17 matches found
EUVD-2018-2178
Malware in sbrugna...
EUVD-2018-11032
Malware in sbrugna...
CVE-2018-19335
Google Monorail before 2018-06-07 has a Cross-Site Search XS-Search vulnerability because CSV downloads are affected by CSRF, and calculations of download times for requests with a crafted groupby value can be used to obtain sensitive information about the content of bug reports...
CVE-2018-19334
Google Monorail before 2018-05-04 has a Cross-Site Search XS-Search vulnerability because CSV downloads are affected by CSRF, and calculations of download times for requests with an unsupported axis can be used to obtain sensitive information about the content of bug reports...
CVE-2018-10099
Google Monorail before 2018-04-04 has a Cross-Site Search XS-Search vulnerability because CSV downloads are affected by CSRF, and calculations of download times for requests with duplicated columns can be used to obtain sensitive information about the content of bug reports...
CVE-2018-10099
Google Monorail before 2018-04-04 has a Cross-Site Search XS-Search vulnerability because CSV downloads are affected by CSRF, and calculations of download times for requests with duplicated columns can be used to obtain sensitive information about the content of bug reports...
Cross site scripting
Google Monorail before 2018-05-04 has a Cross-Site Search XS-Search vulnerability because CSV downloads are affected by CSRF, and calculations of download times for requests with an unsupported axis can be used to obtain sensitive information about the content of bug reports...
Cross site scripting
Google Monorail before 2018-06-07 has a Cross-Site Search XS-Search vulnerability because CSV downloads are affected by CSRF, and calculations of download times for requests with a crafted groupby value can be used to obtain sensitive information about the content of bug reports...
Cross site scripting
Google Monorail before 2018-04-04 has a Cross-Site Search XS-Search vulnerability because CSV downloads are affected by CSRF, and calculations of download times for requests with duplicated columns can be used to obtain sensitive information about the content of bug reports...
CVE-2018-19334
Google Monorail before 2018-05-04 has a Cross-Site Search XS-Search vulnerability because CSV downloads are affected by CSRF, and calculations of download times for requests with an unsupported axis can be used to obtain sensitive information about the content of bug reports...
CVE-2018-19335
Google Monorail before 2018-06-07 has a Cross-Site Search XS-Search vulnerability because CSV downloads are affected by CSRF, and calculations of download times for requests with a crafted groupby value can be used to obtain sensitive information about the content of bug reports...
CVE-2018-10099
Google Monorail before 2018-04-04 has a Cross-Site Search XS-Search vulnerability because CSV downloads are affected by CSRF, and calculations of download times for requests with duplicated columns can be used to obtain sensitive information about the content of bug reports...
CVE-2018-19334
CVE-2018-19334 affects Google Monorail prior to 2018-05-04, exposing Cross-Site Search (XS-Search) via CSV downloads that are CSRF-protected inappropriately. The root cause is CSRF-assisted CSV download handling and calculations of download times for requests with an unsupported axis, which can r...
CVE-2018-19335
Google Monorail before 2018-06-07 is affected by a Cross-Site Search (XS-Search) vulnerability where CSV downloads are CSRF‑prone. The issue arises from CSRF in CSV download requests, allowing an attacker to exploit crafted groupby values to infer sensitive information contained in bug reports. T...
Google Monorail Cross-Site Search Vulnerability
Google Monorail is an issue tracker from Google USA. A security vulnerability exists in versions of Google Monorail prior to 2018-06-07. An attacker can exploit the vulnerability by sending a request with a specially crafted 'groupby' parameter value to obtain sensitive information about bug...
Google Monorail Cross-Site Search Vulnerability (CNVD-2018-23927)
Google Monorail is an issue tracker from Google USA. A security vulnerability exists in versions of Google Monorail prior to 2018-04-04. An attacker can exploit the vulnerability to obtain sensitive information about bug reports...
Google Monorail Cross-Site Search Vulnerability (CNVD-2018-23926)
Google Monorail is an issue tracker from Google USA. A security vulnerability exists in versions of Google Monorail prior to 2018-05-04. An attacker can exploit the vulnerability to obtain sensitive information about bug reports...