Lucene search
K

371 matches found

Tenable Nessus
Tenable Nessus
added 2019/03/12 12:0 a.m.49 views

KB4489883: Windows 8.1 and Windows Server 2012 R2 March 2019 Security Update

The remote Windows host is missing security update 4489883 or cumulative update 4489881. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully...

9.3CVSS8.1AI score0.34209EPSS
Exploits1References33
Tenable Nessus
Tenable Nessus
added 2019/03/12 12:0 a.m.79 views

KB4489885: Windows 7 and Windows Server 2008 R2 March 2019 Security Update

The remote Windows host is missing security update 4489885 or cumulative update 4489878. It is, therefore, affected by multiple vulnerabilities : - An elevation of privilege vulnerability exists in Active Directory Forest trusts due to a default setting that lets an attacker in the trusting fores...

9.3CVSS8.1AI score0.53298EPSS
Exploits11References35
OSV
OSV
added 2019/02/28 6:29 p.m.4 views

CVE-2018-12402

The internal WebBrowserPersist code does not use correct origin context for a resource being saved. This manifests when sub-resources are loaded as part of "Save Page As..." functionality. For example, a malicious page could recover a visitor's Windows username and NTLM hash by including resource...

6.5CVSS7.4AI score0.01406EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2018/12/10 10:34 a.m.4 views

chromium-browser: Insufficient policy enforcement in Navigation

Lack of proper validation of ancestor frames site when sending lax cookies in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass SameSite cookie policy via a crafted HTML page...

6.5CVSS7.3AI score0.0255EPSS
Exploits0References5
OSV
OSV
added 2018/10/18 1:29 p.m.1 views

CVE-2018-12370

In Reader View SameSite cookie protections are not checked on exiting. This allows for a payload to be triggered when Reader View is exited if loaded by a malicious site while Reader mode is active, bypassing CSRF protections. This vulnerability affects Firefox 61...

8.8CVSS7.1AI score0.01126EPSS
Exploits0References5
FreeBSD
FreeBSD
added 2018/06/26 12:0 a.m.52 views

mozilla -- multiple vulnerabilities

Mozilla Foundation reports: CVE-2018-12359: Buffer overflow using computed size of canvas element CVE-2018-12360: Use-after-free when using focus CVE-2018-12361: Integer overflow in SwizzleData CVE-2018-12358: Same-origin bypass using service worker and redirection CVE-2018-12362: Integer overflo...

9.8CVSS1AI score0.04831EPSS
Exploits3References3
Hacker One
Hacker One
added 2018/06/05 5:29 a.m.174 views

Mail.ru: DNS Misconfiguration

Your localhost.mail.ru has address 127.0.0.1 and this may lead to "Same- Site" Scripting. Here is detailed description of this minor security issue by Tavis Ormandy: http://www.securityfocus.com/archive/1/486606/30/0/threaded I can also ping the localhost network from mail.ru, as in the image...

7.1AI score
Exploits0
NVD
NVD
added 2017/07/19 3:29 p.m.23 views

CVE-2016-6798

In the XSS Protection API module before 1.0.12 in Apache Sling, the method XSS.getValidXML uses an insecure SAX parser to validate the input string, which allows for XXE attacks in all scripts which use this method to validate user input, potentially allowing an attacker to read sensitive data on...

9.8CVSS9.1AI score0.03669EPSS
Exploits0References2
Hacker One
Hacker One
added 2016/11/29 10:37 a.m.26 views

U.S. Dept Of Defense: DNS Misconfiguration

Multiple reporters identified a DNS configuration issue in the defense.gov domain that could allow same-site scripting. Thanks to @myst404 for first reporting this, and to @atik-rahman and others for also reporting it...

2.6AI score
Exploits0
Hacker One
Hacker One
added 2014/04/18 4:15 a.m.335 views

Respondly: DNS Misconfiguration

Hey !! Daksh Here !! This time i would like to report DNS Misconfiguration in your site . I have noticed your http://localhost.respond.ly/ has address 127.0.0.1 and this may lead to "Same- Site" Scripting. Here is detailed description of this minor security issue by Tavis Ormandy:...

7AI score
Exploits0
Hacker One
Hacker One
added 2014/04/11 8:18 a.m.34 views

IRCCloud: DNS Misconfiguration

Your localhost.irccloud.com has address 127.0.0.1 and this may lead to "Same- Site" Scripting. Here is detailed description of this minor security issue by Tavis Ormandy: http://www.securityfocus.com/archive/1/486606/30/0/threaded...

Exploits0
Rows per page
Query Builder