8410 matches found
CVE-2017-7006
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct a timing side-channel attack to bypass the Same Origin Policy and...
UBUNTU-CVE-2017-7006
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct a timing side-channel attack to bypass the Same Origin Policy and...
CVE-2017-7006
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct a timing side-channel attack to bypass the Same Origin Policy and...
CVE-2017-7006
CVE-2017-7006 affects Apple WebKit components used in iOS, Safari, and tvOS prior to patches (iOS 10.3.3, Safari 10.1.2, tvOS 10.2.2). The issue is a timing side-channel vulnerability that allows a remote attacker to bypass the Same Origin Policy and exfiltrate cross-origin data via a crafted web...
CVE-2016-6798
In the XSS Protection API module before 1.0.12 in Apache Sling, the method XSS.getValidXML uses an insecure SAX parser to validate the input string, which allows for XXE attacks in all scripts which use this method to validate user input, potentially allowing an attacker to read sensitive data on...
CVE-2017-1183
IBM Tivoli Monitoring Portal v6 could allow a local network adjacent attacker to modify SQL commands to the Portal Server, when default client-server communications, HTTP, are being used. IBM X-Force ID: 123494...
Microsoft Edge Security Bypass Vulnerability (CNVD-2017-14644)
Microsoft Edge is the web browser built into the Windows 10 version. Microsoft Edge fails to properly apply the same-origin policy to HTML elements within other browsers and is vulnerable to a remote security feature bypass vulnerability in its implementation. An attacker could exploit the...
CVE-2017-10600
ubuntu-image 1.0 before 2017-07-07, when invoked as non-root, creates files in the resulting image with the uid of the invoking user. When the resulting image is booted, a local attacker with the same uid as the image creator has unintended access to cloud-init and snapd directories...
Microsoft Edge Security Feature Bypass Vulnerability
A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins. The vulnerability allows Microsoft Edge to bypass Same-Origin Policy SOP restrictions, and to allow requests that should otherwise be ignored. An attacker who successfully exploite...
Same-Origin Policy Bypass
github.com/shopify/toxiproxy is vulnerable to same-origin policy bypass. A malicious user can use the library to bypass web browsers same origin policy and obtain sensitive information...
Mail.ru: XSS bypass Script execute,Read any file,execute any javascript code--UXSS
Mail attachment XSS bypass vulnerability--UXSS Vulnerability impact: Mail.Ru Mail for iOS MyMail for iOS explain: Mail app supports HTML attachments, however,Cannot execute javascript. for example alert/xss/ These statements can not be executed in the html attachments...LOL However, the addition ...
CVE-2017-8449
X-Pack Security 5.2.x would allow access to more fields than the user should have seen if the field level security rules used a mix of grant and exclude rules when merging multiple rules with field level security rules for the same index...
CVE-2017-8523
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page with malicious content when Microsoft Edge fails to correctly apply Same Origin Policy for HTML elements present in other browser windows, aka "Microso...
Security feature bypass
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page with malicious content when Microsoft Edge fails to correctly apply Same Origin Policy for HTML elements present in other browser windows, aka "Microso...
Security feature bypass
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page with malicious content when Microsoft Edge does not properly enforce same-origin policies, aka "Microsoft Edge Security Feature Bypass Vulnerability"...
CVE-2017-8523
Technical details (affected products, vulnerable components, impact, or fixes) for CVE-2017-8523 are not provided in the connected documents. Monitor for updates from official advisories.
Mozilla Fixes 32 Vulnerabilities in Firefox 54
Mozilla fixed 32 vulnerabilities, including a critical bug that could have resulted in a crash, with the release Tuesday of Firefox 54, the latest version of its flagship browser. The critical bug, a use-after-free vulnerability, was dug up by longtime bug hunter Nils. The vulnerability...
Microsoft Edge Security Feature Bypass Vulnerability
A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins. The vulnerability allows Microsoft Edge to bypass Same-Origin Policy SOP restrictions, and to allow requests that should otherwise be ignored. An attacker who successfully exploite...
Microsoft Edge Security Feature Bypass Vulnerability
A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins. The vulnerability allows Microsoft Edge to bypass Same-Origin Policy SOP restrictions, and to allow requests that should otherwise be ignored. An attacker who successfully exploite...
Security vulnerabilities fixed in Firefox 54 — Mozilla
A use-after-free vulnerability with the frameloader during tree reconstruction while regenerating CSS layout when attempting to use a node in the tree that no longer exists. This results in a potentially exploitable crash. A use-after-free vulnerability when using an incorrect URL during the...