281 matches found
FreeBSD : chromium -- multiple vulnerabilities (3551e106-1b17-11ec-a8a7-704d7b472482)
Chrome Releases reports : This update contains 19 security fixes, including : - 1243117 High CVE-2021-37956: Use after free in Offline use. Reported by Huyna at Viettel Cyber Security on 2021-08-24 - 1242269 High CVE-2021-37957: Use after free in WebGPU. Reported by Looben Yang on 2021-08-23 -...
Stylish Price List < 6.9.0 - Unauthenticated Arbitrary Image Upload
The plugin does not perform capability checks in its spluploadserimg AJAX action available to both unauthenticated and authenticated users, which could allow unauthenticated users to upload images. v6.9.0 removed the unauthenticated hook, however, no capability and CSRF checks were implemented,...
Chromium: CVE-2021-37968 Inappropriate implementation in Background Fetch API
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Chromium: CVE-2021-37967 Inappropriate implementation in Background Fetch API
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Chromium: CVE-2021-37965 Inappropriate implementation in Background Fetch API
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
KLA12299 Multiple vulnerabilities in Microsoft Browser
Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, obtain sensitive information, spoof user interface. Below is a complete list of vulnerabilities: 1. A use after free vulnerability in Tab...
Google Chrome Background Fetch API security bypass vulnerability
Google Chrome is a web browser from Google, Inc. A security bypass vulnerability exists in the Google Chrome Background Fetch API. An attacker could exploit this vulnerability to bypass security restrictions...
Google Chrome Background Fetch API security bypass vulnerability (CNVD-2021-73419)
Google Chrome is a web browser from Google, Inc. A security bypass vulnerability exists in the Google Chrome Background Fetch API. An attacker could exploit this vulnerability to bypass security restrictions...
Google Chrome 安全漏洞
Google Chrome is a web browser from Google, Inc. A security bypass vulnerability exists in the Google Chrome Background Fetch API. An attacker could exploit this vulnerability to bypass security restrictions...
Google Chrome 访问控制错误漏洞
Google Chrome is a web browser from Google, Inc. A security bypass vulnerability exists in the Google Chrome Background Fetch API. An attacker could exploit this vulnerability to bypass security restrictions...
SUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2019:14124-1)
The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2019:14124-1 advisory. - A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable...
Information Disclosure
webkitgtk4 is vulnerable to information disclosure. The vulnerability exists through a cross-origin issue with the fetch API...
U.S. Dept Of Defense: SSRF in login page using fetch API exposes victims IP address to attacker controled server
Note: This is similar to my last report 991163. Summary: Server Side Request Forgery Exposes Victims Ip Address to External Server and which made attacker possible to determine physical location of Victim with IP Tracing. Description: Server Side Request Forgery is the critical vulnerability...
Information Disclosure
chromium-browser is vulnerable to information disclosure. The vulnerability exists in the fetch API of the WebKit component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site...
CVE-2019-9819
A vulnerability where a JavaScript compartment mismatch can occur while working with the fetch API, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird 60.7, Firefox 67, and Firefox ESR 60.7...
Keybase: SOP bypass using browser cache
Summary An attacker has the ability to extract sensitive information from user's accounts, due to a CORS issue. On a minor note, this also is a cross-site leak as we can fingerprint what exact keybase user has accessed the attacker's website. Information disclosed:...
CVE-2019-8515
A cross-origin issue existed with the fetch API. This was addressed with improved input validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may disclose sensitive user information...
CVE-2019-8515
A cross-origin issue existed with the fetch API. This was addressed with improved input validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may disclose sensitive user information...
UBUNTU-CVE-2019-8515
A cross-origin issue existed with the fetch API. This was addressed with improved input validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may disclose sensitive user information...
CVE-2019-8515
A cross-origin issue existed with the fetch API. This was addressed with improved input validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may disclose sensitive user information...