Lucene search
K

6987 matches found

Tenable Nessus
Tenable Nessus
added 2014/10/15 12:0 a.m.23 views

Firefox < 33.0 Multiple Vulnerabilities (Mac OS X)

The version of Firefox installed on the remote Mac OS X host is a version prior to 33.0. It is, therefore, affected by the following vulnerabilities : - Multiple memory safety flaws exist within the browser engine. Exploiting these, an attacker can cause a denial of service or execute arbitrary...

7.5CVSS7.4AI score0.0527EPSS
Exploits1References21
Tenable Nessus
Tenable Nessus
added 2014/10/15 12:0 a.m.14 views

Android Browser in Android < 4.4 Same Origin Policy Bypass

Binary data 8543.prm...

5.8CVSS7.3AI score0.18278EPSS
Exploits7References6
UbuntuCve
UbuntuCve
added 2014/10/14 12:0 a.m.26 views

CVE-2014-1583

The Alarm API in Mozilla Firefox before 33.0 and Firefox ESR 31.x before 31.2 does not properly restrict toJSON calls, which allows remote attackers to bypass the Same Origin Policy via crafted API calls that access sensitive information within the JSON data of an alarm...

5CVSS6.9AI score0.0281EPSS
Exploits0References3
Mozilla
Mozilla
added 2014/10/14 12:0 a.m.38 views

Accessing cross-origin objects via the Alarms API — Mozilla

Mozilla developer Boris Zbarsky reported that a malicious app could use the AlarmAPI to read the values of cross-origin references, such as an iframe's location object, as part of an alarm's JSON data. This allows a malicious app to bypass same-origin policy...

5CVSS8.8AI score0.0281EPSS
Exploits0References3Affected Software2
OSV
OSV
added 2014/10/14 12:0 a.m.3 views

UBUNTU-CVE-2014-1583

The Alarm API in Mozilla Firefox before 33.0 and Firefox ESR 31.x before 31.2 does not properly restrict toJSON calls, which allows remote attackers to bypass the Same Origin Policy via crafted API calls that access sensitive information within the JSON data of an alarm...

5CVSS6.9AI score0.0281EPSS
Exploits0References4
ThreatPost
ThreatPost
added 2014/10/02 10:49 a.m.13 views

Second Same-Origin Policy Bypass Flaw Haunts Android Browser

There is another same-origin policy bypass vulnerability in the Android browser in versions prior to 4.4 that allows an attacker to steal data from a user’s browser. Google has fixed the vulnerability in some versions of Android, but millions of users of older versions are still affected. The...

7.3AI score
Exploits0References2
OpenVAS
OpenVAS
added 2014/10/01 12:0 a.m.32 views

Debian Security Advisory DSA 3039-1 (chromium-browser - security update)

Several vulnerabilities were discovered in the chromium web browser. CVE-2014-3160 Christian Schneider discovered a same origin bypass issue in SVG file resource fetching. CVE-2014-3162 The Google Chrome development team addressed multiple issues with potential security impact for chromium...

10CVSS1.1AI score0.09758EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2014/09/30 12:0 a.m.42 views

Debian DSA-3039-1 : chromium-browser - security update

Several vulnerabilities were discovered in the chromium web browser. - CVE-2014-3160 Christian Schneider discovered a same origin bypass issue in SVG file resource fetching. - CVE-2014-3162 The Google Chrome development team addressed multiple issues with potential security impact for chromium...

10CVSS9.1AI score0.09758EPSS
Exploits0References36
Debian
Debian
added 2014/09/28 6:48 p.m.38 views

[SECURITY] [DSA 3039-1] chromium-browser security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3039-1 [email protected] http://www.debian.org/security/ Michael Gilbert September 28, 2014 http://www.debian.org/security/faq -...

10CVSS7.8AI score0.09758EPSS
Exploits0
OSV
OSV
added 2014/09/28 12:0 a.m.29 views

DSA-3039-1 chromium-browser - security update

Bulletin has no description...

10CVSS9.6AI score0.09758EPSS
Exploits0
NVD
NVD
added 2014/09/26 10:55 a.m.16 views

CVE-2014-5318

The jigbrowser+ application 1.8.1 and earlier for iOS allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code...

5.8CVSS6.4AI score0.01282EPSS
Exploits0References4
Prion
Prion
added 2014/09/26 10:55 a.m.11 views

Code injection

The jigbrowser+ application 1.8.1 and earlier for iOS allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code...

5.8CVSS6.9AI score0.01282EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2014/09/26 10:0 a.m.19 views

CVE-2014-5318

The jigbrowser+ application 1.8.1 and earlier for iOS allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code...

6.4AI score0.01282EPSS
Exploits0References4
CVE
CVE
added 2014/09/26 10:0 a.m.33 views

CVE-2014-5318

The CVE-2014-5318 issue affects jigbrowser+ for iOS (versions 1.8.1 and earlier). A flaw in how the app loads web pages allows remote attackers to bypass the Same Origin Policy by injecting crafted JavaScript, enabling access to data across different domains. Affected component: the iOS web loadi...

5.8CVSS6.6AI score0.01282EPSS
Exploits0References4Affected Software1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2014/09/25 5:52 a.m.1 views

jigbrowser+ for iOS same origin policy bypass

Overview jigbrowser+ for iOS contains a flaw in loading web pages, which may allow an attacker to bypass the same origin policy. Toshiharu Sugiyama of DeNA Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

5.8CVSS6.3AI score0.01282EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2014/09/25 12:0 a.m.35 views

JVN#80531230: jigbrowser+ for iOS same origin policy bypass

jigbrowser+ for iOS contains a flaw in loading web pages, which may allow an attacker to bypass the same origin policy. Impact By using JavaScript, an attacker may obtain sensitive data from a different domain in violation of the same origin policy. Solution Update the Software Update to the late...

5.8CVSS5.9AI score0.01282EPSS
Exploits0
Mageia
Mageia
added 2014/09/22 8:31 a.m.43 views

Updated flash-player-plugin packages fix multiple security vulnerabilities

Adobe Flash Player 11.2.202.406 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update resolves memory leakage vulnerabilities that could be used to bypass memory address...

10CVSS9.1AI score0.84178EPSS
Exploits7References2
Check Point Advisories
Check Point Advisories
added 2014/09/22 12:0 a.m.7 views

Google Android Browser Same Origin Policy Bypass (CVE-2014-6041)

A security bypass vulnerability has been reported in Google Android's stock browser. Attackers can exploit this issue to bypass the same-origin policy and certain access restrictions to access data, or execute arbitrary script code in the browser of an unsuspecting user in the context of another...

5.8CVSS5.2AI score0.18278EPSS
Exploits7
myhack58
myhack58
added 2014/09/20 12:0 a.m.20 views

Android browser serious bug affecting half of Android users-vulnerability warning-the black bar safety net

Open source Android browser is found a affect half of Android users of a serious bug, which could allow a malicious web site injection JS script to access other site content, such as read passwords and cookies and other sensitive data. The browser will usually be designed to prevent a site script...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2014/09/16 3:21 p.m.39 views

New Android Browser Vulnerability Is a “Privacy Disaster” for 70% Of Android Users

A Serious vulnerability has been discovered in the Web browser installed by default on a large number Approximately 70% of Android devices, that could allow an attacker to hijack users' open websites, and there is now a Metasploit module available to easily exploit this dangerous flaw. The exploi...

5.8CVSS8.4AI score0.18278EPSS
Exploits7
Rows per page
Query Builder