Lucene search
K

6987 matches found

Cvelist
Cvelist
added 2014/05/14 10:0 a.m.21 views

CVE-2014-0516

Adobe Flash Player before 13.0.0.214 on Windows and OS X and before 11.2.202.359 on Linux, Adobe AIR SDK before 13.0.0.111, and Adobe AIR SDK & Compiler before 13.0.0.111 allow remote attackers to bypass the Same Origin Policy via unspecified vectors...

6.4AI score0.03912EPSS
Exploits0References5
CVE
CVE
added 2014/05/14 10:0 a.m.105 views

CVE-2014-0516

CVE-2014-0516 refers to a Same Origin Policy bypass in Adobe Flash Player and AIR SDK components. Publicly affected versions include Windows/macOS Flash Player prior to 13.0.0.214 and Linux prior to 11.2.202.359, as well as AIR SDK prior to 13.0.0.111 and AIR SDK & Compiler prior to 13.0.0.111. T...

7.5CVSS6.5AI score0.03912EPSS
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2014/05/14 12:0 a.m.44 views

Google Chrome < 34.0.1847.137 Multiple Vulnerabilities (Mac OS X)

The version of Google Chrome installed on the remote Mac OS X host is a version prior to 34.0.1847.137. It is, therefore, affected by the following vulnerabilities : - A use-after-free error exists in the included Flash version that could lead to arbitrary code execution. CVE-2014-0510 - An...

10CVSS8.9AI score0.08486EPSS
Exploits2References11
Tenable Nessus
Tenable Nessus
added 2014/05/14 12:0 a.m.35 views

Adobe AIR <= AIR 13.0.0.83 Multiple Vulnerabilities (APSB14-14)

According to its version, the instance of Adobe AIR on the remote Windows host is 13.0.0.83 or earlier. It is, therefore, potentially affected by the following vulnerabilities : - An unspecified use-after-free vulnerability exists that could allow for the execution of arbitrary code. CVE-2014-051...

10CVSS6AI score0.08486EPSS
Exploits2References8
Tenable Nessus
Tenable Nessus
added 2014/05/14 12:0 a.m.27 views

Flash Player <= 13.0.0.206 Multiple Vulnerabilities (APSB14-14)

According to its version, the instance of Flash Player installed on the remote Windows host is equal or prior to 13.0.0.206. It is, therefore, potentially affected by the following vulnerabilities : - An unspecified use-after-free vulnerability exists that could allow for the execution of arbitra...

10CVSS6AI score0.08486EPSS
Exploits2References9
Tenable Nessus
Tenable Nessus
added 2014/05/14 12:0 a.m.33 views

Flash Player for Mac <= 13.0.0.206 Multiple Vulnerabilities (APSB14-14)

According to its version, the instance of Flash Player installed on the remote Mac OS X host is equal or prior to 13.0.0.206. It is, therefore, potentially affected by the following vulnerabilities : - An unspecified use-after-free vulnerability exists that could allow for the execution of...

10CVSS6AI score0.08486EPSS
Exploits2References8
Tenable Nessus
Tenable Nessus
added 2014/05/14 12:0 a.m.38 views

Adobe AIR for Mac <= 13.0.0.83 Multiple Vulnerabilities (APSB14-14)

According to its version, the instance of Adobe AIR on the remote Mac OS X host is 13.0.0.83 or earlier. It is, therefore, potentially affected by the following vulnerabilities : - An unspecified use-after-free vulnerability exists that could allow for the execution of arbitrary code. CVE-2014-05...

10CVSS6.1AI score0.08486EPSS
Exploits2References8
Tenable Nessus
Tenable Nessus
added 2014/05/14 12:0 a.m.45 views

MS KB2957151: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer

The remote host is missing KB2957151. It is, therefore, affected by multiple vulnerabilities : - An unspecified use-after-free vulnerability exists that could allow for the execution of arbitrary code. CVE-2014-0510 - An unspecified vulnerability exists that could be used to bypass the same origi...

10CVSS6AI score0.08486EPSS
Exploits2References10
Tenable Nessus
Tenable Nessus
added 2014/05/05 12:0 a.m.34 views

GLSA-201405-04 : Adobe Flash Player: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201405-04 Adobe Flash Player: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a...

