2242 matches found
Design/Logic Flaw
Inappropriate implementation in Push messaging in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page...
CVE-2022-0294
CVE-2022-0294 refers to an “Inappropriate implementation in Push messaging” in Google Chrome before version 97.0.4692.99. The publicly provided data states that a remote attacker who had already compromised the renderer process could bypass site isolation via a crafted HTML page. The linked Chrom...
CVE-2022-0294
Inappropriate implementation in Push messaging in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page...
CVE-2022-0294
Inappropriate implementation in Push messaging in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page...
PT-2022-6487 · Git +2 · Git +2
Name of the Vulnerable Software and Affected Versions: Git versions through 2.35.1 Description: The issue is related to the disclosure of information in the error data area of the distributed version control system Git. This could present a security risk if information-disclosure auditing process...
The vulnerability of Windows Push Notifications apps in the Windows operating system allows attackers to escalate their privileges.
The vulnerability of Windows Push Notifications apps in the operating system Windows is related to insecure management of privileges. Exploiting this vulnerability can allow attackers to enhance their privileges...
@3yourmind/yoco (=0.0.2-beta.3), @auto-canary/gh-pages (>=9.16.7-canary.0.b718636d.0 <=11.3.0--canary.2478.87bcf4d47797ed8cc7152538b86fd742d8d19462.0) +7 more potentially affected by CVE-2019-10803 via push-dir (=0.4.1)
push-dir NPM version =0.4.1 is affected by a known vulnerability. The following packages have a transitive dependency on push-dir and may be impacted: - @3yourmind/yoco =0.0.2-beta.3 - @auto-canary/gh-pages =9.16.7-canary.0.b718636d.0, =9.17.0, =1.0.0, =0.0.16, =0.0.37, =0.0.1, =0.1.1, =0.7.12...
GHSA-926X-M6M5-3MMP push-dir Enables OS Command Injection
push-dir through 0.4.1 allows execution of arbritary commands. Arguments provided as part of the variable opt.branch is not validated before being provided to the git command within index.jsL139. This could be abused by an attacker to inject arbitrary commands...
push-dir Enables OS Command Injection
push-dir through 0.4.1 allows execution of arbritary commands. Arguments provided as part of the variable opt.branch is not validated before being provided to the git command within index.jsL139. This could be abused by an attacker to inject arbitrary commands...
PT-2022-16785 · Apple · Swift-Nio-Http2
Name of the Vulnerable Software and Affected Versions: swift-nio-http2 versions 1.0.0 through 1.19.1 Description: A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HPACK-encoded header block. This attack affects...
Updated chromium-browser-stable packages fix security vulnerability
CVE-2022-0096: Use after free in Storage. CVE-2022-0097: Inappropriate implementation in DevTools. CVE-2022-0098: Use after free in Screen Capture. CVE-2022-0099: Use after free in Sign-in. CVE-2022-0100: Heap buffer overflow in Media streams API. CVE-2022-0101: Heap buffer overflow in Bookmarks...
CVE-2021-42791
An issue was discovered in VeridiumID VeridiumAD 2.5.3.0. The HTTP request to trigger push notifications for VeridiumAD enrolled users does not enforce proper access control. A user can trigger push notifications for any other user. The text contained in the push notification can also be modified...
CVE-2021-42791
An issue was discovered in VeridiumID VeridiumAD 2.5.3.0. The HTTP request to trigger push notifications for VeridiumAD enrolled users does not enforce proper access control. A user can trigger push notifications for any other user. The text contained in the push notification can also be modified...
Design/Logic Flaw
An issue was discovered in VeridiumID VeridiumAD 2.5.3.0. The HTTP request to trigger push notifications for VeridiumAD enrolled users does not enforce proper access control. A user can trigger push notifications for any other user. The text contained in the push notification can also be modified...
CVE-2021-42791
The CVE-2021-42791 entry concerns VeridiumID VeridiumAD 2.5.3.0. The vulnerability is an access-control gap in the HTTP trigger for push notifications: an attacker can trigger notifications for other enrolled users, and the notification text can be altered. If the notification recipient accepts, ...
CVE-2021-42791
An issue was discovered in VeridiumID VeridiumAD 2.5.3.0. The HTTP request to trigger push notifications for VeridiumAD enrolled users does not enforce proper access control. A user can trigger push notifications for any other user. The text contained in the push notification can also be modified...
VeridiumAd 环境问题漏洞
VeridiumAd is an enterprise-ready solution from Veridium UK. that adds biometric authentication and identity assurance to Microsoft Active Directory environments. A security vulnerability exists in VeridiumAd 2.5.3.0, which arises from an HTTP request that triggers a push notification for a...
Mageia: Security Advisory (MGASA-2016-0433)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
KLA12435 Multiple vulnerabilities in Opera
Multiple vulnerabilities were found in Opera. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: 1. Heap buffer overflow vulnerability in Task Manager can be exploited to execute arbitrary code or caus...
Inappropriate Implementation In Push Messaging
Chrome has Inappropriate implementation in Push messaging. The vulnerability exists due to a lack of sanitization in the Push Message Handler...