17 matches found
[SECURITY] Fedora 44 Update: kf6-krunner-6.25.0-1.fc44
KRunner provides a parallelized query system extendable via plugins...
Linux Distros Unpatched Vulnerability : CVE-2020-11020
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Faye NPM, RubyGem versions greater than 0.5.0 and before 1.0.4, 1.1.3 and 1.2.5, has the potential for authentication bypass in the extension system. The...
SUSE CVE-2012-2877
The extension system in Google Chrome before 22.0.1229.79 does not properly handle modal dialogs, which allows remote attackers to cause a denial of service application crash via unspecified vectors...
CVE-2020-11020
Faye NPM, RubyGem versions greater than 0.5.0 and before 1.0.4, 1.1.3 and 1.2.5, has the potential for authentication bypass in the extension system. The vulnerability allows any client to bypass checks put in place by server-side extensions, by appending extra segments to the message channel. It...
CVE-2020-11020
Faye NPM, RubyGem versions greater than 0.5.0 and before 1.0.4, 1.1.3 and 1.2.5, has the potential for authentication bypass in the extension system. The vulnerability allows any client to bypass checks put in place by server-side extensions, by appending extra segments to the message channel. It...
Authentication flaw
Faye NPM, RubyGem versions greater than 0.5.0 and before 1.0.4, 1.1.3 and 1.2.5, has the potential for authentication bypass in the extension system. The vulnerability allows any client to bypass checks put in place by server-side extensions, by appending extra segments to the message channel. It...
GHSA-QPG4-4W7W-2MQ5 Authentication and extension bypass in Faye
On 20 April 2020 it was reported to me that the potential for authentication bypass exists in Faye1's extension system. This vulnerability has existed in the Node.js and Ruby versions of the server since version 0.5.0, when extensions were first introduced, in July 2010. It is patched in versions...
CVE-2020-11020
Faye NPM, RubyGem versions greater than 0.5.0 and before 1.0.4, 1.1.3 and 1.2.5, has the potential for authentication bypass in the extension system. The vulnerability allows any client to bypass checks put in place by server-side extensions, by appending extra segments to the message channel. It...
CVE-2020-11020 Authentication and extension bypass in Faye
Faye NPM, RubyGem versions greater than 0.5.0 and before 1.0.4, 1.1.3 and 1.2.5, has the potential for authentication bypass in the extension system. The vulnerability allows any client to bypass checks put in place by server-side extensions, by appending extra segments to the message channel. It...
Authentication and extension bypass in Faye
On 20 April 2020 it was reported to me that the potential for authentication bypass exists in Faye1's extension system. This vulnerability has existed in the Node.js and Ruby versions of the server since version 0.5.0, when extensions were first introduced, in July 2010. It is patched in versions...
gnome-shell Arbitrary Code Execution Vulnerability
gnome-shell is a window manager for the GNOME desktop environment developed by the GNOME project. A security vulnerability exists in the js/ui/extensionSystem.js file in gnome-shell versions 3.22 through 3.24.1, due to the program failing to properly handle exceptions. An attacker can exploit the...
CVE-2016-5173
The extensions subsystem in Google Chrome before 53.0.2785.113 does not properly restrict access to Object.prototype, which allows remote attackers to load unintended resources, and consequently trigger unintended JavaScript function calls and bypass the Same Origin Policy via an indirect...
CVE-2012-2877
The extension system in Google Chrome before 22.0.1229.79 does not properly handle modal dialogs, which allows remote attackers to cause a denial of service application crash via unspecified vectors...
CVE-2012-2877
The extension system in Google Chrome before 22.0.1229.79 does not properly handle modal dialogs, which allows remote attackers to cause a denial of service application crash via unspecified vectors...
CVE-2012-2877
The extension system in Google Chrome before 22.0.1229.79 does not properly handle modal dialogs, which allows remote attackers to cause a denial of service application crash via unspecified vectors...
CVE-2012-2877
Removed by vendor...
CVE-2012-2877
CVE-2012-2877 affects Chromium-based browsers (Chrome/Chromium) with an extension-dialog handling issue that could crash the application. Related advisories show affected versions around Chromium 22.0.1229.x and indicate remediation by upgrading to at least 22.0.1229.94 (or newer 24.x releases in...