EUVD-2014-8469

Malware in sbrugna...

SUSE CVE-2015-2731

Use-after-free vulnerability in the CSPService::ShouldLoad function in the microtask implementation in Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 allows remote attackers to execute arbitrary code by leveraging client-side JavaScript that triggers remova...

SUSE CVE-2020-3864

A logic issue was addressed with improved validation. This issue is fixed in iCloud for Windows 7.17, iTunes 12.10.4 for Windows, iCloud for Windows 10.9.2, tvOS 13.3.1, Safari 13.0.5, iOS 13.3.1 and iPadOS 13.3.1. A DOM object context may not have had a unique security origin...

Code injection

The Auto-hyperlink URLs WordPress plugin through 5.4.1 does not set rel="noopener noreferer" on generated links, which can lead to Tab Nabbing by giving the target site access to the source tab through the window.opener DOM object...

CVE-2022-2600

The CVE-2022-2600 entry concerns the WordPress plugin Auto-hyperlink URLs (versions through 5.4.1). The underlying issue is that generated links do not include rel="noopener noreferer", enabling Tab Nabbing and potentially exposing the source tab via window.opener. The vulnerability impact, as do...

CentOS 7 : webkitgtk4 (RHSA-2020:4035)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4035 advisory. - WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video HLS, DASH,...

Oracle Linux 8 : GNOME (ELSA-2020-4451)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-4451 advisory. - Backport fix for CVE-2020-15503 from Fedora Resolves: 1853529 libsoup Tenable has extracted the preceding description block directly from the Oracle...

webkitgtk: Non-unique security origin for DOM object contexts

A logic issue was addressed with improved validation. This issue is fixed in iCloud for Windows 7.17, iTunes 12.10.4 for Windows, iCloud for Windows 10.9.2, tvOS 13.3.1, Safari 13.0.5, iOS 13.3.1 and iPadOS 13.3.1. A DOM object context may not have had a unique security origin...

CVE-2020-3864

A logic issue was addressed with improved validation. This issue is fixed in iCloud for Windows 7.17, iTunes 12.10.4 for Windows, iCloud for Windows 10.9.2, tvOS 13.3.1, Safari 13.0.5, iOS 13.3.1 and iPadOS 13.3.1. A DOM object context may not have had a unique security origin...

DEBIAN-CVE-2020-3864

A logic issue was addressed with improved validation. This issue is fixed in iCloud for Windows 7.17, iTunes 12.10.4 for Windows, iCloud for Windows 10.9.2, tvOS 13.3.1, Safari 13.0.5, iOS 13.3.1 and iPadOS 13.3.1. A DOM object context may not have had a unique security origin...

Design/Logic Flaw

A logic issue was addressed with improved validation. This issue is fixed in iCloud for Windows 7.17, iTunes 12.10.4 for Windows, iCloud for Windows 10.9.2, tvOS 13.3.1, Safari 13.0.5, iOS 13.3.1 and iPadOS 13.3.1. A DOM object context may not have had a unique security origin...

CVE-2020-3864

A logic issue was addressed with improved validation. This issue is fixed in iCloud for Windows 7.17, iTunes 12.10.4 for Windows, iCloud for Windows 10.9.2, tvOS 13.3.1, Safari 13.0.5, iOS 13.3.1 and iPadOS 13.3.1. A DOM object context may not have had a unique security origin...

CVE-2020-3864

CVE-2020-3864 is a logic issue where a DOM object context may not have had a unique security origin. It is fixed in Apple/software updates across multiple platforms: iCloud for Windows 7.17, iTunes for Windows 12.10.4, iCloud for Windows 10.9.2, tvOS 13.3.1, Safari 13.0.5, iOS 13.3.1 and iPadOS 1...

SUSE-SU-2020:1135-1 Security update for webkit2gtk3

This update for webkit2gtk3 to version 2.28.1 fixes the following issues: Security issues fixed: - CVE-2020-10018: Fixed a denial of service because the mdeferredFocusedNodeChange data structure was mishandled bsc1165528. - CVE-2020-11793: Fixed a potential arbitrary code execution caused by a...

Debian DSA-4627-1 : webkit2gtk - security update

The following vulnerabilities have been discovered in the webkit2gtk web engine : - CVE-2020-3862 Srikanth Gatta discovered that a malicious website may be able to cause a denial of service. - CVE-2020-3864 Ryan Pickren discovered that a DOM object context may not have had a unique security origi...

CVE-2020-3864

A logic issue was addressed with improved validation. This issue is fixed in iCloud for Windows 7.17, iTunes 12.10.4 for Windows, iCloud for Windows 10.9.2, tvOS 13.3.1, Safari 13.0.5, iOS 13.3.1 and iPadOS 13.3.1. A DOM object context may not have had a unique security origin...

UBUNTU-CVE-2020-3864

A logic issue was addressed with improved validation. This issue is fixed in iCloud for Windows 7.17, iTunes 12.10.4 for Windows, iCloud for Windows 10.9.2, tvOS 13.3.1, Safari 13.0.5, iOS 13.3.1 and iPadOS 13.3.1. A DOM object context may not have had a unique security origin...

About the security content of Safari 13.0.5

About the security content of Safari 13.0.5 This document describes the security content of Safari 13.0.5. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are...

KLA11650 Multiple vulnerabilities in Apple iCloud

Multiple vulnerabilities were found in Apple iCloud. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, perform cross-site scripting attack, bypass security restrictions. Below is a complete list of vulnerabilities: 1. Multiple memory corruption...

Cross-site Scripting (XSS)

simditor is vulnerable to cross-site scripting XSS. The attack can be triggered because it does not sanitize the DOM object properly, allowing an attacker to inject arbitrary Javascript within a malicious SVG element into a victim's browser via the onload parameter...