UBUNTU-CVE-2018-6091

Service Workers can intercept any request made by an or tag in Fetch API in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

CVE-2018-6091

Service Workers can intercept any request made by an or tag in Fetch API in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

CVE-2018-6091

CVE-2018-6091 corresponds to a Chrome/Chromium vulnerability where Service Workers incorrectly handle plugins. The connected documentation links this CVE to the Chrome/Chromium 66.0.3359.117 line, with advisories noting affected releases and urging upgrades. Affected product: Google Chrome (Chrom...

CVE-2018-6091

Removed by vendor...

kafka: Users can perform Broker actions via crafted fetch requests, interfering with data replication and causing data lass

In Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.0 to 0.11.0.2, and 1.0.0, authenticated Kafka users may perform action reserved for the Broker via a manually created fetch request interfering with data replication, resulting in data loss...

zziplib: Bus error in zip.c:__zzip_parse_root_directory() cause crash via crafted zip file

An improper input validation was found in function zzipfetchdisktrailer of ZZIPlib, up to 0.13.68, that could lead to a crash in zzipparserootdirectory function of zzip/zip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file...

Security update for pam_pkcs11 (moderate)

This update for pampkcs11 fixes the following security issues: - It was possible to replay an authentication by using a specially prepared smartcard or token bsc1105012 - Prevent buffer overflow if a user has a home directory with a length of more than 512 bytes bsc1105012 - Memory not cleaned...

The vulnerability of the Fetch API interface of Microsoft Edge browser allows a perpetrator to disclose protected information.

The vulnerability of the Fetch API interface of Microsoft Edge is related to errors in processing filtered responses. Exploiting this vulnerability can allow a malicious actor to disclose protected information remotely...

CVE-2018-11278

In all android releases Android for MSM, Firefox OS for MSM, QRD Android from CAF using the linux kernel, Venus HW searches for start code when decoding input bit stream buffers. If start code is not found in entire buffer, there is over-fetch beyond allocation length. This leads to page fault...

cyclejs-group (>=0.3.0 <=1.0.0), fetch-rancher-metadata (>=1.0.9 <=1.0.10) +1 more potentially affected by CVE-2018-3753 via merge-object (=1.0.0)

merge-object NPM version =1.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on merge-object and may be impacted: - cyclejs-group =0.3.0, =1.0.9, =1.0.0, =1.0.4 Source cves: CVE-2018-3753 Source advisory: OSV:GHSA-FP82-2H99-3FPP...

Information disclosure

An information disclosure vulnerability exists when the Microsoft Edge Fetch API incorrectly handles a filtered response type, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge...

CVE-2018-8366

CVE-2018-8366 is an information disclosure vulnerability in Microsoft Edge tied to the Fetch API mis-handling a filtered response type. Root cause: Edge Fetch API incorrectly handles certain filtered response types, enabling an attacker to read the URL of a cross-origin request. Affected product/...

Microsoft Edge Information Disclosure Vulnerability (CNVD-2018-21205)

Edge is the default browser that comes with Microsoft's operating systems. Microsoft Edge suffers from an information disclosure vulnerability that stems from the Edge Fetch API failing to have proper handling of filtered response types. An attacker could exploit the vulnerability to read the URL...

Microsoft Edge Information Disclosure Vulnerability

An information disclosure vulnerability exists when the Microsoft Edge Fetch API incorrectly handles a filtered response type. An attacker could use the vulnerability to read the URL of a cross-origin request. Websites that that do not securely populate the URL with confidential information could...

CVE-2018-16307

An "Out-of-band resource load" issue was discovered on Xiaomi MIWiFi Xiaomi55DD Version 2.8.50 devices. It is possible to induce the application to retrieve the contents of an arbitrary external URL and return those contents in its own response. If a domain name containing a random string is used...

Xiaomi MIWiFi Xiaomi_55DD Resource Loading Vulnerability

Xiaomi MIWiFi Xiaomi55DD is a wireless router from the Chinese company Xiaomi. A security vulnerability exists in Xiaomi MIWiFi Xiaomi55DD version 2.8.50. An attacker can exploit this vulnerability to cause the application to retrieve the contents of arbitrary external URLs and return those...

Code injection

XRef::fetch in XRef.cc in Xpdf 4.00 allows remote attackers to cause a denial of service stack consumption via a crafted pdf file, related to AcroForm::scanField, as demonstrated by pdftohtml. NOTE: this might overlap CVE-2018-7453...

CVE-2018-16369

XRef::fetch in XRef.cc in Xpdf 4.00 allows remote attackers to cause a denial of service stack consumption via a crafted pdf file, related to AcroForm::scanField, as demonstrated by pdftohtml. NOTE: this might overlap CVE-2018-7453...

DEBIAN-CVE-2018-16369

XRef::fetch in XRef.cc in Xpdf 4.00 allows remote attackers to cause a denial of service stack consumption via a crafted pdf file, related to AcroForm::scanField, as demonstrated by pdftohtml. NOTE: this might overlap CVE-2018-7453...

Xpdf Denial of Service Vulnerability (CNVD-2019-17490)

Xpdf is a free PDF viewer and toolkit that includes a text extractor, image converter, HTML converter and more. A denial of service vulnerability exists in XRef::fetch in Xpdf 4.00 in XRef.cc. A remote attacker can exploit this vulnerability to cause a denial of service stack consumption via a...