Cross site request forgery (csrf)

A request-validation issue was discovered in Open5GS 2.1.3 through 2.2.x before 2.2.1. The WebUI component allows an unauthenticated user to use a crafted HTTP API request to create, read, update, or delete entries in the subscriber database. For example, new administrative users can be added. Th...

KLA12106 Multiple vulnerabilities in Google Chrome

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, bypass security restrictions, spoof user interface, obtain sensitive information. Below is a complete list of vulnerabilities: 1. A heap buff...

DL1 bug fix and enhancement update

An update is available for python-jwcrypto, custodia, python-qrcode, python-yubico, python-kdcproxy, pyusb. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Rocky...

ALBA-2021:0547 idm:DL1 bug fix and enhancement update

AlmaLinux Identity Management IdM is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Bug Fixes and Enhancements: IPA WebUI inaccessible after upgrading to AlmaLinux 8.3.- idoverride-memberof.js missing...

CVE-2020-29031 Insecure Direct Object Reference in GateManager WebUI can cause privilege escalation

An Insecure Direct Object Reference vulnerability exists in the web UI of the GateManager which allows an authenticated attacker to reset the password of any user in its domain or any sub-domain, via escalation of privileges. This issue affects all GateManager versions prior to 9.2c...

Sandbox Restrictions Bypass

chromium is vulnerable to sandbox restrictions bypass. Insufficient policy enforcement in WebUI allows an attacker who has tricked a user into installing a malicious extension to perform a sandbox escape via a malicious Chrome Extension...

Security update for chromium (important)

openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2021:0048-1 Rating: important References: 1180645 Cross-References: CVE-2020-15995 CVE-2020-16043 CVE-2021-21106 CVE-2021-21107 CVE-2021-21108 CVE-2021-21109 CVE-2021-21110 CVE-2021-21111 CVE-2021-21112...

Security update for chromium (important)

openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2021:0041-1 Rating: important References: 1180645 Cross-References: CVE-2020-15995 CVE-2020-16043 CVE-2021-21106 CVE-2021-21107 CVE-2021-21108 CVE-2021-21109 CVE-2021-21110 CVE-2021-21111 CVE-2021-21112...

CVE-2021-21111

Insufficient policy enforcement in WebUI in Google Chrome prior to 87.0.4280.141 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension...

DEBIAN-CVE-2021-21111

Insufficient policy enforcement in WebUI in Google Chrome prior to 87.0.4280.141 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension...

CVE-2021-21111

Insufficient policy enforcement in WebUI in Google Chrome prior to 87.0.4280.141 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension...

Authorization

Insufficient policy enforcement in WebUI in Google Chrome prior to 87.0.4280.141 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension...

CVE-2021-21111

CVE-2021-21111 concerns Chromium/WebUI: insufficient policy enforcement prior to 87.0.4280.141 allows a user who installs a crafted malicious extension to potentially perform a sandbox escape. Affected: Chromium-based Chrome/Chromium up to the 87.0.4280.141 release. Impact: remote code execution ...

CVE-2021-21111

Insufficient policy enforcement in WebUI in Google Chrome prior to 87.0.4280.141 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension...

CVE-2021-21111

Insufficient policy enforcement in WebUI in Google Chrome prior to 87.0.4280.141 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension...

Google Chrome 访问控制错误漏洞

Google Chrome is a web browser from Google, an American company. A policy enforcement deficiency vulnerability exists in the WebUI in versions prior to Google Chrome 87.0.4280.141. An attacker can exploit the vulnerability to perform sandbox escaping via a specially crafted Chrome extension...

Google Chrome Insufficient Policy Enforcement Vulnerability (CNVD-2021-04416)

Google Chrome is a web browser from Google, an American company. A policy enforcement deficiency vulnerability exists in the WebUI in versions prior to Google Chrome 87.0.4280.141. An attacker can exploit the vulnerability to perform sandbox escaping via a specially crafted Chrome extension...

Arbitrary Code Execution

chromium is vulnerable to arbitrary code execution. The vulnerability exists through insufficient data validation in webUI that allows a local attacker to bypass content security policy via a crafted HTML page...

Cross-Site Scripting (XSS)

chromium is vulnerable to cross-site scripting. Insufficient data validation in WebUI allows a remote attacker, who has compromised the renderer process, to inject scripts or HTML into a privileged page via a malicious HTML page...

CVE-2020-29539

A Cross-Site Scripting XSS issue in WebUI Translation in Systran Pure Neural Server before 9.7.0 allows a threat actor to have a remote authenticated user run JavaScript from a malicious site...