Lucene search
K

6987 matches found

Prion
Prion
added 2014/07/20 11:12 a.m.16 views

Design/Logic Flaw

The WebMediaPlayerAndroid::load function in content/renderer/media/android/webmediaplayerandroid.cc in Google Chrome before 36.0.1985.122 on Android does not properly interact with redirects, which allows remote attackers to bypass the Same Origin Policy via a crafted web site that hosts a video...

7.5CVSS6.6AI score0.00875EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2014/07/20 10:0 a.m.39 views

CVE-2014-3161

The CVE-2014-3161 entry corresponds to a vulnerability in Google Chrome for Android prior to 36.0.1985.122, where WebMediaPlayerAndroid::load did not properly handle redirects, allowing remote attackers to bypass the Same Origin Policy via a crafted site hosting a video stream. This is supported ...

7.5CVSS6.3AI score0.00875EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2014/07/20 10:0 a.m.91 views

CVE-2014-3160

CVE-2014-3160 affects Chromium/Blink: the ResourceFetcher::canRequest logic allowed subresource SVG requests to bypass Same Origin Policy. This is a remote-origin bypass via crafted SVG files in Chrome prior to 36.0.1985.125. Public advisories (Debian, openSUSE, Gentoo, Ubuntu) document the issue...

6.8CVSS5.9AI score0.01343EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2014/07/20 10:0 a.m.19 views

CVE-2014-3161

The WebMediaPlayerAndroid::load function in content/renderer/media/android/webmediaplayerandroid.cc in Google Chrome before 36.0.1985.122 on Android does not properly interact with redirects, which allows remote attackers to bypass the Same Origin Policy via a crafted web site that hosts a video...

6.1AI score0.00875EPSS
Exploits0References3
Cvelist
Cvelist
added 2014/07/20 10:0 a.m.25 views

CVE-2014-3160

The ResourceFetcher::canRequest function in core/fetch/ResourceFetcher.cpp in Blink, as used in Google Chrome before 36.0.1985.125, does not properly restrict subresource requests associated with SVG files, which allows remote attackers to bypass the Same Origin Policy via a crafted file...

5.8AI score0.01343EPSS
Exploits0References8
Debian CVE
Debian CVE
added 2014/07/20 10:0 a.m.28 views

CVE-2014-3160

Removed by vendor...

6.8CVSS9.4AI score0.01343EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2014/07/20 12:0 a.m.35 views

CVE-2014-3160

The ResourceFetcher::canRequest function in core/fetch/ResourceFetcher.cpp in Blink, as used in Google Chrome before 36.0.1985.125, does not properly restrict subresource requests associated with SVG files, which allows remote attackers to bypass the Same Origin Policy via a crafted file...

6.8CVSS7.2AI score0.01343EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2014/07/18 12:0 a.m.54 views

FreeBSD : chromium -- multiple vulnerabilities (3718833e-0d27-11e4-89db-000c6e25e3e9)

Google Chrome Releases reports : 26 security fixes in this release, including - 380885 Medium CVE-2014-3160: Same-Origin-Policy bypass in SVG. Credit to Christian Schneider. - 393765 CVE-2014-3162: Various fixes from internal audits, fuzzing and other initiatives. %NASLMINLEVEL 70300 C Tenable...

6.8CVSS8.2AI score0.01343EPSS
Exploits0References4
ThreatPost
ThreatPost
added 2014/07/17 12:38 p.m.13 views

Chrome for Android Update Patches URL Spoofing Bug

The latest update to Chrome on Android – pushed yesterday – fixes two bugs, including a critical flaw in the browser that could have let an attacker trick a user into visiting a malicious site. The problem, marked high priority by Google, was discovered by Japanese app developer Keita Haga. The...

1.8AI score
Exploits0References5
FreeBSD
FreeBSD
added 2014/07/16 12:0 a.m.32 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 26 security fixes in this release, including 380885 Medium CVE-2014-3160: Same-Origin-Policy bypass in SVG. Credit to Christian Schneider. 393765 CVE-2014-3162: Various fixes from internal audits, fuzzing and other initiatives...

