Lucene search
K

75 matches found

Debian CVE
Debian CVE
added 2015/09/03 10:0 p.m.35 views

CVE-2015-1291

Removed by vendor...

6.4CVSS9.3AI score0.01714EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2015/09/02 12:0 a.m.22 views

CVE-2015-1291

The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not check whether a node is expected, which allows remote attackers to bypass the Same Origin Policy or cause a denial of service DOM tree corruption via a web...

6.4CVSS7.2AI score0.01714EPSS
Exploits0References3
Zero Day Initiative
Zero Day Initiative
added 2015/02/10 12:0 a.m.33 views

Microsoft Internet Explorer CIFrameElement Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how...

5.1CVSS6.5AI score0.16009EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2015/02/10 12:0 a.m.37 views

Microsoft Internet Explorer CIFrameElement Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how...

5.1CVSS6.5AI score0.16009EPSS
Exploits0References1
Prion
Prion
added 2015/02/07 7:59 p.m.18 views

Cross site scripting

Cross-site scripting XSS vulnerability in Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy and inject arbitrary web script or HTML via vectors involving an IFRAME element that triggers a redirect, a second IFRAME element that does not trigger a...

4.3CVSS5.4AI score0.71698EPSS
Exploits5References12Affected Software1
NVD
NVD
added 2015/02/03 10:59 p.m.23 views

CVE-2015-0599

The web interface in Cisco Integrated Management Controller in Cisco Unified Computing System UCS on C-Series Rack Servers does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web...

4.3CVSS6.4AI score0.01476EPSS
Exploits0References5
Prion
Prion
added 2014/10/15 10:55 a.m.17 views

Information disclosure

The WebRTC video-sharing feature in dom/media/MediaManager.cpp in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 does not properly recognize Stop Sharing actions for videos in IFRAME elements, which allows remote attackers to obtain sensitive informati...

5CVSS6.3AI score0.02793EPSS
Exploits0References23Affected Software3
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.18 views

Apple Safari 3 for Windows Protocol Handler Command Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/24434/info Apple Safari for Windows is prone to a protocol handler command-injection vulnerability. Exploiting the issue allows remote attackers to pass arbitrary command-line arguments to any application that can be call...

7.1AI score
Exploits0
NVD
NVD
added 2013/06/26 3:19 a.m.11 views

CVE-2013-1698

The getUserMedia permission implementation in Mozilla Firefox before 22.0 references the URL of a top-level document instead of the URL of a specific page, which makes it easier for remote attackers to trick users into permitting camera or microphone access via a crafted web site that uses IFRAME...

4.3CVSS6.1AI score0.01486EPSS
Exploits0References5
Prion
Prion
added 2013/06/26 3:19 a.m.15 views

Code injection

The getUserMedia permission implementation in Mozilla Firefox before 22.0 references the URL of a top-level document instead of the URL of a specific page, which makes it easier for remote attackers to trick users into permitting camera or microphone access via a crafted web site that uses IFRAME...

4.3CVSS6.6AI score0.01486EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2013/06/26 1:0 a.m.130 views

CVE-2013-1698

CVE-2013-1698 is MFSA 2013-60 describing a getUserMedia permission dialog issue in Mozilla Firefox prior to 22.0, where the dialog displays the top-level page URL instead of the specific page URL, enabling a crafted site to trick users into granting camera/microphone access. Affected product: Moz...

4.3CVSS6AI score0.01486EPSS
Exploits0References5Affected Software1
Prion
Prion
added 2013/06/05 2:39 p.m.12 views

Cross site scripting

Cross-site scripting XSS vulnerability in WebKit in Apple Safari before 6.0.5 allows remote attackers to inject arbitrary web script or HTML via vectors involving IFRAME elements...

4.3CVSS5.6AI score0.01771EPSS
Exploits0References5Affected Software1
UbuntuCve
UbuntuCve
added 2013/06/05 2:39 p.m.20 views

CVE-2013-1012

Cross-site scripting XSS vulnerability in WebKit in Apple Safari before 6.0.5 allows remote attackers to inject arbitrary web script or HTML via vectors involving IFRAME elements...

4.3CVSS6AI score0.01771EPSS
Exploits0References3
Cvelist
Cvelist
added 2013/06/05 10:0 a.m.21 views

CVE-2013-1012

Cross-site scripting XSS vulnerability in WebKit in Apple Safari before 6.0.5 allows remote attackers to inject arbitrary web script or HTML via vectors involving IFRAME elements...

5.2AI score0.01771EPSS
Exploits0References5
NVD
NVD
added 2012/04/05 10:2 p.m.15 views

CVE-2011-3067

Google Chrome before 18.0.1025.151 allows remote attackers to bypass the Same Origin Policy via vectors related to replacement of IFRAME elements...

6.8CVSS6AI score0.01304EPSS
Exploits1References14
Debian CVE
Debian CVE
added 2012/04/05 8:0 p.m.24 views

CVE-2011-3067

Removed by vendor...

6.8CVSS9.4AI score0.01304EPSS
Exploits1
NVD
NVD
added 2011/07/01 10:55 a.m.16 views

CVE-2011-2617

Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service application crash via vectors related to selecting a text node, and closed pop-up windows, removed pop-up windows, and IFRAME elements...

5CVSS7.2AI score0.02215EPSS
Exploits1References3
Prion
Prion
added 2011/07/01 10:55 a.m.20 views

Design/Logic Flaw

Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service application crash via vectors related to selecting a text node, and closed pop-up windows, removed pop-up windows, and IFRAME elements...

5CVSS6.9AI score0.02215EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2011/07/01 10:0 a.m.27 views

CVE-2011-2617

Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service application crash via vectors related to selecting a text node, and closed pop-up windows, removed pop-up windows, and IFRAME elements...

7.1AI score0.02215EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2010/06/22 8:30 p.m.22 views

CVE-2010-1407

WebKit in Apple iOS before 4 on the iPhone and iPod touch does not properly implement the history.replaceState method in certain situations involving IFRAME elements, which allows remote attackers to obtain sensitive information via a crafted HTML document...

4.3CVSS5.9AI score0.02597EPSS
Exploits0References2
Rows per page
Query Builder