6880 matches found
CVE-2022-42927
CVE-2022-42927 is a same-origin policy violation that could leak cross-origin URL entries and the redirect result via performance.getEntries(). Connected sources confirm impact on Firefox before version 106, Firefox ESR before 102.4, and Thunderbird before 102.4. Mitigations referenced include up...
DEBIAN-CVE-2022-46692
A logic issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, iCloud for Windows 14.1, iOS 15.7.2 and iPadOS 15.7.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may bypass Same Origin Policy...
CVE-2022-46692
A logic issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, iCloud for Windows 14.1, iOS 15.7.2 and iPadOS 15.7.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may bypass Same Origin Policy...
CVE-2022-46692
A logic issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, iCloud for Windows 14.1, iOS 15.7.2 and iPadOS 15.7.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may bypass Same Origin Policy...
Design/Logic Flaw
A logic issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, iCloud for Windows 14.1, iOS 15.7.2 and iPadOS 15.7.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may bypass Same Origin Policy...
CVE-2022-46692
A logic issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, iCloud for Windows 14.1, iOS 15.7.2 and iPadOS 15.7.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may bypass Same Origin Policy...
CVE-2022-46692
CVE-2022-46692 is a logic issue in WebKitGTK/WebKit causing a bypass of the Same Origin Policy when processing malicious web content. The Apple ecosystem fixes (Safari 16.2, iOS 16.2/iPadOS 16.2, macOS Ventura 13.1, watchOS 9.2, etc.) are documented in the initial CVE description. Connected advis...
CVE-2022-46692
A logic issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, iCloud for Windows 14.1, iOS 15.7.2 and iPadOS 15.7.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may bypass Same Origin Policy...
CVE-2022-46692
A logic issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, iCloud for Windows 14.1, iOS 15.7.2 and iPadOS 15.7.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may bypass Same Origin Policy...
VulnCheck KEV: CVE-2022-46692
A logic issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, iCloud for Windows 14.1, iOS 15.7.2 and iPadOS 15.7.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may bypass Same Origin Policy...
About the security content of iCloud for Windows 14.1
About the security content of iCloud for Windows 14.1 This document describes the security content of iCloud for Windows 14.1. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or...
About the security content of Safari 16.2
About the security content of Safari 16.2 This document describes the security content of Safari 16.2. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...
Evernote Web Clipper Same-Origin Policy Bypass Vulnerability
Evernote Web Clipper suffered from a same-origin policy bypass vulnerability. The link to the demo exploit was a 403 at the time of addition and has not been included in this post. Evernote: extension allows cross-origin iframe communication I happened to notice that the Evernote Web Clipper...
Contest Gallery < 19.1.5.1 - Author+ SQL Injection
The plugins do not escape the cgid POST parameter before concatenating it to an SQL query in 0change-gallery.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database. POST /wp-admin/admin-ajax.php?page=/index.php&editgallery=1&wpmad...
Microsoft Edge (Chromium) < 108.0.1462.41 Multiple Vulnerabilities
The version of Microsoft Edge installed on the remote Windows host is prior to 108.0.1462.41. It is, therefore, affected by multiple vulnerabilities as referenced in the December 5, 2022 advisory. - Type confusion in V8 in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to...
CVE-2022-4188
Insufficient validation of untrusted input in CORS in Google Chrome on Android prior to 108.0.5359.71 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...
DEBIAN-CVE-2022-4188
Insufficient validation of untrusted input in CORS in Google Chrome on Android prior to 108.0.5359.71 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...
CVE-2022-4188
Insufficient validation of untrusted input in CORS in Google Chrome on Android prior to 108.0.5359.71 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...
CVE-2022-4188
Insufficient validation of untrusted input in CORS in Google Chrome on Android prior to 108.0.5359.71 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...
Input validation
Insufficient validation of untrusted input in CORS in Google Chrome on Android prior to 108.0.5359.71 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...