69 matches found
CVE-2018-18494
A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries. This is a same-origin policy violation and could allow for data theft. This vulnerability affects...
CVE-2018-18499
A same-origin policy violation allowing the theft of cross-origin URL entries when using a meta http-equiv="refresh" on a page to cause a redirection to another site using performance.getEntries. This is a same-origin policy violation and could allow for data theft. This vulnerability affects...
CVE-2018-18499
A same-origin policy violation allowing the theft of cross-origin URL entries when using a meta http-equiv="refresh" on a page to cause a redirection to another site using performance.getEntries. This is a same-origin policy violation and could allow for data theft. This vulnerability affects...
CVE-2018-18494
A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries. This is a same-origin policy violation and could allow for data theft. This vulnerability affects...
CVE-2018-20483
setfilemetadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information e.g., credentials contained in the URL by reading this attribut...
CVE-2018-20483
setfilemetadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information e.g., credentials contained in the URL by reading this attribut...
openSUSE Security Update : Chromium (openSUSE-2018-1253)
This update for Chromium to version 70.0.3538.67 fixes multiple issues. Security issues fixed bsc1112111 : - CVE-2018-17462: Sandbox escape in AppCache - CVE-2018-17463: Remote code execution in V8 - Heap buffer overflow in Little CMS in PDFium - CVE-2018-17464: URL spoof in Omnibox -...
Important: Red Hat Security Advisory: chromium-browser security update
An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...
openSUSE Security Update : Chromium (openSUSE-2018-1208)
This update for Chromium to version 70.0.3538.67 fixes multiple issues. Security issues fixed bsc1112111 : - CVE-2018-17462: Sandbox escape in AppCache - CVE-2018-17463: Remote code execution in V8 - Heap buffer overflow in Little CMS in PDFium - CVE-2018-17464: URL spoof in Omnibox -...
Security update for Chromium (important)
This update for Chromium to version 70.0.3538.67 fixes multiple issues. Security issues fixed bsc1112111: - CVE-2018-17462: Sandbox escape in AppCache - CVE-2018-17463: Remote code execution in V8 - Heap buffer overflow in Little CMS in PDFium - CVE-2018-17464: URL spoof in Omnibox -...
CVE-2017-15419
Insufficient policy enforcement in Resource Timing API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to infer browsing history by triggering a leaked cross-origin URL via a crafted HTML page...
CVE-2017-15419
Removed by vendor...
CVE-2017-15419
CVE-2017-15419 describes an information-disclosure vulnerability in Google Chrome’s Resource Timing API before 63.0.3239.84. The root cause is insufficient policy enforcement, allowing a remote attacker to leak cross-origin URLs via a crafted HTML page and infer browsing history. Affected product...
CVE-2017-15419
Insufficient policy enforcement in Resource Timing API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to infer browsing history by triggering a leaked cross-origin URL via a crafted HTML page...
Microsoft Forefront Unified Access Gateway 2010 External DNS Interaction Vulnerability
Microsoft Forefront Unified Access Gateway is an SSL VPN gateway server from Microsoft. Microsoft Forefront Unified Access Gateway 2010 external DNS interaction vulnerability allows remote attackers to Trigger URLs in the outbound DNS query origurl parameter from arbitrary hosts via a...
FreeBSD : chromium -- multiple vulnerabilities (8e986b2b-1baa-11e8-a944-54ee754af08e)
Google Chrome Releases reports : Several security fixes in this release, including : - 780450 High CVE-2018-6031: Use after free in PDFium. Reported by Anonymous on 2017-11-01 - 787103 High CVE-2018-6032: Same origin bypass in Shared Worker. Reported by Jun Kokatsu @shhnjk on 2017-11-20 - 793620...
Google Chrome Security Updates (stable-channel-update-for-desktop_24-2018-01) - Windows
Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...
50pforculture.org XSS vulnerability
Open Bug Bounty ID: OBB-452399 Description| Value ---|--- Affected Website:| 50pforculture.org Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat...
SUSE-SU-2017:3233-1 Security update for MozillaFirefox
This update for MozillaFirefox ESR 52.5 fixes the following issues: Security issues fixed: - CVE-2017-7826: Memory safety bugs fixed bsc1068101. - CVE-2017-7828: Use-after-free of PressShell while restyling layout bsc1068101. - CVE-2017-7830: Cross-origin URL information leak through Resource...
CVE-2017-15419
Insufficient policy enforcement in Resource Timing API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to infer browsing history by triggering a leaked cross-origin URL via a crafted HTML page...