Lucene search
+L

13 matches found

Tenable Nessus
Tenable Nessus
added 2025/08/07 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2019-17000

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An object tag with a data URI did not correctly inherit the document's Content Security Policy. This allowed a CSP bypass in a cross-origin frame if the...

6.1CVSS7.6AI score0.00809EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/06/22 2:52 a.m.4 views

SUSE CVE-2019-25136

A compromised child process could have injected XBL Bindings into privileged CSS rules, resulting in arbitrary code execution and a sandbox escape. This vulnerability affects Firefox 70...

10CVSS8.2AI score0.00664EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:7 a.m.6 views

SUSE CVE-2019-17001

A Content-Security-Policy that blocks in-line scripts could be bypassed using an object tag to execute JavaScript in the protected document cross-site scripting. This is a separate bypass from CVE-2019-17000.Note: This flaw only affected Firefox 69 and was not present in earlier versions.. This...

6.1CVSS8.5AI score0.00802EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:7 a.m.5 views

SUSE CVE-2019-17002

If upgrade-insecure-requests was specified in the Content Security Policy, and a link was dragged and dropped from that page, the link was not upgraded to https. This vulnerability affects Firefox 70...

4.3CVSS8.4AI score0.00734EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:59 a.m.5 views

SUSE CVE-2020-12390

Incorrect origin serialization of URLs with IPv6 addresses could lead to incorrect security checks. This vulnerability affects Firefox 76...

9.8CVSS8.4AI score0.01582EPSS
Exploits0References4
OSV
OSV
added 2020/07/09 3:15 p.m.4 views

UBUNTU-CVE-2020-12412

By navigating a tab using the history API, an attacker could cause the address bar to display the incorrect domain with the https:// scheme, a blocked port number such as '1', and without a lock icon while controlling the page contents. This vulnerability affects Firefox 70...

4.3CVSS5.8AI score0.00778EPSS
Exploits0References4
OSV
OSV
added 2020/06/19 12:0 a.m.5 views

UBUNTU-CVE-2020-12402

During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly input-dependent flow. This allowed an attacker able to perform electromagnetic-based side channel attacks to record traces leading to the recovery of the secr...

4.4CVSS7.3AI score0.00337EPSS
Exploits0References5
OSV
OSV
added 2020/01/08 10:15 p.m.4 views

CVE-2019-17018

When in Private Browsing Mode on Windows 10, the Windows keyboard may retain word suggestions to improve the accuracy of the keyboard. This vulnerability affects Firefox 72...

5.3CVSS6.8AI score0.00872EPSS
Exploits0References2
OSV
OSV
added 2020/01/08 10:15 p.m.4 views

ALPINE-CVE-2019-17023

After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. This vulnerability affects Firefox 72...

6.5CVSS8.3AI score0.0134EPSS
Exploits0References1
OSV
OSV
added 2020/01/08 10:15 p.m.2 views

CVE-2019-17002

If upgrade-insecure-requests was specified in the Content Security Policy, and a link was dragged and dropped from that page, the link was not upgraded to https. This vulnerability affects Firefox 70...

4.3CVSS6.9AI score
Exploits0References2
OSV
OSV
added 2019/10/23 12:0 a.m.5 views

UBUNTU-CVE-2019-11765

A compromised content process could send a message to the parent process that would cause the 'Click to Play' permission prompt to be shown. However, due to lack of validation from the parent process, if the user accepted the permission request an attacker-controlled permission would be granted...

6.5CVSS6.8AI score0.00844EPSS
Exploits0References4
OSV
OSV
added 2019/10/23 12:0 a.m.4 views

UBUNTU-CVE-2019-17002

If upgrade-insecure-requests was specified in the Content Security Policy, and a link was dragged and dropped from that page, the link was not upgraded to https. This vulnerability affects Firefox 70...

4.3CVSS6.1AI score0.00734EPSS
Exploits1References4
OSV
OSV
added 2019/10/23 12:0 a.m.3 views

UBUNTU-CVE-2019-17000

An object tag with a data URI did not correctly inherit the document's Content Security Policy. This allowed a CSP bypass in a cross-origin frame if the document's policy explicitly allowed data: URIs. This vulnerability affects Firefox 70...

6.1CVSS6.7AI score0.00809EPSS
Exploits0References4
Rows per page
Query Builder