CVE-2023-0704

Insufficient policy enforcement in DevTools in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to bypass same origin policy and proxy settings via a crafted HTML page. Chromium security severity: Low...

CVE-2023-0704

CVE-2023-0704 affects Google Chrome/Chromium DevTools. The issue is an insufficient policy enforcement flaw that allowed a remote attacker to bypass the same-origin policy and proxy settings via a crafted HTML page. Affected versions are prior to 110.0.5481.77. Chrome’s security fixes released in...

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, Inc USA. A security vulnerability exists in versions prior to Google Chrome 110.0.5481.77, which stems from insufficient policy enforcement in DevTools. An attacker exploits the vulnerability to bypass the same-origin policy and proxy settings via a...

CVE-2023-0704

Insufficient policy enforcement in DevTools in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to bypass same origin policy and proxy settings via a crafted HTML page. Chromium security severity: Low...

PT-2023-4137 · Google · Google Chrome

Name of the Vulnerable Software and Affected Versions: Google Chrome on Android versions prior to 109.0.5414.119 Description: The issue is related to insufficient policy enforcement in Intents, allowing a remote attacker to bypass the same origin policy via a crafted HTML page. This could...

New Microsoft Azure Vulnerability Uncovered — EmojiDeploy for RCE Attacks

A new critical remote code execution RCE flaw discovered impacting multiple services related to Microsoft Azure could be exploited by a malicious actor to completely take control of a targeted application. "The vulnerability is achieved through CSRF cross-site request forgery on the ubiquitous SC...

[SECURITY] [DLA 3274-1] webkit2gtk security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3274-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort January 19, 2023 https://wiki.debian.org/LTS -...

SUSE SLES12 Security Update : webkit2gtk3 (SUSE-SU-2023:0061-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0061-1 advisory. - The issue was addressed with improved memory handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS...

CVE-2017-20146

A flaw was found in Gorilla. Usage of the CORS handler may apply improper CORS headers, allowing the requester to explicitly control the value of the Access-Control-Allow-Origin header, which bypasses the expected behavior of the Same Origin Policy...

CVE-2022-46692

A logic issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, iCloud for Windows 14.1, iOS 15.7.2 and iPadOS 15.7.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may bypass Same Origin Policy...

UBUNTU-CVE-2022-46692

A logic issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, iCloud for Windows 14.1, iOS 15.7.2 and iPadOS 15.7.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may bypass Same Origin Policy...

Debian: Security Advisory (DSA-5308-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DSA 5308-1] webkit2gtk security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5308-1 [email protected] https://www.debian.org/security/ Alberto Garcia December 31, 2022 https://www.debian.org/security/faq -...

Fedora 36 : webkit2gtk3 (2022-71121c44a4)

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-71121c44a4 advisory. Update to 2.38.3: Fix runtime critical warnings from media player. Fix network process crash when fetching website data on ephemeral session. Fix th...

SUSE SLES15 Security Update : webkit2gtk3 (SUSE-SU-2022:4642-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4642-1 advisory. - The issue was addressed with improved memory handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS...

Debian DSA-5308-1 : webkit2gtk - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5308 advisory. The following vulnerabilities have been discovered in the WebKitGTK web engine: CVE-2022-42852 hazbinhotel discovered that processing maliciously crafted web...

SUSE-SU-2022:4642-1 Security update for webkit2gtk3

This update for webkit2gtk3 fixes the following issues: Update to version 2.38.3: - CVE-2022-42856: Fixed a potential arbitrary code execution when processing maliciously crafted web content bsc1206474. - CVE-2022-42852: Fixed disclosure of process memory by improved memory handling. -...

Mozilla Firefox Resource Misuse Vulnerability

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a resource mishandling vulnerability that stems from the way the browser handles XSL documents. An attacker could use the vulnerability to trick a victim into loading a...

gorilla/handlers may allow requester to bypass expected behavior of the Same Origin Policy

Usage of the CORS handler may apply improper CORS headers, allowing the requester to explicitly control the value of the Access-Control-Allow-Origin header, which bypasses the expected behavior of the Same Origin Policy...

GHSA-JCR6-MMJJ-PCHW gorilla/handlers may allow requester to bypass expected behavior of the Same Origin Policy

Usage of the CORS handler may apply improper CORS headers, allowing the requester to explicitly control the value of the Access-Control-Allow-Origin header, which bypasses the expected behavior of the Same Origin Policy...