4150 matches found
Design/Logic Flaw
Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page...
CVE-2021-37968
Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page...
CVE-2021-37968
The CVE-2021-37968 entry describes an insecure implementation in the Background Fetch API in Google Chrome, leading to potential cross-origin data leakage via a crafted HTML page. Affected software: Google Chrome (Background Fetch API); root cause: improper handling in the API implementation; imp...
CVE-2021-37968
Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page...
CVE-2021-37967
CVE-2021-37967 describes an insecure implementation in the Background Fetch API in Google Chrome/Chromium, where a remote attacker who had already compromised the renderer process could leak cross-origin data via a crafted HTML page. The issue affects Chrome/Chromium prior to version 94.0.4606.54...
CVE-2021-37967
Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page...
CVE-2021-37967
Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page...
CVE-2021-37965
Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page...
CVE-2021-37965
Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page...
CVE-2021-37965
CVE-2021-37965 affects Google Chrome/Chromium’s Background Fetch API. The vulnerability stems from an inappropriate implementation, enabling a remote attacker to leak cross-origin data via a crafted HTML page. The NVD records a CVSS v3.1 base score of 4.3 (Medium) with network attack vector, no p...
Remote Code Execution (RCE)
chromium is vulnerable to remote code execution RCE. The vulnerability exists due to the inappropriate implementation in background fetch API...
Remote Code Execution (RCE)
chromium is vulnerable to remote code execution RCE. The vulnerability exists due to the inappropriate implementation in background fetch API...
Important: sssd
Issue Overview: A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access...
WhatsUpGold 21.0.3 Cross Site Scripting
Exploit Title: WhatsUpGold 21.0.3 - Stored Cross-Site Scripting XSS Date: 09.17.2021 Exploit Author: Andreas Finstad 4ndr34z Vendor Homepage: https://www.whatsupgold.com Version: v.21.0.3, Build 188 Tested on: Windows 2019 Server CVE : CVE-2021-41318 Reference:...
FreeBSD : chromium -- multiple vulnerabilities (3551e106-1b17-11ec-a8a7-704d7b472482)
Chrome Releases reports : This update contains 19 security fixes, including : - 1243117 High CVE-2021-37956: Use after free in Offline use. Reported by Huyna at Viettel Cyber Security on 2021-08-24 - 1242269 High CVE-2021-37957: Use after free in WebGPU. Reported by Looben Yang on 2021-08-23 -...
Stylish Price List < 6.9.0 - Unauthenticated Arbitrary Image Upload
The plugin does not perform capability checks in its spluploadserimg AJAX action available to both unauthenticated and authenticated users, which could allow unauthenticated users to upload images. v6.9.0 removed the unauthenticated hook, however, no capability and CSRF checks were implemented,...
CVE-2021-40099
An issue was discovered in Concrete CMS through 8.5.5. Fetching the update json scheme over HTTP leads to remote code execution...
Chromium: CVE-2021-37968 Inappropriate implementation in Background Fetch API
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Chromium: CVE-2021-37967 Inappropriate implementation in Background Fetch API
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Chromium: CVE-2021-37965 Inappropriate implementation in Background Fetch API
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...