6926 matches found
Design/Logic Flaw
The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in the HTML parser in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy via a crafted HTML document with an IFRAME element...
CVE-2015-1235
The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in the HTML parser in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy via a crafted HTML document with an IFRAME element...
Design/Logic Flaw
The MediaElementAudioSourceNode::process function in modules/webaudio/MediaElementAudioSourceNode.cpp in the Web Audio API implementation in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy and obtain sensitive audio sample values via a...
CVE-2015-1235
CVE-2015-1235 affects the Blink HTML parser: ContainerNode::parserRemoveChild in core/dom/ContainerNode.cpp allows a Same Origin Policy bypass via a crafted HTML document with an IFRAME in Chrome before 42.0.2311.90. The vulnerability stems from the HTML parser logic in Blink, enabling cross-orig...
CVE-2015-1236
The CVE-2015-1236 entry refers to a Chrome/Blink vulnerability in the Web Audio API: MediaElementAudioSourceNode::process in Blink’s Web Audio implementation allows a remote site with a media element to bypass Same Origin Policy and access sensitive audio samples. Impact data from the sources con...
CVE-2015-1236
The MediaElementAudioSourceNode::process function in modules/webaudio/MediaElementAudioSourceNode.cpp in the Web Audio API implementation in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy and obtain sensitive audio sample values via a...
CVE-2015-1235
The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in the HTML parser in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy via a crafted HTML document with an IFRAME element...
CVE-2015-1235
Removed by vendor...
CVE-2015-1236
Removed by vendor...
UBUNTU-CVE-2015-1236
The MediaElementAudioSourceNode::process function in modules/webaudio/MediaElementAudioSourceNode.cpp in the Web Audio API implementation in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy and obtain sensitive audio sample values via a...
CVE-2015-1235
The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in the HTML parser in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy via a crafted HTML document with an IFRAME element...
CVE-2015-1236
The MediaElementAudioSourceNode::process function in modules/webaudio/MediaElementAudioSourceNode.cpp in the Web Audio API implementation in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy and obtain sensitive audio sample values via a...
UBUNTU-CVE-2015-1235
The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in the HTML parser in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy via a crafted HTML document with an IFRAME element...
chromium-browser: Cross-origin-bypass in Blink
The MediaElementAudioSourceNode::process function in modules/webaudio/MediaElementAudioSourceNode.cpp in the Web Audio API implementation in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy and obtain sensitive audio sample values via a...
Microsoft Windows MSXML3 Same Origin Policy SFB Vulnerability
Microsoft XML Core Services MSXML is a set of services that can be used to build XML-based Windows-native applications written in JScript, VBScript, and Microsoft development tools. A same-origin policy security feature bypass vulnerability exists in Microsoft XML Core Services MSXML. This...
Microsoft Windows XML Core Services Security Feature Bypass Vulnerability (3046482)
This host is missing an important security update according to Microsoft Bulletin MS15-039. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
CVE-2015-1646
Microsoft XML Core Services aka MSXML 3.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted DTD, aka "MSXML3 Same Origin Policy SFB Vulnerability."...
Design/Logic Flaw
Microsoft XML Core Services aka MSXML 3.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted DTD, aka "MSXML3 Same Origin Policy SFB Vulnerability."...
CVE-2015-1646
CVE-2015-1646 affects Microsoft XML Core Services (MSXML) 3.0. The vulnerability is a same-origin policy security bypass in MSXML3 that can allow remote attackers to obtain sensitive information via a crafted DTD. Multiple sources (NVD entry and vulnerability repositories) describe the issue and ...
CVE-2015-1646
Microsoft XML Core Services aka MSXML 3.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted DTD, aka "MSXML3 Same Origin Policy SFB Vulnerability."...