing attackers to gain access to the “My Documents” folder
The vulnerability of Microsoft Edge relates to the lack of protection for service data. Exploiting this vulnerability allows a malicious actor to gain access to the “My Documents” folder through a specially crafted web page...
CVE-2016-6426
The jspringsecurityswitchuser function in Cisco Unified Intelligence Center CUIC 8.5.4 through 9.11, as used in Unified Contact Center Express 10.01 through 11.01, allows remote attackers to create user accounts by visiting an unspecified web page, aka Bug IDs CSCuy75027 and CSCuy81653...
Google Chrome pdfium Heap Memory Misreference Vulnerability
Google Chrome is an open source WEB browser. Google Chrome pdfium handling suffers from a heap memory misreference vulnerability that allows an attacker to construct a malicious WEB page and trick the user into parsing it, which can crash the application or execute arbitrary code...
Mozilla Firefox and Firefox ESR 'ReadbackResultWriterD3D11::Run' Buffer Overflow Vulnerability
Mozilla Firefox is an open source web browser. A security vulnerability exists in the Mozilla Firefox 'ReadbackResultWriterD3D11::Run' function, which allows attackers to construct a malicious WEB page and trick the user into parsing it, which can crash the application or execute arbitrary code...
Apple Safari Cross-Domain Image Data Access Vulnerability
Apple Safari is an open source WEB browser. A security vulnerability exists in Apple Safari that allows remote attackers to exploit a vulnerability to construct malicious WEB pages that can be tricked into parsing by the user to access image data across domains...
Unspecified vulnerability in Oracle MySQL Server:Optimizer component (CNVD-2015-04910)
Oracle MySQL Server is a relational and popular database. A security vulnerability exists in the Server:Optimizer subcomponent of Oracle MySQL Server, which can be exploited by remote attackers to construct a malicious WEB page and trick users into parsing it, which can impact system availability...
Adobe Flash Player and AIR Heap Buffer Overflow Vulnerability (CNVD-2015-04556 )
Adobe Flash Player is a player that parses SWF content. Adobe AIR is a technology developed for the integration of web and desktop applications, which allows you to control cloud-based programs on the web without having to go through a browser. A heap buffer overflow vulnerability exists in the...
Oracle Data Quality TSS12.DscXB.XB ActiveX Control Memory Misreference Vulnerability
Oracle Data Quality is a suite of software that provides a comprehensive data quality management environment. A memory misreference vulnerability in the onloadstatechange method of the TSS12.DscXB.XB ActiveX control in Oracle Data Quality allows remote attackers to construct a malicious WEB page...
Google Chrome Speech Memory Misreference Vulnerability
Google Chrome is a simple and efficiently designed web browsing tool developed by Google. A memory misreference vulnerability in the Google Chrome Speech implementation browser/speech/ttsmessagefilter.cc allows attackers to exploit the vulnerability to construct a malicious WEB page that can be...
Firefox information disclosure flaw
Mozilla Firefox 3 before 3.0.11 associates an incorrect principal with a file: URL loaded through the location bar, which allows user-assisted remote attackers to bypass intended access restrictions and read files via a crafted HTML document, aka a "file-URL-to-file-URL scripting" attack...
security flaw
Firefox before 1.0.7 and Mozilla before Suite 1.7.12 allows remote attackers to execute Javascript with chrome privileges via an about: page such as about:mozilla...
VulnCheck KEV: CVE-2004-0839
Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup...
ie.frameloop.txt
Microsoft Internet Explorer 4.x 5.x - Frame Loop Vulnerability PROBLEM: It is possible to create a malicious webpage that when visited by an IE user all of their system resources are devoured and depending on the system its possible that the machine can even crash and reboot itself. The reason yo...
Microsoft Internet Explorer 5.04.0.1 - iFrame
Microsoft Internet Explorer 5.04.0.1 - iFrame Microsoft Internet Explorer 5.0 for Windows 2000/Windows 95/Windows 98/Windows NT 4,Internet Explorer 4.0.1 for Windows 98/Windows NT 4.0/Unix 5.0 IFRAME Vulnerability source: https://www.securityfocus.com/bid/696/info Internet Explorer 5 will allow a...