Lucene search
K

6 matches found

Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2020-29481

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Xen through 4.14.x. Access rights of Xenstore nodes are per domid. Unfortunately, existing granted access rights are not removed when...

8.8CVSS7.8AI score0.00347EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/08/22 12:0 a.m.4 views

Shopizer 安全漏洞

Shopizer is a Java-based open source e-commerce solution from the Shopizer team. A security vulnerability exists in Shopizer version 3.2.7, which stems from a CORS implementation that does not validate the Origin header, which could result in a cross-domain read of a sensitive response...

8.1CVSS6.6AI score0.00202EPSS
Exploits1References3
CNVD
CNVD
added 2020/09/22 12:0 a.m.2 views

Gradle Enterprise Export API Authentication Vulnerability

Gradle is a set of JVM-based project build tools , it supports maven, Ivy repository and so on. A security vulnerability exists in Gradle Enterprise prior to version 2020.2.4. The vulnerability stemmed from an unrestricted cross-domain request for read-only data in the Export API. An attacker...

6.5CVSS6.7AI score0.00422EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2017/03/08 3:53 p.m.5 views

Mozilla: Pixel and history stealing via floating-point timing side channel with SVG filters (MFSA 2017-06)

Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user. This can be used to extract history information and read text values across domains. This violates same-origin policy and leads to information...

6.5CVSS7.2AI score0.02806EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2013/06/25 8:10 p.m.7 views

Mozilla: SVG filters can lead to information disclosure (MFSA 2013-55)

The SVG filter implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to read pixel values, and possibly bypass the Same Origin Policy and read text from a different domain, by...

4.3CVSS7.4AI score0.03745EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2008/12/17 1:20 a.m.5 views

Firefox 2 Information stealing via loadBindingDocument

The loadBindingDocument function in Mozilla Firefox 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 does not perform any security checks related to the same-domain policy, which allows remote attackers to read or access data from other domains via crafted XBL...

2.6CVSS7.4AI score0.01521EPSS
Exploits0References4
Rows per page
Query Builder