Lucene search
K

69 matches found

Debian CVE
Debian CVE
added 2019/02/28 6:0 p.m.26 views

CVE-2018-18494

A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries. This is a same-origin policy violation and could allow for data theft. This vulnerability affects...

6.5CVSS8.4AI score0.01549EPSS
Exploits0
Debian CVE
Debian CVE
added 2019/02/28 6:0 p.m.27 views

CVE-2018-18499

A same-origin policy violation allowing the theft of cross-origin URL entries when using a meta http-equiv="refresh" on a page to cause a redirection to another site using performance.getEntries. This is a same-origin policy violation and could allow for data theft. This vulnerability affects...

6.5CVSS7.3AI score0.0105EPSS
Exploits0
Cvelist
Cvelist
added 2019/02/28 6:0 p.m.26 views

CVE-2018-18499

A same-origin policy violation allowing the theft of cross-origin URL entries when using a meta http-equiv="refresh" on a page to cause a redirection to another site using performance.getEntries. This is a same-origin policy violation and could allow for data theft. This vulnerability affects...

5.7AI score0.0105EPSS
Exploits0References4
Cvelist
Cvelist
added 2019/02/28 6:0 p.m.19 views

CVE-2018-18494

A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries. This is a same-origin policy violation and could allow for data theft. This vulnerability affects...

7.2AI score0.01549EPSS
Exploits0References15
OSV
OSV
added 2018/12/26 6:29 p.m.21 views

CVE-2018-20483

setfilemetadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information e.g., credentials contained in the URL by reading this attribut...

7.8CVSS5.8AI score
Exploits0References7
UbuntuCve
UbuntuCve
added 2018/12/26 12:0 a.m.31 views

CVE-2018-20483

setfilemetadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information e.g., credentials contained in the URL by reading this attribut...

7.8CVSS6.8AI score0.00659EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2018/10/25 12:0 a.m.57 views

openSUSE Security Update : Chromium (openSUSE-2018-1253)

This update for Chromium to version 70.0.3538.67 fixes multiple issues. Security issues fixed bsc1112111 : - CVE-2018-17462: Sandbox escape in AppCache - CVE-2018-17463: Remote code execution in V8 - Heap buffer overflow in Little CMS in PDFium - CVE-2018-17464: URL spoof in Omnibox -...

9.6CVSS8.2AI score0.83898EPSS
Exploits7References18
RedHat Linux
RedHat Linux
added 2018/10/24 10:6 p.m.189 views

Important: Red Hat Security Advisory: chromium-browser security update

An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

9.6CVSS7.4AI score0.83898EPSS
Exploits8References18
Tenable Nessus
Tenable Nessus
added 2018/10/23 12:0 a.m.47 views

openSUSE Security Update : Chromium (openSUSE-2018-1208)

This update for Chromium to version 70.0.3538.67 fixes multiple issues. Security issues fixed bsc1112111 : - CVE-2018-17462: Sandbox escape in AppCache - CVE-2018-17463: Remote code execution in V8 - Heap buffer overflow in Little CMS in PDFium - CVE-2018-17464: URL spoof in Omnibox -...

9.6CVSS8.2AI score0.83898EPSS
Exploits7References18
OPENSUSE Linux
OPENSUSE Linux
added 2018/10/22 3:16 p.m.127 views

Security update for Chromium (important)

This update for Chromium to version 70.0.3538.67 fixes multiple issues. Security issues fixed bsc1112111: - CVE-2018-17462: Sandbox escape in AppCache - CVE-2018-17463: Remote code execution in V8 - Heap buffer overflow in Little CMS in PDFium - CVE-2018-17464: URL spoof in Omnibox -...

0.5AI score0.83898EPSS
Exploits7References1
UbuntuCve
UbuntuCve
added 2018/08/28 7:29 p.m.31 views

CVE-2017-15419

Insufficient policy enforcement in Resource Timing API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to infer browsing history by triggering a leaked cross-origin URL via a crafted HTML page...

6.5CVSS7AI score0.01287EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2018/08/28 7:0 p.m.26 views

CVE-2017-15419

Removed by vendor...

6.5CVSS8.1AI score0.01287EPSS
Exploits0
CVE
CVE
added 2018/08/28 7:0 p.m.104 views

CVE-2017-15419

CVE-2017-15419 describes an information-disclosure vulnerability in Google Chrome’s Resource Timing API before 63.0.3239.84. The root cause is insufficient policy enforcement, allowing a remote attacker to leak cross-origin URLs via a crafted HTML page and infer browsing history. Affected product...

6.5CVSS6.3AI score0.01287EPSS
Exploits0References5Affected Software3
Cvelist
Cvelist
added 2018/08/28 7:0 p.m.23 views

CVE-2017-15419

Insufficient policy enforcement in Resource Timing API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to infer browsing history by triggering a leaked cross-origin URL via a crafted HTML page...

6.5AI score0.01287EPSS
Exploits0References5
CNVD
CNVD
added 2018/07/04 12:0 a.m.2 views

Microsoft Forefront Unified Access Gateway 2010 External DNS Interaction Vulnerability

Microsoft Forefront Unified Access Gateway is an SSL VPN gateway server from Microsoft. Microsoft Forefront Unified Access Gateway 2010 external DNS interaction vulnerability allows remote attackers to Trigger URLs in the outbound DNS query origurl parameter from arbitrary hosts via a...

9.8CVSS9.3AI score0.30274EPSS
Exploits3References1
Tenable Nessus
Tenable Nessus
added 2018/02/28 12:0 a.m.45 views

FreeBSD : chromium -- multiple vulnerabilities (8e986b2b-1baa-11e8-a944-54ee754af08e)

Google Chrome Releases reports : Several security fixes in this release, including : - 780450 High CVE-2018-6031: Use after free in PDFium. Reported by Anonymous on 2017-11-01 - 787103 High CVE-2018-6032: Same origin bypass in Shared Worker. Reported by Jun Kokatsu @shhnjk on 2017-11-20 - 793620...

8.8CVSS6.8AI score0.02149EPSS
Exploits0References26
OpenVAS
OpenVAS
added 2018/01/25 12:0 a.m.35 views

Google Chrome Security Updates (stable-channel-update-for-desktop_24-2018-01) - Windows

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...

8.8CVSS7.9AI score0.02149EPSS
Exploits0References1
Openbugbounty
Openbugbounty
added 2017/12/12 12:20 p.m.11 views

50pforculture.org XSS vulnerability

Open Bug Bounty ID: OBB-452399 Description| Value ---|--- Affected Website:| 50pforculture.org Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat...

6.4AI score
Exploits0
OSV
OSV
added 2017/12/07 2:30 p.m.9 views

SUSE-SU-2017:3233-1 Security update for MozillaFirefox

This update for MozillaFirefox ESR 52.5 fixes the following issues: Security issues fixed: - CVE-2017-7826: Memory safety bugs fixed bsc1068101. - CVE-2017-7828: Use-after-free of PressShell while restyling layout bsc1068101. - CVE-2017-7830: Cross-origin URL information leak through Resource...

10CVSS8.6AI score0.07439EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2017/12/07 10:22 a.m.27 views

CVE-2017-15419

Insufficient policy enforcement in Resource Timing API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to infer browsing history by triggering a leaked cross-origin URL via a crafted HTML page...

6.5CVSS2.7AI score0.01287EPSS
Exploits0References2
Rows per page
Query Builder