UBUNTU-CVE-2022-45410

When a ServiceWorker intercepted a request with FetchEvent, the origin of the request was lost after the ServiceWorker took ownership of it. This had the effect of negating SameSite cookie protections. This was addressed in the spec and then in browsers. This vulnerability affects Firefox ESR...

kernel: netfilter: nf_tables: do not allow CHAIN_ID to refer to another table

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: do not allow CHAINID to refer to another table When doing lookups for chains on the same batch by using its ID, a chain from a different table can be used. If a rule is added to a table but refers to a chain ...

PYSEC-2022-43055

Hyperledger Fabric 2.3 allows attackers to cause a denial of service orderer crash by repeatedly sending a crafted channel tx with the same Channel name. NOTE: the official Fabric with Raft prevents exploitation via a locking mechanism and a check for names that already exist...

Hyperledger Fabric 资源管理错误漏洞

Hyperledger Fabric is an enterprise licensed distributed ledger framework. It is used to develop solutions and applications. A security vulnerability exists in Hyperledger Fabric version 2.3 that stems from the fact that it allows an attacker to cause a denial of service by repeatedly sending a...

UBUNTU-CVE-2022-3866

HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 workload identity token can list non-sensitive metadata for paths under nomad/ that belong to other jobs in the same namespace. Fixed in 1.4.2...

HashiCorp Nomad 安全漏洞

HashiCorp Nomad is a simple and flexible scheduler and orchestrator from HashiCorp USA. for managing containerized and non-containerized applications at scale, both locally and in the cloud. A security vulnerability exists in HashiCorp Nomad and Nomad Enterprise versions 1.4.0 through 1.4.1, whic...

PT-2022-24509 · Hashicorp · Nomad Enterprise +1

Name of the Vulnerable Software and Affected Versions: HashiCorp Nomad and Nomad Enterprise versions 1.4.0 through 1.4.1 Description: The issue allows a workload identity token to list non-sensitive metadata for paths under nomad/ that belong to other jobs in the same namespace. Recommendations:...

CSRF on SSL certificates deletion

📜 Description Cross-site request forgery also known as CSRF is a web security vulnerability that allows an attacker to induce users to perform actions that they do not intend to perform using form submissions. It allows an attacker to partly circumvent the same origin policy, which is designed to...

OESA-2022-2040 curl security update

CURL is a computer software project providing a library libcurl and command-line tool curl for transferring data using various protocols. Security Fixes: A vulnerability was found in curl. The issue occurs when doing HTTPS transfers, where curl might erroneously use the read callback...

Denial Of Service (DoS)

firefox is vulnerable to denial of service. The vulnerability exists because same-origin policy violation which allows to an attacker to cause application crashes by providing a maliciously crafted input to the librarys...

CVE-2022-3310

Insufficient policy enforcement in custom tabs in Google Chrome on Android prior to 106.0.5249.62 allowed an attacker who convinced the user to install an application to bypass same origin policy via a crafted application. Chromium security severity: Medium...

DEBIAN-CVE-2022-3310

Insufficient policy enforcement in custom tabs in Google Chrome on Android prior to 106.0.5249.62 allowed an attacker who convinced the user to install an application to bypass same origin policy via a crafted application. Chromium security severity: Medium...

CVE-2022-3310

Insufficient policy enforcement in custom tabs in Google Chrome on Android prior to 106.0.5249.62 allowed an attacker who convinced the user to install an application to bypass same origin policy via a crafted application. Chromium security severity: Medium...

CVE-2022-3310

Insufficient policy enforcement in custom tabs in Google Chrome on Android prior to 106.0.5249.62 allowed an attacker who convinced the user to install an application to bypass same origin policy via a crafted application. Chromium security severity: Medium...

Design/Logic Flaw

Insufficient policy enforcement in custom tabs in Google Chrome on Android prior to 106.0.5249.62 allowed an attacker who convinced the user to install an application to bypass same origin policy via a crafted application. Chromium security severity: Medium...

UBUNTU-CVE-2022-3310

Insufficient policy enforcement in custom tabs in Google Chrome on Android prior to 106.0.5249.62 allowed an attacker who convinced the user to install an application to bypass same origin policy via a crafted application. Chromium security severity: Medium...

CVE-2022-3310

CVE-2022-3310 : Affects Google Chrome/Chromium. The issue is described as insufficient policy enforcement in Custom Tabs, enabling a crafted app installed by the user to bypass the same-origin policy. Root cause: policy enforcement gap in Custom Tabs. Impact stated across sources includes potenti...

CVE-2022-3310

Insufficient policy enforcement in custom tabs in Google Chrome on Android prior to 106.0.5249.62 allowed an attacker who convinced the user to install an application to bypass same origin policy via a crafted application. Chromium security severity: Medium...

PT-2022-7432 · Phpcas +4 · Phpcas +4

Name of the Vulnerable Software and Affected Versions: phpCAS versions prior to 1.6.0 Description: The phpCAS library uses HTTP headers to determine the service URL used to validate tickets, allowing an attacker to control the host header and use a valid ticket granted for any authorized service ...

CVE-2022-3310

Insufficient policy enforcement in custom tabs in Google Chrome on Android prior to 106.0.5249.62 allowed an attacker who convinced the user to install an application to bypass same origin policy via a crafted application. Chromium security severity: Medium...