UBUNTU-CVE-2018-6145

Insufficient data validation in HTML parser in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to bypass same origin policy via a crafted HTML page...

CVE-2019-5822

Inappropriate implementation in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass same origin policy via a crafted HTML page...

CVE-2019-5822

CVE-2019-5822 affects Google Chrome/Chromium Blink component; describes bypass of Cross‑Origin Resource Sharing (CORS) via a crafted HTML page, effectively bypassing same-origin policy. Affected scope includes Blink/CORS handling in Chrome prior to 74.0.3729.108. Public advisories (Debian DSA-450...

CVE-2019-5822

Inappropriate implementation in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass same origin policy via a crafted HTML page...

CVE-2019-5811

Incorrect handling of CORS in ServiceWorker in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass same origin policy via a crafted HTML page...

CVE-2019-5811

CVE-2019-5811 : In Chromium-based browsers, a Cross‑Origin Resource Sharing (CORS) bypass was discovered in Blink, allowing a crafted HTML page to bypass the same-origin policy via Service Worker semantics. The issue is associated with Chrome/Chromium builds prior to 74.0.3729.108. Impact is tied...

CVE-2019-5811

Incorrect handling of CORS in ServiceWorker in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass same origin policy via a crafted HTML page...

CVE-2018-6161

Insufficient policy enforcement in Blink in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to bypass same origin policy via a crafted HTML page...

CVE-2018-6145

Insufficient data validation in HTML parser in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to bypass same origin policy via a crafted HTML page...

CVE-2018-6161

CVE-2018-6161 affects Chromium/Google Chrome Blink WebAudio: a Same-Origin Policy bypass via a crafted HTML page was reported, with affected versions prior to 68.0.3440.75. Debian and FreeBSD security listings confirm the CVE and note the fix in 68.0.3440.75 (stretch) / updated package lines; no ...

CVE-2018-6161

Removed by vendor...

CVE-2018-6145

Removed by vendor...

CVE-2018-6145

Technical details about CVE-2018-6145 are not publicly available in the provided documents; monitor for updates.

CVE-2019-9701

DLP 15.5 MP1 and all prior versions may be susceptible to a cross-site scripting XSS vulnerability, a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls...

ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries

Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the gcryeccecdsasign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. T...

flash-plugin: Same origin policy bypass leading to information disclosure

Adobe Flash Player version 32.0.0.192 and earlier versions have a Same Origin Policy Bypass vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user...

RHEL 6 : flash-plugin (RHSA-2019:1476)

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:1476 advisory. The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to...

Critical Flaw Reported in Popular Evernote Extension for Chrome Users

Cybersecurity researchers discover a critical flaw in the popular Evernote Chrome extension that could have allowed hackers to hijack your browser and steal sensitive information from any website you accessed. Evernote is a popular service that helps people taking notes and organize their to-do...

Mozilla: Stealing of cross-domain images using canvas

Images from a different domain can be read using a canvas object in some circumstances. This could be used to steal image data from a different site in violation of same-origin policy. This vulnerability affects Thunderbird 60.7, Firefox 67, and Firefox ESR 60.7...

mozilla: Cross-origin theft of images with ImageBitmapRenderingContext

Cross-origin images can be read from a canvas element in violation of the same-origin policy using the transferFromImageBitmap method. Note: This only affects Firefox 65. Previous versions are unaffected.. This vulnerability affects Firefox 65.0.1...