Lucene search
K

271 matches found

CVE
CVE
added 2017/12/12 2:0 p.m.46 views

CVE-2017-16690

CVE-2017-16690 describes a DLL preloading vulnerability in SAP Plant Connectivity (NwSapSetup/SAPSetup) where DLLs (e.g., DWMAPI.dll) may be loaded from the executable’s folder rather than system folders. Root cause: the loader uses the local folder before system directories, enabling code execut...

7.8CVSS7.6AI score0.01057EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2017/11/16 7:29 a.m.8 views

Input validation

An untrusted search path aka DLL Preload vulnerability in the Cisco Network Academy Packet Tracer software could allow an authenticated, local attacker to execute arbitrary code via DLL hijacking if a local user with administrative privileges executes the installer in the current working director...

7.2CVSS6.7AI score0.00536EPSS
Exploits0References2
CVE
CVE
added 2017/11/16 7:0 a.m.52 views

CVE-2017-12313

CVE-2017-12313 affects Cisco Network Academy Packet Tracer. The issue is an untrusted search path (DLL Preload) vulnerability caused by insufficient input validation of DLL paths/filenames before loading. A local, authenticated user with administrative privileges could place a crafted DLL in a ta...

7.2CVSS6.8AI score0.00536EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2017/11/16 7:0 a.m.19 views

CVE-2017-12313

An untrusted search path aka DLL Preload vulnerability in the Cisco Network Academy Packet Tracer software could allow an authenticated, local attacker to execute arbitrary code via DLL hijacking if a local user with administrative privileges executes the installer in the current working director...

6.8AI score0.00536EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2017/06/21 3:11 p.m.5 views

glibc: heap/stack gap jumping via unbounded stack allocations

A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap or different memory region and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process sta...

7.8CVSS7AI score0.02733EPSS
Exploits14References6
Hacker One
Hacker One
added 2017/06/21 11:35 a.m.220 views

Paragon Initiative Enterprises: Non-secure requests are not automatically upgraded to HTTPS

Non-secure requests to bridge.cspr.ng e.g. http://bridge.cspr.ng/ are not automatically upgraded to HTTPS. This is not something you would notice when you use the latest version of modern web browsers such as Google Chrome or Firefox, because bridge.cspr.ng is HSTS preloaded. When a domain is...

6.6AI score
Exploits0
RedHat Linux
RedHat Linux
added 2017/06/19 7:36 p.m.6 views

glibc: heap/stack gap jumping via unbounded stack allocations

A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap or different memory region and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process sta...

7.8CVSS7AI score0.02733EPSS
Exploits14References6
RedHat Linux
RedHat Linux
added 2017/06/19 6:49 p.m.5 views

glibc: heap/stack gap jumping via unbounded stack allocations

A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap or different memory region and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process sta...

7.8CVSS7AI score0.02733EPSS
Exploits14References6
Positive Technologies
Positive Technologies
added 2017/06/08 12:0 a.m.9 views

PT-2017-3348

Name of the Vulnerable Software and Affected Versions Embedthis GoAhead versions prior to 3.6.5 Description The issue is related to the initialization of the environment of forked CGI scripts using untrusted HTTP request parameters in the cgiHandler function. This can be abused for remote code...

8.1CVSS8.4AI score0.96327EPSS
Exploits15References21
OSV
OSV
added 2017/03/02 8:59 p.m.6 views

CVE-2017-5233

Rapid7 AppSpider Pro installers prior to version 6.14.053 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer...

7.8CVSS5.8AI score0.00875EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2016/09/19 12:0 a.m.10 views

The vulnerability of Google Chrome browser allows a perpetrator to bypass the protective mechanisms of CSP.

The vulnerability in the WebKit/Source/core/html/parser/HTMLPreloadScanner.cpp file of the Google Chrome browser’s Blink component relates to the lack of checks for links within an HTML document during its loading. Exploiting this vulnerability allows a malicious actor to circumvent the Content...

4.3CVSS7.1AI score0.01604EPSS
Exploits0References4Affected Software1
OpenVAS
OpenVAS
added 2016/08/22 12:0 a.m.51 views

SSL/TLS: `preload` Missing in HSTS Header

The remote web server is missing the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.105878";...

7.5AI score
Exploits0References6
CNVD
CNVD
added 2016/07/27 12:0 a.m.3 views

Google Chrome CSP Protection Mechanism Bypass Vulnerability

Google Chrome is a web browsing tool developed by Google. Google Chrome versions prior to 52.0.2743.82, Blink/WebKit/Source/core/html/parser/HTMLPreloadScanner.cpp does not take into account the referrer-policy information of the HTML document during the preload request, which could allow a remot...

6.5CVSS8.9AI score0.01604EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2016/07/26 5:18 a.m.2 views

chromium-browser: content-security-policy bypass

WebKit/Source/core/html/parser/HTMLPreloadScanner.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not consider referrer-policy information inside an HTML document during a preload request, which allows remote attackers to bypass the Content Security Policy CSP protection mechanis...

6.5CVSS7.4AI score0.01604EPSS
Exploits0References5
OSV
OSV
added 2016/07/23 7:59 p.m.1 views

CVE-2016-5135

WebKit/Source/core/html/parser/HTMLPreloadScanner.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not consider referrer-policy information inside an HTML document during a preload request, which allows remote attackers to bypass the Content Security Policy CSP protection mechanis...

6.5CVSS7AI score0.01604EPSS
Exploits0References13
NVD
NVD
added 2016/07/23 7:59 p.m.12 views

CVE-2016-5135

WebKit/Source/core/html/parser/HTMLPreloadScanner.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not consider referrer-policy information inside an HTML document during a preload request, which allows remote attackers to bypass the Content Security Policy CSP protection mechanis...

6.5CVSS7AI score0.01604EPSS
Exploits0References13
Prion
Prion
added 2016/07/23 7:59 p.m.14 views

Design/Logic Flaw

WebKit/Source/core/html/parser/HTMLPreloadScanner.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not consider referrer-policy information inside an HTML document during a preload request, which allows remote attackers to bypass the Content Security Policy CSP protection mechanis...

4.3CVSS6.1AI score0.01604EPSS
Exploits0References13Affected Software1
CVE
CVE
added 2016/07/23 7:0 p.m.99 views

CVE-2016-5135

Summary of CVE-2016-5135: In Blink’s HTMLPreloadScanner.cpp, the preload path did not take into account the referrer-policy within an HTML document, enabling a CSP bypass via a crafted site that uses a CSP header like Content-Security-Policy: referrer origin-when-cross-origin to override a meta r...

6.5CVSS6.8AI score0.01604EPSS
Exploits0References13Affected Software1
Cvelist
Cvelist
added 2016/07/23 7:0 p.m.16 views

CVE-2016-5135

WebKit/Source/core/html/parser/HTMLPreloadScanner.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not consider referrer-policy information inside an HTML document during a preload request, which allows remote attackers to bypass the Content Security Policy CSP protection mechanis...

7AI score0.01604EPSS
Exploits0References13
OSV
OSV
added 2016/07/23 12:0 a.m.2 views

UBUNTU-CVE-2016-5135

WebKit/Source/core/html/parser/HTMLPreloadScanner.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not consider referrer-policy information inside an HTML document during a preload request, which allows remote attackers to bypass the Content Security Policy CSP protection mechanis...

6.5CVSS7AI score0.01604EPSS
Exploits0References4
Rows per page
Query Builder