Lucene search
K

7 matches found

Amazon
Amazon
added 2023/09/25 12:0 a.m.6 views

Important: firefox

Issue Overview: Integer overflow vulnerability in avtimecodemakestring in libavutil/timecode.c in FFmpeg version 4.3.2, allows local attackers to cause a denial of service DoS via crafted .mov file. CVE-2021-28429 A vulnerability was found in expat. With this flaw, it is possible to create a...

8.8CVSS10AI score0.01659EPSS
Exploits0
OSV
OSV
added 2022/09/28 12:0 a.m.6 views

UBUNTU-CVE-2022-40956

When injecting an HTML base element, some requests would ignore the CSP's base-uri settings and accept the injected element's base instead. This vulnerability affects Firefox ESR 102.3, Thunderbird 102.3, and Firefox 105...

6.1CVSS6.8AI score0.00877EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2022/09/26 3:57 p.m.11 views

Mozilla: Content-Security-Policy base-uri bypass

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that when injecting an HTML base element; some requests would ignore the CSP's base-uri settings and accept the injected element's base instead...

6.1CVSS7.3AI score0.00877EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/09/26 3:37 p.m.5 views

Mozilla: Content-Security-Policy base-uri bypass

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that when injecting an HTML base element; some requests would ignore the CSP's base-uri settings and accept the injected element's base instead...

6.1CVSS7.3AI score0.00877EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/09/26 2:54 p.m.5 views

Mozilla: Content-Security-Policy base-uri bypass

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that when injecting an HTML base element; some requests would ignore the CSP's base-uri settings and accept the injected element's base instead...

6.1CVSS7.3AI score0.00877EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/09/26 2:16 p.m.15 views

Mozilla: Content-Security-Policy base-uri bypass

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that when injecting an HTML base element; some requests would ignore the CSP's base-uri settings and accept the injected element's base instead...

6.1CVSS7.3AI score0.00877EPSS
Exploits0References5
OSV
OSV
added 2022/09/21 6:15 p.m.7 views

MGASA-2022-0344 Updated firefox packages fix security vulnerabilities

When injecting an HTML base element, some requests would ignore the CSP's base-uri settings and accept the injected element's base instead CVE-2022-40956. By injecting a cookie with certain special characters, an attacker on a shared subdomain which is not a secure context could set and thus...

8.8CVSS8.1AI score0.01342EPSS
Exploits0References6
Rows per page
Query Builder