Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

89 matches found

OSV
OSVadded 2021/08/24 7:15 p.m.2 views

UBUNTU-CVE-2021-30897

An issue existed in the specification for the resource timing API. The specification was updated and the updated specification was implemented. This issue is fixed in macOS Monterey 12.0.1. A malicious website may exfiltrate data cross-origin...

6.5CVSS6.8AI score0.00312EPSS
Exploits0References3
AlpineLinux
AlpineLinuxadded 2021/08/24 6:50 p.m.41 views

CVE-2021-30897

An issue existed in the specification for the resource timing API. The specification was updated and the updated specification was implemented. This issue is fixed in macOS Monterey 12.0.1. A malicious website may exfiltrate data cross-origin...

6.5CVSS7.1AI score0.00312EPSS
Exploits0
CVE
CVEadded 2021/08/24 6:50 p.m.173 views

CVE-2021-30897

CVE-2021-30897 : The issue is in the resource timing API specification; the updated spec was implemented. It is fixed in macOS Monterey 12.0.1. A malicious site could exfiltrate cross-origin data via resource timing timing data. The connected advisories (MiracleLinux/Alibaba/Tencent/Ten able) rei...

6.5CVSS7.1AI score0.00312EPSS
Exploits0References3Affected Software4
BDU FSTEC
BDU FSTECadded 2021/01/13 12:0 a.m.1 views

The vulnerability in the Resource Timing API interface of Firefox browsers, Firefox ESR, and the Thunderbird email client allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Resource Timing API interface in browsers such as Firefox, Firefox ESR, and the email client Thunderbird is related to improper neutralization of alternative syntax in XSS attacks. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthoriz...

7.1CVSS7.1AI score0.00862EPSS
Exploits0References19Affected Software10
Tenable Nessus
Tenable Nessusadded 2019/08/12 12:0 a.m.32 views

NewStart CGSL MAIN 5.04 : firefox Multiple Vulnerabilities (NS-SA-2019-0001)

The remote NewStart CGSL host, running version MAIN 5.04, has firefox packages installed that are affected by multiple vulnerabilities: - A privacy flaw was discovered in Firefox. In Private Browsing mode, a web worker could write persistent data to IndexedDB, which was not cleared when exiting a...

10CVSS7.7AI score0.28905EPSS
Exploits1References5
Veracode
Veracodeadded 2019/05/02 6:37 a.m.24 views

Information Disclosure

Firefox is vulnerable to information disclosure attacks. A remote user could trigger a same-origin policy bypass in the Resource Timing API to view potentially sensitive URLs on the target user's system...

6.5CVSS7.4AI score0.00862EPSS
Exploits0References15Affected Software2
Veracode
Veracodeadded 2019/01/15 9:13 a.m.24 views

Information Disclosure

firefox is vulnerable to information disclosure attacks. The vulnerability exists as Mozilla Firefox before 48.0, Firefox ESR 45.4 and Thunderbird 45.4 allow remote attackers to obtain sensitive information about the previously retrieved page via Resource Timing API calls...

4.3CVSS6.3AI score0.00527EPSS
Exploits0References3Affected Software1
CNVD
CNVDadded 2018/08/30 12:0 a.m.3 views

Google Chrome Information Disclosure Vulnerability (CNVD-2018-20146)

Google Chrome is a web browser developed by the American company Google Google. A security vulnerability exists in the Resource Timing API in Google Chrome versions prior to 63.0.3239.84, which stems from insufficient policy enforcement. The vulnerability can be exploited by a remote attacker to...

6.5CVSS7AI score0.0071EPSS
Exploits0References1
NVD
NVDadded 2018/08/28 7:29 p.m.14 views

CVE-2017-15419

Insufficient policy enforcement in Resource Timing API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to infer browsing history by triggering a leaked cross-origin URL via a crafted HTML page...

6.5CVSS6.6AI score0.0071EPSS
Exploits0References5
UbuntuCve
UbuntuCveadded 2018/08/28 7:29 p.m.30 views

CVE-2017-15419

Insufficient policy enforcement in Resource Timing API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to infer browsing history by triggering a leaked cross-origin URL via a crafted HTML page...