10CVSS6.8AI score0.94569EPSS
Exploits17References11
Hacker One
Hacker One
added 2014/04/29 11:54 p.m.26 views

Internet Bug Bounty: Bypassing Same Origin Policy With JSONP APIs and Flash

Overview ======== This is a new type of web vulnerability that is made possible by two seemingly unrelated things: - the way JSONP APIs work - the way Flash handles malformed SWF files and has an effect and limitations similar to XSS flaws: - the user has to visit a website set up by the attacker...

6.2AI score
Exploits0
securityvulns
securityvulns
added 2014/04/21 12:0 a.m.91 views

[SECURITY] [DSA 2905-1] chromium-browser security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2905-1 [email protected] http://www.debian.org/security/ Michael Gilbert April 15, 2014 http://www.debian.org/security/faq -...

7.5CVSS1.6AI score0.01934EPSS
Exploits10
Hacker One
Hacker One
added 2014/04/18 3:31 a.m.18 views

Respondly: x-frame options-sameorigin warning

As the x-frame options set to same-origin it still may be vulnerable to clickjacking attacks how? by using this code Better explanation: http://www.skeletonscribe.net/2012/06/x-frame-options-sameorigin-warning.html...

0.8AI score
Exploits0
Hacker One
Hacker One
added 2014/04/17 6:17 p.m.27 views

Localize: ClickJacking

It allows remote attackers to do some clickjacking which can be used for adding arbitrary tasks . Why? Almost all of your page has missing X-FRAME-OPTIONS header. Websites are at risk of a clickjacking attack when they allow content to be embedded within a frame. An attacker may use this risk to...

3.9AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2014/04/17 12:0 a.m.29 views

Debian DSA-2905-1 : chromium-browser - security update

Several vulnerabilities were discovered in the chromium web browser. - CVE-2014-1716 A cross-site scripting issue was discovered in the v8 JavaScript library. - CVE-2014-1717 An out-of-bounds read issue was discovered in the v8 JavaScript library. - CVE-2014-1718 Aaron Staple discovered an intege...

7.5CVSS8AI score0.01934EPSS
Exploits10References30
Debian
Debian
added 2014/04/16 1:22 a.m.34 views

[SECURITY] [DSA 2905-1] chromium-browser security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2905-1 [email protected] http://www.debian.org/security/ Michael Gilbert April 15, 2014 http://www.debian.org/security/faq -...

7.5CVSS1.2AI score0.01934EPSS
Exploits10
Check Point Advisories
Check Point Advisories
added 2014/04/16 12:0 a.m.2 views

Internet Explorer Cross Domain Document Switching (MS09-019) - Ver2 (CVE-2007-3091)

Microsoft Internet Explorer is the most widely used Internet browser. An information disclosure vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to a script that can create a race condition that could break the same-origin policy of Internet Explorer and re...

7.1CVSS5.5AI score0.27748EPSS
Exploits0
OSV
OSV
added 2014/04/15 12:0 a.m.27 views

DSA-2905-1 chromium-browser - security update

Bulletin has no description...

7.5CVSS9.5AI score0.01934EPSS
Exploits10
seebug.org
seebug.org
added 2014/04/11 12:0 a.m.45 views

Google Chrome拖处理本地文件路径伪造跨域绕过漏洞

CVE ID:CVE-2014-1726 Google Chrome是一款流行的WEB浏览器。 Google Chrome处理拖操作存在一个未明安全漏洞,可导致伪造本地文件路径,绕过同源策略。 0 Google Chrome 33.0.1750.154 Google Chrome 33.0.1750.152 Google Chrome 34.0.1847.116版本已修复该漏洞,建议用户下载使用: https://www.google.com/chrome/...

4.3CVSS0.3AI score0.01405EPSS
Exploits1
NVD
NVD
added 2014/04/09 10:57 a.m.20 views

CVE-2014-1726

The drag implementation in Google Chrome before 34.0.1847.116 allows user-assisted remote attackers to bypass the Same Origin Policy and forge local pathnames by leveraging renderer access...

4.3CVSS5.8AI score0.01405EPSS
Exploits1References6
Prion
Prion
added 2014/04/09 10:57 a.m.20 views

Design/Logic Flaw

The drag implementation in Google Chrome before 34.0.1847.116 allows user-assisted remote attackers to bypass the Same Origin Policy and forge local pathnames by leveraging renderer access...

4.3CVSS6.5AI score0.01405EPSS
Exploits1References6Affected Software1
Rows per page
Query Builder