6.8CVSS2.2AI score0.01343EPSS
Exploits0References1
Google Chrome Security Advisories
Google Chrome Security Advisories
added 2014/07/16 12:0 a.m.33 views

Stable Channel Update

The Chrome Team is excited to announce the promotion of Chrome 36 to the Stable channel for Windows, Mac and Linux. Chrome 36.0.1985.125 contains a number of fixes and improvements, including: Rich Notifications Improvements An Updated Incognito / Guest NTP design The addition of a Browser crash...

6.8CVSS9.6AI score0.01343EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2014/07/08 12:0 a.m.43 views

MS KB2974008: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer

The remote host is missing KB2974008. It is, therefore, affected by the following vulnerabilities : - A CSRF bypassing Same Origin Policy vulnerability exists that could leak potentially sensitive data. CVE-2014-4671 - Multiple unspecified errors exist that could allow unspecified security bypass...

7.5CVSS7.4AI score0.23024EPSS
Exploits4References6
Tenable Nessus
Tenable Nessus
added 2014/07/08 12:0 a.m.28 views

Flash Player for Mac <= 14.0.0.125 Multiple Vulnerabilities (APSB14-17)

According to its version, the instance of Flash Player installed on the remote Mac OS X host is equal or prior to 14.0.0.125. It is, therefore, affected by the following vulnerabilities : - A CSRF bypassing Same Origin Policy vulnerability exists that could leak potentially sensitive data...

7.5CVSS7.3AI score0.23024EPSS
Exploits4References5
Positive Technologies
Positive Technologies
added 2014/07/08 12:0 a.m.4 views

PT-2014-1372 · Adobe +4 · Flash Player +6

Name of the Vulnerable Software and Affected Versions: Adobe Flash Player versions prior to 13.0.0.231 Adobe Flash Player versions 14.x prior to 14.0.0.145 Adobe AIR versions prior to 14.0.0.137 Adobe AIR SDK versions prior to 14.0.0.137 Adobe AIR SDK & Compiler versions prior to 14.0.0.137 hapi...

7.5CVSS7.6AI score0.23024EPSS
Exploits4References50
Tenable Nessus
Tenable Nessus
added 2014/07/08 12:0 a.m.35 views

Adobe AIR <= AIR 14.0.0.110 Multiple Vulnerabilities (APSB14-17)

According to its version, the instance of Adobe AIR on the remote Windows host is equal or prior to 14.0.0.110. It is, therefore, affected by the following vulnerabilities : - A CSRF bypassing Same Origin Policy vulnerability exists that could leak potentially sensitive data. CVE-2014-4671 -...

0.2AI score0.23024EPSS
Exploits4References4
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.9 views

WebKit 'parent/top' Cross Domain Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/35441/info WebKit is prone to a cross-domain scripting vulnerability. A remote attacker can exploit this vulnerability to bypass the same-origin policy and obtain potentially sensitive information or launch spoofing attac...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.11 views

Mozilla Firefox <= 3.0.3 Internet Shortcut Same Origin Policy Violation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/31611/info Mozilla Firefox is prone to a vulnerability that allows attackers to violate the same-origin policy. This issue occurs because the application fails to properly enforce the same-origin policy when handling...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.17 views

WebKit JavaScript 'onload()' Event Cross Domain Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/35315/info WebKit is prone to a cross-domain scripting vulnerability because it fails to properly restrict the access of JavaScript code when loading new webpages. A remote attacker can exploit this vulnerability to bypas...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.14 views

Opera 5.12/6.0 Frame Location Same Origin Policy Circumvention Vulnerability

... Opera是一款由Opera Software开发和维护的WEB浏览器产品,可使用在Linux和Unix操作系统下,也可使用在Microsoft Windows操作系统下。 ... Opera在处理浏览器同源策略时存在漏洞,可导致远程攻击者在用户浏览器不同的帧中执行脚本代码。 ... Opera允许Javascript修改包含在文档中IFRAME或者FRAME的Location属性,如果一IFRAME或者FRAME的Location设置JavaScript:...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.13 views

Microsoft Internet Explorer 5 Dialog Same Origin Policy Bypass Variant Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5561/info Microsoft Internet Explorer includes support for dialog windows through script calls to the two functions showModalDialog and showModelessDialog. These functions accept a URL location for the dialog content, and...

7.1AI score
Exploits0
Rows per page
Query Builder