33 matches found
UBUNTU-CVE-2020-16027
Insufficient policy enforcement in developer tools in Google Chrome prior to 87.0.4280.66 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from the user's disk via a crafted Chrome Extension...
UBUNTU-CVE-2020-15977
Insufficient data validation in dialogs in Google Chrome on OS X prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from disk via a crafted HTML page...
chromium-browser: Insufficient data validation in dialogs
Insufficient data validation in dialogs in Google Chrome on OS X prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from disk via a crafted HTML page...
chromium-browser: Insufficient policy enforcement in intent handling
Insufficient policy enforcement in intent handling in Google Chrome on Android prior to 85.0.4183.83 allowed a remote attacker to obtain potentially sensitive information from disk via a crafted HTML page...
chromium-browser: Inappropriate implementation in developer tools
Inappropriate implementation in developer tools in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had convinced the user to take certain actions in developer tools to obtain potentially sensitive information from disk via a crafted HTML page...
DEBIAN-CVE-2020-6489
Inappropriate implementation in developer tools in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had convinced the user to take certain actions in developer tools to obtain potentially sensitive information from disk via a crafted HTML page...
UBUNTU-CVE-2020-6489
Inappropriate implementation in developer tools in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had convinced the user to take certain actions in developer tools to obtain potentially sensitive information from disk via a crafted HTML page...
PYSEC-2019-44
Prior to Spark 2.3.3, in certain situations Spark would write user data to local disk unencrypted, even if spark.io.encryption.enabled=true. This includes cached blocks that are fetched to disk controlled by spark.maxRemoteBlockSizeFetchToMem; in SparkR, using parallelize; in Pyspark, using...
Red Hat oVirt Information Disclosure Vulnerability
Red Hat oVirt is the United States Red Hat Red Hat company's set of open source virtualization management platform , is the RHEV enterprise virtualization platform of the open source version of the oVirt-node client and overt-engine management end consists of . A security vulnerability exists in...
CVE-2017-10900
PTW-WMS1 firmware version 2.000.012 allows remote attackers to bypass access restrictions to obtain or delete data on the disk via unspecified vectors...
Fedora 23 : xfsprogs-3.2.4-1.fc23 (2015-12380)
Gabriel Vlasiu reported that xfsmetadump, part of the xfsprogs suite of tools for the XFS filesystem, did not properly obfuscate data. xfsmetadump properly obfuscates active metadata, but the rest of the space within that fs block comes through in the clear. This could lead to exposure of stale...
Scientific Linux Security Update : postgresql84 on SL5.x i386/x86_64
A flaw was found in the way PostgreSQL enforced permission checks on scripts written in PL/Perl. If the PL/Perl procedural language was registered on a particular database, an authenticated database user running a specially crafted PL/Perl script could use this flaw to bypass intended PL/Perl...
Microsoft SQL Server磁盘数据结构整数溢出漏洞(MS08-040)
BUGTRAQ ID: 30119 CVECAN ID: CVE-2008-0107 Microsoft SQL Server是一款流行的SQL数据库系统。 SQL Server负责解析存储备份数据的代码存在漏洞,该段代码从文件获得了代表记录大小的32位整数值用于计算所要读取到堆缓冲区的字节数。这个计算可能下溢,导致分配不充分的内存,之后的操作会触发溢出。 如果要利用这个漏洞,攻击者必须能够诱骗服务器加载特制的备份文件,可通过提交到远程文件的路径或使用SMB/WebDAV来实现。 Microsoft SQL Server 7.0 SP4 Microsoft SQL Server 2005...