Mozilla: Bypassing FeaturePolicy restrictions on transient pages

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that certain pages did not have their FeaturePolicy fully initialized during iframe navigation, leading to a bypass that leaked device permissions into untrusted subdocuments...

Security Bulletin: IBM Business Process Manager (BPM) Vulnerable URLs (CVE-2013-0581)

Abstract When a dashboard is opened or a service is executed, a malicious attacker can intercept network requests from the client. Then, the attacker can modify the URL parameters of the request so that malicious code can be executed within the client browser. Content VULNERABILITY DETAILS:...

CVE-2022-3199

CVE-2022-3199 concerns a Use-after-Free in Chrome/Chromium frames. The issue arises in Chrome prior to 105.0.5195.125, enabling a remote attacker to potentially trigger heap corruption via a crafted HTML page (high impact). Affected software is Chromium/Chrome's rendering frames subsystem; root c...

CVE-2022-3199

Use after free in Frames in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

CVE-2022-32891

A vulnerability was found in webkitgtk, where an issue was addressed with improved UI handling. Visiting a website that frames malicious content may lead to UI spoofing...

Google Chrome Resource Management Error Vulnerability (CNVD-2022-81243)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a Resource Management Error vulnerability that originates from a confusion in the instructions of the program responsible for freeing memory in Frames. An attacker could exploit this vulnerability to cause...

Security update for chromium (important)

openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2022:10123-1 Rating: important References: 1203419 Cross-References: CVE-2022-3195 CVE-2022-3196 CVE-2022-3197 CVE-2022-3198 CVE-2022-3199 CVE-2022-3200 CVE-2022-3201 Affected Products: openSUSE Backports SLE-15-S...

CVE-2022-25690

Information disclosure in WLAN due to improper validation of array index while parsing crafted ANQP action frames in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile,...

CVE-2022-25690

Information disclosure in WLAN due to improper validation of array index while parsing crafted ANQP action frames in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile,...

CVE-2022-25670

Denial of service in WLAN HOST due to buffer over read while unpacking frames in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon...

Information disclosure

Information disclosure in WLAN due to improper validation of array index while parsing crafted ANQP action frames in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile,...

Microsoft Edge (Chromium) < 105.0.1343.42 Multiple Vulnerabilities

The version of Microsoft Edge installed on the remote Windows host is prior to 105.0.1343.42. It is, therefore, affected by multiple vulnerabilities as referenced in the September 15, 2022 advisory. - Out of bounds write in Storage. CVE-2022-3195 - Use after free in PDF. CVE-2022-3196,...

Chromium: CVE-2022-3199 Use after free in Frames

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

KLA19254 Multiple vulnerabilities in Microsoft Browser

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: 1. Use after free vulnerability in PDF can be exploited to cause denial of service or execut...

FreeBSD : chromium -- multiple vulnerabilities (b59847e0-346d-11ed-8fe9-3065ec8fd3ec)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the b59847e0-346d-11ed-8fe9-3065ec8fd3ec advisory. - Out of bounds write in Storage. CVE-2022-3195 - Use after free in PDF. CVE-2022-3196,...

chromium -- multiple vulnerabilities

Chrome Releases reports: This release includes 11 security fixes, including: 1358381 High CVE-2022-3195: Out of bounds write in Storage. Reported by Ziling Chen and Nan Wang @eternalsakura13 of 360 Vulnerability Research Institute on 2022-08-31 1358090 High CVE-2022-3196: Use after free in PDF...

KLA19253 Multiple vulnerabilities in Google Chrome

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, bypass security restrictions. Below is a complete list of vulnerabilities: 1. Use after free vulnerability in PDF can be exploited to cause...

Rdiffweb 安全漏洞

Rdiffweb is a web application by Patrik Dufresne, an individual developer in the USA. Provides quick access to your archives through an efficient web interface. A security vulnerability exists in Rdiffweb versions prior to 2.4.1, which stems from improper restriction of rendered UI layers or fram...

OESA-2022-1874 gdk-pixbuf2 security update

gdk is written in C but has been designed from the ground up to support a wide range of languages. It provide a complete set of widgets,and suitable for projects ranging from small one-off tools to complete application suites. Security Fixes: GNOME GdkPixbuf aka GDK-PixBuf before 2.42.8 allows a...

CVE-2022-2965

CVE-2022-2965 affects notrinos/notrinoserp (a PHP/MySQL web ERP) prior to version 0.7. The root cause is improper restriction of rendered UI layers/frames (missing X-Frame-Options), enabling clickjacking that could lead to actions such as deleting a user account from the admin context. Public sou...