Lucene search
K

12 matches found

OSV
OSV
added 2026/04/14 1:10 p.m.3 views

JLSEC-2026-102 Interactive `run` permission prompt spoofing via improper ANSI neutralization

Summary Arbitrary program names without any ANSI filtering allows any malicious program to clear the first 2 lines of a opspawnchild or opkill prompt and replace it with any desired text. Details The main entry point comes down to the ability to override what the API control says 40process.js...

8.8CVSS7.2AI score0.01142EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-0957

Malicious code in bioql PyPI...

8.8CVSS6.4AI score0.00943EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2024/03/22 4:17 a.m.3 views

SUSE CVE-2024-27936

Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. Starting in version 1.32.1 and prior to version 1.41.0 of the deno library, maliciously crafted permission request can show the spoofed permission prompt by inserting a broken ANSI escape sequence into the request...

8.8CVSS6.8AI score0.00943EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2023/03/24 7:46 p.m.8 views

CVE-2023-28446 Deno is vulnerable to interactive `run` permission prompt spoofing via improper ANSI neutralization

Deno is a simple, modern and secure runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Arbitrary program names without any ANSI filtering allows any malicious program to clear the first 2 lines of a opspawnchild or opkill prompt and replace it with any desired text. This wor...

8.8CVSS8.7AI score0.01142EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2023/01/17 8:23 p.m.11 views

CVE-2023-22499 Interactive permission prompt spoofing in Deno

Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Multi-threaded programs were able to spoof interactive permission prompt by rewriting the prompt to suggest that program is waiting on user confirmation to unrelated action. A malicious program could clear the...

7.5CVSS7.6AI score0.00601EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2021/11/10 9:58 a.m.4 views

Mozilla: Permission Prompt could be overlaid, resulting in user confusion and potential spoofing

By displaying a form validity message in the correct location at the same time as a permission prompt such as for geolocation, the validity message could have obscured the prompt, resulting in the user potentially being tricked into granting the permission. This vulnerability affects Firefox 94,...

4.3CVSS7.3AI score0.01527EPSS
Exploits0References4
OSV
OSV
added 2020/09/21 8:15 p.m.7 views

CVE-2020-6564

Inappropriate implementation in permissions in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to spoof the contents of a permission dialog via a crafted HTML page...

6.5CVSS8AI score
Exploits0References7
OSV
OSV
added 2020/09/21 8:15 p.m.1 views

DEBIAN-CVE-2020-6564

Inappropriate implementation in permissions in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to spoof the contents of a permission dialog via a crafted HTML page...

6.5CVSS7AI score0.01548EPSS
Exploits0References1
Prion
Prion
added 2016/06/13 10:59 a.m.17 views

Code injection

Mozilla Firefox before 47.0 allows remote attackers to spoof permission notifications via a crafted web site that rapidly triggers permission requests, as demonstrated by the microphone permission or the geolocation permission...

4.3CVSS6.7AI score0.01334EPSS
Exploits0References6Affected Software4
Debian CVE
Debian CVE
added 2016/06/13 10:0 a.m.21 views

CVE-2016-2829

Mozilla Firefox before 47.0 allows remote attackers to spoof permission notifications via a crafted web site that rapidly triggers permission requests, as demonstrated by the microphone permission or the geolocation permission...

6.5CVSS8.2AI score0.01334EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2016/06/08 8:18 a.m.20 views

CVE-2016-2829

Mozilla Firefox before 47.0 allows remote attackers to spoof permission notifications via a crafted web site that rapidly triggers permission requests, as demonstrated by the microphone permission or the geolocation permission...

6.5CVSS7.1AI score0.01334EPSS
Exploits0References2
CVE
CVE
added 2014/08/27 1:0 a.m.64 views

CVE-2014-3170

CVE-2014-3170 affects Google Chrome/Chromium prior to version 37.0.2062.94, where extensions/common/url_pattern.cc fails to prevent a '\0' character in a host name. This allows an attacker to spoof the extension permission dialog by truncation after the null character. Debian and openSUSE advisor...

6.4CVSS5.9AI score0.0188EPSS
Exploits0References11Affected Software1
Rows per page
Query Builder