8436 matches found
PT-2023-4137 · Google · Google Chrome
Name of the Vulnerable Software and Affected Versions: Google Chrome on Android versions prior to 109.0.5414.119 Description: The issue is related to insufficient policy enforcement in Intents, allowing a remote attacker to bypass the same origin policy via a crafted HTML page. This could...
Mozilla: URL being dragged from cross-origin iframe into same tab triggers navigation
The Mozilla Foundation Security Advisory describes this flaw as: Navigations were being allowed when dragging a URL from a cross-origin iframe into the same tab which could lead to website spoofing attacks...
Mozilla: URL being dragged from cross-origin iframe into same tab triggers navigation
The Mozilla Foundation Security Advisory describes this flaw as: Navigations were being allowed when dragging a URL from a cross-origin iframe into the same tab which could lead to website spoofing attacks...
Mozilla: URL being dragged from cross-origin iframe into same tab triggers navigation
The Mozilla Foundation Security Advisory describes this flaw as: Navigations were being allowed when dragging a URL from a cross-origin iframe into the same tab which could lead to website spoofing attacks...
Mozilla: URL being dragged from cross-origin iframe into same tab triggers navigation
The Mozilla Foundation Security Advisory describes this flaw as: Navigations were being allowed when dragging a URL from a cross-origin iframe into the same tab which could lead to website spoofing attacks...
Mozilla: URL being dragged from cross-origin iframe into same tab triggers navigation
The Mozilla Foundation Security Advisory describes this flaw as: Navigations were being allowed when dragging a URL from a cross-origin iframe into the same tab which could lead to website spoofing attacks...
curl: POST following PUT confusion
A vulnerability was found in curl. The issue occurs when doing HTTPS transfers, where curl might erroneously use the read callback CURLOPTREADFUNCTION to ask for data to send, even when the CURLOPTPOSTFIELDS option has been set if it previously used the same handle to issue a PUT request which us...
Mozilla: URL being dragged from cross-origin iframe into same tab triggers navigation
The Mozilla Foundation Security Advisory describes this flaw as: Navigations were being allowed when dragging a URL from a cross-origin iframe into the same tab which could lead to website spoofing attacks...
Mozilla: URL being dragged from cross-origin iframe into same tab triggers navigation
The Mozilla Foundation Security Advisory describes this flaw as: Navigations were being allowed when dragging a URL from a cross-origin iframe into the same tab which could lead to website spoofing attacks...
Mozilla: URL being dragged from cross-origin iframe into same tab triggers navigation
The Mozilla Foundation Security Advisory describes this flaw as: Navigations were being allowed when dragging a URL from a cross-origin iframe into the same tab which could lead to website spoofing attacks...
Mozilla: URL being dragged from cross-origin iframe into same tab triggers navigation
The Mozilla Foundation Security Advisory describes this flaw as: Navigations were being allowed when dragging a URL from a cross-origin iframe into the same tab which could lead to website spoofing attacks...
Mozilla: URL being dragged from cross-origin iframe into same tab triggers navigation
The Mozilla Foundation Security Advisory describes this flaw as: Navigations were being allowed when dragging a URL from a cross-origin iframe into the same tab which could lead to website spoofing attacks...
PT-2023-1227 · Vim +8 · Vim +8
Name of the Vulnerable Software and Affected Versions: Vim versions prior to 9.0.1225 Description: The issue is related to a heap-based buffer overflow in the Vim text editor, specifically affecting functions such as same leader and utfc ptr2len. This can allow an attacker to execute arbitrary co...
openSUSE 15 Security Update : php7 (SUSE-SU-2022:3830-1)
The remote openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3830-1 advisory. - CVE-2022-31628: Fixed an uncontrolled recursion in the phar uncompressor while decompressing 'quines' gzip files. bsc1203867 - CVE-2022-31629: Fixe...
New Microsoft Azure Vulnerability Uncovered — EmojiDeploy for RCE Attacks
A new critical remote code execution RCE flaw discovered impacting multiple services related to Microsoft Azure could be exploited by a malicious actor to completely take control of a targeted application. "The vulnerability is achieved through CSRF cross-site request forgery on the ubiquitous SC...
[SECURITY] [DLA 3274-1] webkit2gtk security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3274-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort January 19, 2023 https://wiki.debian.org/LTS -...
kubernetes: Unauthorized read of Custom Resources
A flaw was found in kubernetes. Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different kind in the same API group they are not authorized to read...
PT-2023-8517 · Pyload · Pyload
Name of the Vulnerable Software and Affected Versions: pyLoad versions prior to 0.5.0b3.dev78 Description: The issue is related to a Cross-Site Request Forgery CSRF attack. Since the session cookie is not set to SameSite: strict, this opens the library up to severe attack possibilities. Any API...
CVE-2023-23590
Mercedes-Benz XENTRY Retail Data Storage 7.8.1 allows remote attackers to cause a denial of service device restart via an unauthenticated API request. The attacker must be on the same network as the device...
GHSA-VHVQ-JH34-3FC8 Duplicate Advisory: Keycloak allows impersonation and lockout due to email trust not being handled correctly
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-c7xw-p58w-h6fj. This link is maintained to preserve external references. Original Description A flaw was found in Keycloak. This flaw allows impersonation and lockout due to the email trust not being handled...