25 matches found
CVE-2024-4059
Out of bounds read in V8 API in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to leak cross-site data via a crafted HTML page. Chromium security severity: High...
CVE-2010-1852
Microsoft Internet Explorer, when the Invisible Hand extension is enabled, uses cookies during background HTTP requests in a possibly unexpected manner, which might allow remote web servers to identify specific persons and their product searches via HTTP request logging, related to a "cross-site...
CVE-2024-4059
Out of bounds read in V8 API in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to leak cross-site data via a crafted HTML page. Chromium security severity: High...
CVE-2024-4059
Out of bounds read in V8 API in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to leak cross-site data via a crafted HTML page. Chromium security severity: High...
CVE-2024-4059
Out of bounds read in V8 API in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to leak cross-site data via a crafted HTML page. Chromium security severity: High...
CVE-2024-4059
Out of bounds read in V8 API in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to leak cross-site data via a crafted HTML page. Chromium security severity: High...
CVE-2024-4059
Out of bounds read in V8 API in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to leak cross-site data via a crafted HTML page. Chromium security severity: High...
CVE-2024-4059
CVE-2024-4059 describes an out-of-bounds read in the V8 API used by Google Chrome/Chromium prior to 124.0.6367.78. The vulnerability enables a remote attacker to leak cross-site data via a crafted HTML page. Affected component is the Chromium-derived web browser stack (V8 API). The documented imp...
Out Of Bounds Read
Chrome is vulnerable to Out Of Bounds Read. The vulnerability due to improper handling of out-of-bounds reads, allows a remote attacker to leak cross-site data via a crafted HTML page...
Debian dsa-5675 : chromium - security update
The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5675 advisory. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5675-1...
SUSE CVE-2008-1318
Unspecified vulnerability in MediaWiki 1.11 before 1.11.2 allows remote attackers to obtain sensitive "cross-site" information via the callback parameter in an API call for JavaScript Object Notation JSON formatted results...
Chrome for Android Enables Site Isolation Security Feature for All Sites with Login
After enabling 'Site Isolation' security feature in Chrome for desktops last year, Google has now finally introduced 'the extra line of defence' for Android smartphone users surfing the Internet over the Chrome web browser. In brief, Site Isolation is a security feature that adds an additional...
Apple iOS WebKit Information Disclosure Vulnerability (CNVD-2016-03339)
Apple iOS is the United States Apple Apple company for mobile devices developed by a set of operating systems. WebKit is KDE, Apple Apple, Google Google and other companies jointly developed a set of open source Web browser engine, currently used by Apple Safari and Google Chrome and other...
Apple iOS Webkit 'canvas' element image processing information disclosure vulnerability
Apple iOS is the latest operating system that runs on Apple's iPhone and iPod touch devices. A security vulnerability in Apple iOS Webkit's handling of 'canvas' element images allows attackers to construct malicious WEB pages that can be parsed by tricking users into parsing them, which can acces...
Flash content-type sniffing allows Cross Site Data Hijacking
As documented at http://blog.detectify.com/post/86298380233/the-pitfalls-of-allowing-file-uploads-on-your-website it is possible to upload a flash file to confluence with a different content-type than for flash and when embedded on an attacker's domain will be able to make requests to the...
Flash content-type sniffing allows Cross Site Data Hijacking
As documented at http://blog.detectify.com/post/86298380233/the-pitfalls-of-allowing-file-uploads-on-your-website it is possible to upload a flash file to confluence with a different content-type than for flash and when embedded on an attacker's domain will be able to make requests to the...
Google Chrome Cross Site Data Leakage Vulnerability (Windows)
This host is installed with Google Chrome Web Browser and is prone to cross site data leakage vulnerability. OpenVAS Vulnerability Test $Id: gbgooglechromecrosssitedataleakagevuln.nasl 5306 2017-02-16 09:00:16Z teissa $ Google Chrome Cross Site Data Leakage Vulnerability Windows Authors: Antu...
Microsoft Internet Explorer Cross Site Data Leakage Vulnerability
This host is installed with Microsoft Internet Explorer web browser and is prone to cross site data leakage vulnerability. OpenVAS Vulnerability Test $Id: gbmsiecrosssitedataleakagevuln.nasl 5323 2017-02-17 08:49:23Z teissa $ Microsoft Internet Explorer Cross Site Data Leakage Vulnerability...
Google Chrome Cross Site Data Leakage Vulnerability - Windows
Google Chrome Web Browser is prone to cross site data leakage vulnerability. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2010-1851
Google Chrome, when the Invisible Hand extension is enabled, uses cookies during background HTTP requests in a possibly unexpected manner, which might allow remote web servers to identify specific persons and their product searches via HTTP request logging, related to a "cross-site data leakage"...