Lucene search
K

67 matches found

RedHat Linux
RedHat Linux
added 2023/01/25 3:30 p.m.7 views

Mozilla: Calls to <code>console.log</code> allowed bypasing Content Security Policy via format directive

The Mozilla Foundation Security Advisory describes this flaw as: Regular expressions used to filter out forbidden properties and values from style directives in calls to console.log weren't accounting for external URLs. Data could then be potentially exfiltrated from the browser...

6.5CVSS7.3AI score0.00641EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2023/01/25 3:29 p.m.4 views

Mozilla: Calls to <code>console.log</code> allowed bypasing Content Security Policy via format directive

The Mozilla Foundation Security Advisory describes this flaw as: Regular expressions used to filter out forbidden properties and values from style directives in calls to console.log weren't accounting for external URLs. Data could then be potentially exfiltrated from the browser...

6.5CVSS7.3AI score0.00641EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2023/01/25 3:27 p.m.4 views

Mozilla: Calls to <code>console.log</code> allowed bypasing Content Security Policy via format directive

The Mozilla Foundation Security Advisory describes this flaw as: Regular expressions used to filter out forbidden properties and values from style directives in calls to console.log weren't accounting for external URLs. Data could then be potentially exfiltrated from the browser...

6.5CVSS7.3AI score0.00641EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2023/01/25 3:20 p.m.4 views

Mozilla: Calls to <code>console.log</code> allowed bypasing Content Security Policy via format directive

The Mozilla Foundation Security Advisory describes this flaw as: Regular expressions used to filter out forbidden properties and values from style directives in calls to console.log weren't accounting for external URLs. Data could then be potentially exfiltrated from the browser...

6.5CVSS7.3AI score0.00641EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2023/01/23 10:5 a.m.5 views

Mozilla: Calls to <code>console.log</code> allowed bypasing Content Security Policy via format directive

The Mozilla Foundation Security Advisory describes this flaw as: Regular expressions used to filter out forbidden properties and values from style directives in calls to console.log weren't accounting for external URLs. Data could then be potentially exfiltrated from the browser...

6.5CVSS7.3AI score0.00641EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2023/01/23 10:3 a.m.3 views

Mozilla: Calls to <code>console.log</code> allowed bypasing Content Security Policy via format directive

The Mozilla Foundation Security Advisory describes this flaw as: Regular expressions used to filter out forbidden properties and values from style directives in calls to console.log weren't accounting for external URLs. Data could then be potentially exfiltrated from the browser...

6.5CVSS7.3AI score0.00641EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2023/01/23 10:3 a.m.4 views

Mozilla: Calls to <code>console.log</code> allowed bypasing Content Security Policy via format directive

The Mozilla Foundation Security Advisory describes this flaw as: Regular expressions used to filter out forbidden properties and values from style directives in calls to console.log weren't accounting for external URLs. Data could then be potentially exfiltrated from the browser...

6.5CVSS7.3AI score0.00641EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2023/01/23 9:30 a.m.6 views

Mozilla: Calls to <code>console.log</code> allowed bypasing Content Security Policy via format directive

The Mozilla Foundation Security Advisory describes this flaw as: Regular expressions used to filter out forbidden properties and values from style directives in calls to console.log weren't accounting for external URLs. Data could then be potentially exfiltrated from the browser...

6.5CVSS7.3AI score0.00641EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2023/01/23 9:26 a.m.3 views

Mozilla: Calls to <code>console.log</code> allowed bypasing Content Security Policy via format directive

The Mozilla Foundation Security Advisory describes this flaw as: Regular expressions used to filter out forbidden properties and values from style directives in calls to console.log weren't accounting for external URLs. Data could then be potentially exfiltrated from the browser...

6.5CVSS7.3AI score0.00641EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2023/01/23 9:23 a.m.4 views

Mozilla: Calls to <code>console.log</code> allowed bypasing Content Security Policy via format directive

The Mozilla Foundation Security Advisory describes this flaw as: Regular expressions used to filter out forbidden properties and values from style directives in calls to console.log weren't accounting for external URLs. Data could then be potentially exfiltrated from the browser...

