9174 matches found
CVE-2019-10220
Linux kernel CIFS implementation, version 4.9.0 is vulnerable to a relative paths injection in directory entry lists...
CVE-2019-10220
Linux kernel CIFS implementation, version 4.9.0 is vulnerable to a relative paths injection in directory entry lists...
Corsy - CORS Misconfiguration Scanner
Corsy is a lightweight program that scans for all known misconfigurations in CORS implementations. Usage Using Corsy is pretty simple python corsy.py -u https://example.com A delay between consecutive requests can be specified with -d option. Note: This is a beta version, features such as JSON...
Fedora Update for mingw-libidn2 FEDORA-2019-20e9736c97
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
CVE-2019-5857
Inappropriate implementation in JavaScript in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page...
CVE-2019-13708
Inappropriate implementation in navigation in Google Chrome on iOS prior to 78.0.3904.70 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...
CVE-2019-13701
Incorrect implementation in navigation in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...
CVE-2019-13684
Inappropriate implementation in JavaScript in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to leak cross-origin data via a crafted HTML page...
CVE-2019-13701
Incorrect implementation in navigation in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...
Design/Logic Flaw
Inappropriate implementation in navigation in Google Chrome on iOS prior to 78.0.3904.70 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...
Design/Logic Flaw
Inappropriate implementation in Omnibox in Google Chrome on iOS prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...
CVE-2019-5852
Inappropriate implementation in JavaScript in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page...
CVE-2019-5852
Inappropriate implementation in JavaScript in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page...
CVE-2019-13684
Inappropriate implementation in JavaScript in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to leak cross-origin data via a crafted HTML page...
CVE-2019-13684
CVE-2019-13684: Chrome prior to 72.0.3626.81 has an inappropriate JavaScript implementation that allows a remote attacker to leak cross-origin data via a crafted HTML page. Affected product: Google Chrome (desktop/mobile), version not explicitly stated beyond the pre-72.0.3626.81 range in the pro...
CVE-2019-18675
The Linux kernel through 5.3.13 has a startoffset+size Integer Overflow in cpia2remapbuffer in drivers/media/usb/cpia2/cpia2core.c because cpia2 has its own mmap implementation. This allows local users with /dev/video0 access to obtain read and write permissions on kernel physical pages, which ca...
Internet Bug Bounty: Dragonblood: Design and Implementation Flaws in WPA3 and EAP-pwd
Full background information is at our website and detailed information can be found in our research paper. Vulnerability Summary First Disclosure Summarized, the Dragonfly handshake of WPA3 and EAP-pwd is supposed to prevent dictionary attacks. However, we discovered design flaws that still enabl...
Kernel update: Virtuozzo ReadyKernel patch 92.0 for Virtuozzo 7.0 and Virtuozzo Infrastructure Platform 2.5, 3.0
The cumulative Virtuozzo ReadyKernel patch was updated with stability fixes. The patch applies to the kernels 3.10.0-693.21.1.vz7.48.2 Virtuozzo 7.0.7 HF3, 3.10.0-862.9.1.vz7.63.3 Virtuozzo 7.0.8, 3.10.0-862.11.6.vz7.64.7 Virtuozzo 7.0.8 HF1, 3.10.0-862.20.2.vz7.73.24 Virtuozzo 7.0.9 and Virtuozz...
Moneybird: Pending MFA logins aren't immediatly expired after a password change
Researcher found an issue with sessions not all being terminated when password is changed. The 2FA implementation was at fault in this scenario as the session was found to be active even after the password was changed and two-step verification was turned off...
openssl security update
1.1.1c-2 - do not try to use EC groups disallowed in FIPS mode in TLS - fix Valgrind regression with constant-time code 1.1.1c-1 - update to the 1.1.1c release 1.1.1b-6 - adjust the default cert pbe algorithm for pkcs12 -export in the FIPS mode 1.1.1b-5 - Fix small regressions related to the reba...