Lucene search
K

362 matches found

OSV
OSV
added 2020/04/07 12:0 a.m.2 views

UBUNTU-CVE-2020-6824

Initially, a user opens a Private Browsing Window and generates a password for a site, then closes the Private Browsing Window but leaves Firefox open. Subsequently, if the user had opened a new Private Browsing Window, revisited the same site, and generated a new password - the generated passwor...

2.8CVSS6.7AI score0.00273EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2020/03/25 12:0 a.m.40 views

Fedora 31 : webkit2gtk3 (2020-f25793aac4)

Update to WebKitGTK 2.28.0. - Add API to enable Process Swap on Cross-site Navigation. - Add user messages API for the communication with the web extension. - Add support for same-site cookies. - Service workers are enabled by default. - Add support for Pointer Lock API. - Add flatpak sandbox...

9.8CVSS6.7AI score0.04987EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2020/03/20 12:0 a.m.36 views

Fedora 30 : webkit2gtk3 (2020-f3fa778924)

Update to WebKitGTK 2.28.0. - Add API to enable Process Swap on Cross-site Navigation. - Add user messages API for the communication with the web extension. - Add support for same-site cookies. - Service workers are enabled by default. - Add support for Pointer Lock API. - Add flatpak sandbox...

9.8CVSS6.7AI score0.04987EPSS
Exploits0References2
Microsoft KB
Microsoft KB
added 2020/01/27 12:0 a.m.6 views

December 10, 2019-KB4532999 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1709

December 10, 2019-KB4532999 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1709 Release Date: December 10, 2019 Version: .NET Framework 4.8 The December 10, 2019 update for Windows 10 Version 1709 includes cumulative reliability improvements in .NET 4.8. We recommend that you app...

6.8AI score
Exploits0
Microsoft KB
Microsoft KB
added 2020/01/27 12:0 a.m.11 views

December 10, 2019-KB4532998 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1703

December 10, 2019-KB4532998 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1703 Release Date: December 10, 2019 Version: .NET Framework 4.8 The December 10, 2019 update for Windows 10 Version 1703 includes cumulative reliability improvements in .NET 4.8. We recommend that you app...

6.8AI score
Exploits0
Microsoft KB
Microsoft KB
added 2020/01/27 12:0 a.m.9 views

December 10, 2019-KB4532997 Cumulative Update for .NET Framework 4.8 for Windows 10 version 1607 and Windows Server 2016

December 10, 2019-KB4532997 Cumulative Update for .NET Framework 4.8 for Windows 10 version 1607 and Windows Server 2016 Release Date: December 10, 2019 Version: .NET Framework 4.8 The December 10, 2019 update for Windows 10 version 1607 and Windows Server 2016 includes cumulative reliability...

6.8AI score
Exploits0
Hacker One
Hacker One
added 2020/01/11 3:52 a.m.176 views

DRIVE.NET, Inc.: Same site Scripting

Same site scripting I have found an error of some misconfigured DNS in a subdomain of yours which causes same site scripting. PoC 1 Open a terminal and type ping localhost.drive2.ru You would see that it resolves back to 127.0.0.1 A screenshot has been attached Impact This may cause security issu...

6.8AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2019/12/03 12:0 a.m.4 views

The vulnerability of the Firefox browser’s Reader View function, which allows a hacker to execute arbitrary code.

The vulnerability of the Firefox Browser’s Reader View function is related to errors in processing cookie files with the SameSite attribute. Exploiting this vulnerability can allow a remote attacker to execute arbitrary code...

10CVSS7.9AI score0.01126EPSS
Exploits0References7Affected Software3
RedHat Linux
RedHat Linux
added 2019/10/29 9:30 a.m.2 views

chromium-browser: SameSite cookie bypass

Insufficient policy enforcement in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

7.4CVSS7.4AI score0.00877EPSS
Exploits0References5
CNVD
CNVD
added 2019/03/13 12:0 a.m.2 views

Microsoft Edge and Microsoft Internet Explorer Security Bypass Vulnerability

Microsoft Edge and Microsoft Internet Explorer IE are both products of Microsoft Corporation.Microsoft Edge is a web browser that comes with Windows 10 and later.Microsoft Internet Explorer is a web browser that comes with Windows operating systems. Microsoft Edge is a web browser that comes with...

