Lucene search
K

4 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 5:14 a.m.2 views

SUSE CVE-2015-6785

The CSPSource::hostMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy CSP implementation in Google Chrome before 47.0.2526.73 accepts an x.y hostname as a match for a .x.y pattern, which might allow remote attackers to bypass intended access restrictions...

4.3CVSS9AI score0.01721EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2015/12/10 12:0 a.m.51 views

Mageia: Security Advisory (MGASA-2015-0467)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS9.6AI score0.08115EPSS
Exploits6References4
CVE
CVE
added 2015/12/06 1:0 a.m.83 views

CVE-2015-6785

CVE-2015-6785 is a Google Chrome/Chromium CSP issue affecting CSPSource::hostMatches; it allows a wildcard "*.x.y" to match "x.y" hostnames, bypassing subdomain-specific CSP rules. The vulnerability stems from wildcard matching in WebKit’s CSP implementation and could enable unintended access res...

4.3CVSS8.9AI score0.01721EPSS
Exploits0References10Affected Software1
Tenable Nessus
Tenable Nessus
added 2015/12/04 12:0 a.m.43 views

RHEL 6 : chromium-browser (RHSA-2015:2545)

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2015:2545 advisory. Chromium is an open-source web browser, powered by WebKit Blink. Several flaws were found in the processing of malformed web content. A web...

10CVSS8AI score0.08115EPSS
Exploits6References53
Rows per page
Query Builder