6.5CVSS7.3AI score0.00641EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2023/01/23 9:22 a.m.5 views

Mozilla: Calls to <code>console.log</code> allowed bypasing Content Security Policy via format directive

The Mozilla Foundation Security Advisory describes this flaw as: Regular expressions used to filter out forbidden properties and values from style directives in calls to console.log weren't accounting for external URLs. Data could then be potentially exfiltrated from the browser...

6.5CVSS7.3AI score0.00641EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2023/01/23 9:21 a.m.5 views

Mozilla: Calls to <code>console.log</code> allowed bypasing Content Security Policy via format directive

The Mozilla Foundation Security Advisory describes this flaw as: Regular expressions used to filter out forbidden properties and values from style directives in calls to console.log weren't accounting for external URLs. Data could then be potentially exfiltrated from the browser...

6.5CVSS7.3AI score0.00641EPSS
Exploits0References6
OSV
OSV
added 2023/01/23 6:29 a.m.11 views

USN-5816-1 firefox vulnerabilities

Niklas Baumstark discovered that a compromised web child process of Firefox could disable web security opening restrictions, leading to a new child process being spawned within the file:// context. An attacker could potentially exploits this to obtain sensitive information. CVE-2023-23597 Tom...

8.8CVSS7.1AI score0.00702EPSS
Exploits0References10
OSV
OSV
added 2023/01/18 12:0 a.m.2 views

UBUNTU-CVE-2023-23603

Regular expressions used to filter out forbidden properties and values from style directives in calls to console.log weren't accounting for external URLs. Data could then be potentially exfiltrated from the browser. This vulnerability affects Firefox 109, Firefox ESR 102.7, and Thunderbird 102.7...

6.5CVSS7.3AI score0.00641EPSS
Exploits0References6
OSV
OSV
added 2022/03/17 12:0 a.m.5 views

GHSA-FH5V-5F35-2RV2 Insertion of Sensitive Information into Log File in ansible

A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucketpipelinevariable module. This flaw allows an attacker to steal bitbucketpipeline credentials. The highest threat from this vulnerabili...

5.5CVSS7AI score0.003EPSS
Exploits0References9
Debian CVE
Debian CVE
added 2022/03/16 2:12 p.m.42 views

CVE-2021-20180

A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucketpipelinevariable module. This flaw allows an attacker to steal bitbucketpipeline credentials. The highest threat from this vulnerabili...

5.5CVSS7AI score0.003EPSS
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/11/04 6:0 p.m.20 views

Hands-On IoT Hacking: Rapid7 at DefCon 29 IoT Village, Part 3

In our first post in this series, we covered the setup of Rapid7's hands-on exercise at Defcon 29's IoT Village. Last week, we discussed how to determine the UART status of the header we created and how to actually start hacking on the IoT device. The goal in this next phase of the IoT hacking...

6.9AI score
Exploits0
Github Security Blog
Github Security Blog
added 2021/06/01 9:53 p.m.65 views

Insertion of Sensitive Information into Log File in ansible

A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucketpipelinevariable module. This flaw allows an attacker to steal bitbucketpipeline credentials. The highest threat from this vulnerabili...

5.5CVSS2.2AI score0.00337EPSS
Exploits0References14Affected Software1
OSV
OSV
added 2021/06/01 9:38 p.m.29 views

GHSA-8F4M-HCCC-8QPH Insertion of Sensitive Information into Log File in ansible

A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by nolog feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to dat...

5.5CVSS6AI score0.00347EPSS
Exploits0References11
OSV
OSV
added 2021/05/26 9:15 p.m.28 views

CVE-2021-20191

A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by nolog feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to dat...

5.5CVSS5.2AI score
Exploits0References2
Rows per page
Query Builder