180 matches found
Recruit Hot Pepper Gourmet App 访问控制错误漏洞
Recruit Hot Pepper Gourmet App is a mobile application. A restaurant navigation software An Access Control Error vulnerability exists in Hot Pepper Gourmet App for Android, which stems from improper access restrictions. The following products and versions are affected: Hot Pepper Gourmet App for...
CVE-2020-12511 Pepper+Fuchs Comtrol IO-Link Master Cross-Site Request Forgery
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a Cross-Site Request Forgery CSRF in the web interface...
CVE-2020-12514 Pepper+Fuchs Comtrol IO-Link Master NULL Pointer Dereference
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a NULL Pointer Dereference that leads to a DoS in discoveryd...
DEBIAN-CVE-2020-16014
Use after free in PPAPI in Google Chrome prior to 87.0.4280.66 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page...
UBUNTU-CVE-2020-16014
Use after free in PPAPI in Google Chrome prior to 87.0.4280.66 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page...
The vulnerability of the PPAPI implementation in the Google Chrome web browser allows a hacker to execute arbitrary code.
The vulnerability of the PPAPI implementation in the Google Chrome web browser relates to the use of memory after it is freed. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
Google Chrome Security Vulnerability
Google Chrome is a web browser from Google, Inc USA. A security vulnerability exists in versions prior to Google chrome 87.0.4280.66, which originates from PPAPI...
agriwatch.com XSS vulnerability
Open Bug Bounty ID: OBB-615746 Description| Value ---|--- Affected Website:| agriwatch.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Vulnerability in Robots Can Lead To Costly Ransomware Attacks
CANCUN, Mexico – A vulnerability in Softbank Robotics’ NAO and Pepper robots can lead to costly ransomware attacks that could cause robots deployed in businesses to stop working, curse at customers, or even perform violent movements. The vulnerability was disclosed at Kaspersky Lab’s Security...
The vulnerability in the PPAPI implementation of the Google Chrome browser allows a hacker to escape from an isolated environment.
The vulnerability of the PPAPI implementation in Google Chrome exists due to insufficient input validation in PPAPI modules. Exploiting this vulnerability allows a malicious actor to escape from an isolated environment using a specially crafted HTML page...
chromium-browser: out-of-bounds write in ppapi
Insufficient validation of untrusted input in PPAPI Plugins in Google Chrome prior to 60.0.3112.78 for Mac allowed a remote attacker to potentially gain privilege elevation via a crafted HTML page...
Chrome Universal XSS via the interception of |Binding| with Object.prototype.create (CVE-2016-1674)
VULNERABILITY DETAILS The fix for the issue 590118 is insufficient to protect against the bindings interception. While they can't be accessed by triggering accessors on the |modules| object anymore, it's still possible to trap the set operation for |Binding. create| using the Object. prototype...
Chrome Universal XSS using a FrameNavigationDisabler bypass (CVE-2016-1673)
VULNERABILITY DETAILS When a top-level navigation is triggered on a frame displaying the initial empty document, FrameLoader::load is invoked directly: void LocalFrame::navigateDocument& originDocument, const KURL& url, bool replaceCurrentItem, UserGestureStatus userGestureStatus ... if isMainFra...
Chrome Universal XSS using widget updates in ContainerNode::parserRemoveChild (CVE-2016-1630)
VULNERABILITY DETAILS There are 3 methods where ContainerNode::removeBetween is invoked: 1. ContainerNode::removeChild 2. ContainerNode::parserRemoveChild 3. ContainerNode::removeChildren The calls in 1 and 3 are within the scope of HTMLFrameOwnerElement::UpdateSuspendScope, but 2 is unprotected...
Chrome Universal XSS using a flaw in the load deferral logic
VULNERABILITY DETAILS This is a regression from https://crrev.com/f92a1f3b9 . Previously, ResourceLoader::start bailed out if ResourceLoader::mdefersLoading was true. Now, it calls setDefersLoading on the associated WebURLLoader instead: void ResourceLoader::startResourceRequest& request...
Chrome Universal XSS using late widget updates (CVE-2017-5006)
VULNERABILITY DETAILS Among the things that Document::shutdown does, |view-dispose| is called: From /thirdparty/WebKit/Source/core/frame/FrameView.cpp: void FrameView::dispose ... // FIXME: Do we need to do something here for OOPI? HTMLFrameOwnerElement ownerElement = mframe-deprecatedLocalOwner;...
Fedora 24 : wordpress (2016-a8657278bf)
See upstream announcements : - WordPress 4.6 Pepper - WordPress 4.6.1 Security and Maintenance Release Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as muc...
The vulnerability of Google Chrome browser allows a hacker to bypass the sandboxing protection mechanism.
The vulnerability in the PPAPI implementation of the Google Chrome browser is related to the lack of verification for the source of IPC messages for the plugin process management system. Exploiting this vulnerability allows a malicious actor to bypass the sandboxing mechanism by sending messages...
Debian Security Advisory DSA 3637-1 (chromium-browser - security update)
Several vulnerabilities have been discovered in the chromium web browser. CVE-2016-1704 The chrome development team found and fixed various issues during internal auditing. CVE-2016-1705 The chrome development team found and fixed various issues during internal auditing. CVE-2016-1706 Pinkie Pie...
[SECURITY] [DSA 3637-1] chromium-browser security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3637-1 [email protected] https://www.debian.org/security/ Michael Gilbert July 31, 2016 https://www.debian.org/security/faq -...