4.3CVSS6.7AI score0.04499EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2019/03/12 7:0 a.m.20 views

Microsoft Browsers Security Feature Bypass Vulnerability

A security feature bypass vulnerability exists when Microsoft browsers improperly handle requests of different origins. The vulnerability allows Microsoft browsers to bypass Same-Site cookie restrictions, and to allow requests that should otherwise be ignored. An attacker who successfully exploit...

4.3CVSS2.8AI score0.04499EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2019/03/12 12:0 a.m.79 views

KB4489885: Windows 7 and Windows Server 2008 R2 March 2019 Security Update

The remote Windows host is missing security update 4489885 or cumulative update 4489878. It is, therefore, affected by multiple vulnerabilities : - An elevation of privilege vulnerability exists in Active Directory Forest trusts due to a default setting that lets an attacker in the trusting fores...

9.3CVSS8.1AI score0.53298EPSS
Exploits11References35
Tenable Nessus
Tenable Nessus
added 2019/03/12 12:0 a.m.49 views

KB4489883: Windows 8.1 and Windows Server 2012 R2 March 2019 Security Update

The remote Windows host is missing security update 4489883 or cumulative update 4489881. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully...

9.3CVSS8.1AI score0.34209EPSS
Exploits1References33
OSV
OSV
added 2019/02/28 6:29 p.m.4 views

CVE-2018-12402

The internal WebBrowserPersist code does not use correct origin context for a resource being saved. This manifests when sub-resources are loaded as part of "Save Page As..." functionality. For example, a malicious page could recover a visitor's Windows username and NTLM hash by including resource...

6.5CVSS7.4AI score0.01406EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2018/12/10 10:34 a.m.3 views

chromium-browser: Insufficient policy enforcement in Navigation

Lack of proper validation of ancestor frames site when sending lax cookies in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass SameSite cookie policy via a crafted HTML page...

6.5CVSS7.3AI score0.0255EPSS
Exploits0References5
OSV
OSV
added 2018/10/18 1:29 p.m.1 views

CVE-2018-12370

In Reader View SameSite cookie protections are not checked on exiting. This allows for a payload to be triggered when Reader View is exited if loaded by a malicious site while Reader mode is active, bypassing CSRF protections. This vulnerability affects Firefox 61...

8.8CVSS7.1AI score
Exploits0References5
FreeBSD
FreeBSD
added 2018/06/26 12:0 a.m.51 views

mozilla -- multiple vulnerabilities

Mozilla Foundation reports: CVE-2018-12359: Buffer overflow using computed size of canvas element CVE-2018-12360: Use-after-free when using focus CVE-2018-12361: Integer overflow in SwizzleData CVE-2018-12358: Same-origin bypass using service worker and redirection CVE-2018-12362: Integer overflo...

9.8CVSS1AI score0.04831EPSS
Exploits3References3
Hacker One
Hacker One
added 2018/06/05 5:29 a.m.174 views

Mail.ru: DNS Misconfiguration

Your localhost.mail.ru has address 127.0.0.1 and this may lead to "Same- Site" Scripting. Here is detailed description of this minor security issue by Tavis Ormandy: http://www.securityfocus.com/archive/1/486606/30/0/threaded I can also ping the localhost network from mail.ru, as in the image...

7.1AI score
Exploits0
NVD
NVD
added 2017/07/19 3:29 p.m.23 views

CVE-2016-6798

In the XSS Protection API module before 1.0.12 in Apache Sling, the method XSS.getValidXML uses an insecure SAX parser to validate the input string, which allows for XXE attacks in all scripts which use this method to validate user input, potentially allowing an attacker to read sensitive data on...

9.8CVSS9.1AI score0.03669EPSS
Exploits0References2
Hacker One
Hacker One
added 2016/11/29 10:37 a.m.26 views

U.S. Dept Of Defense: DNS Misconfiguration

Multiple reporters identified a DNS configuration issue in the defense.gov domain that could allow same-site scripting. Thanks to @myst404 for first reporting this, and to @atik-rahman and others for also reporting it...

2.6AI score
Exploits0
Rows per page
Query Builder