6.5CVSS7AI score0.0071EPSS
Exploits0References1
OSV
OSVadded 2018/08/28 7:29 p.m.0 views

UBUNTU-CVE-2017-15419

Insufficient policy enforcement in Resource Timing API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to infer browsing history by triggering a leaked cross-origin URL via a crafted HTML page...

6.5CVSS7.3AI score0.0071EPSS
Exploits0References2
Prion
Prionadded 2018/08/28 7:29 p.m.16 views

Design/Logic Flaw

Insufficient policy enforcement in Resource Timing API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to infer browsing history by triggering a leaked cross-origin URL via a crafted HTML page...

4.3CVSS6.3AI score0.0071EPSS
Exploits0References5Affected Software5
Debian CVE
Debian CVEadded 2018/08/28 7:0 p.m.25 views

CVE-2017-15419

Removed by vendor...

6.5CVSS8.1AI score0.0071EPSS
Exploits0
CVE
CVEadded 2018/08/28 7:0 p.m.99 views

CVE-2017-15419

CVE-2017-15419 describes an information-disclosure vulnerability in Google Chrome’s Resource Timing API before 63.0.3239.84. The root cause is insufficient policy enforcement, allowing a remote attacker to leak cross-origin URLs via a crafted HTML page and infer browsing history. Affected product...

6.5CVSS6.3AI score0.0071EPSS
Exploits0References5Affected Software3
Cvelist
Cvelistadded 2018/08/28 7:0 p.m.21 views

CVE-2017-15419

Insufficient policy enforcement in Resource Timing API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to infer browsing history by triggering a leaked cross-origin URL via a crafted HTML page...

6.5AI score0.0071EPSS
Exploits0References5
NVD
NVDadded 2018/06/11 9:29 p.m.16 views

CVE-2017-7830

The Resource Timing API incorrectly revealed navigations in cross-origin iframes. This is a same-origin policy violation and could allow for data theft of URLs loaded by users. This vulnerability affects Firefox 57, Firefox ESR 52.5, and Thunderbird 52.5...

6.5CVSS7.1AI score0.00862EPSS
Exploits0References13
OSV
OSVadded 2018/06/11 9:29 p.m.6 views

CVE-2017-7830

The Resource Timing API incorrectly revealed navigations in cross-origin iframes. This is a same-origin policy violation and could allow for data theft of URLs loaded by users. This vulnerability affects Firefox 57, Firefox ESR 52.5, and Thunderbird 52.5...

6.5CVSS7.7AI score
Exploits0References13
CVE
CVEadded 2018/06/11 9:0 p.m.146 views

CVE-2017-7830

CVE-2017-7830 involves a cross-origin information disclosure through the Resource Timing API that could reveal navigations loaded in iframes, constituting a same-origin policy violation. Public documentation in Debian and CVE databases tie this to WebKit-related handling in Safari/WebKit componen...

6.5CVSS7.1AI score0.00862EPSS
Exploits0References13Affected Software1
Debian CVE
Debian CVEadded 2018/06/11 9:0 p.m.32 views

CVE-2017-7830

The Resource Timing API incorrectly revealed navigations in cross-origin iframes. This is a same-origin policy violation and could allow for data theft of URLs loaded by users. This vulnerability affects Firefox 57, Firefox ESR 52.5, and Thunderbird 52.5...

6.5CVSS8.4AI score0.00862EPSS
Exploits0
Cvelist
Cvelistadded 2018/06/11 9:0 p.m.21 views

CVE-2017-7830

The Resource Timing API incorrectly revealed navigations in cross-origin iframes. This is a same-origin policy violation and could allow for data theft of URLs loaded by users. This vulnerability affects Firefox 57, Firefox ESR 52.5, and Thunderbird 52.5...

7.3AI score0.00862EPSS
Exploits0References13
Rows per page
Query Builder