8369 matches found
CVE-2015-1267
CVE-2015-1267 affects Blink in Google Chrome prior to 43.0.2357.130, where the creation context for a DOM wrapper was not properly restricted, enabling remote attackers to bypass the Same Origin Policy via crafted JavaScript using Blink public APIs (e.g., WebArrayBufferConverter.cpp, WebBlob.cpp,...
CVE-2015-1268
CVE-2015-1268 refers to Blink via bindings/scripts/v8_types.py in Chrome before 43.0.2357.130, where the creation context for a return value’s DOM wrapper was not correctly selected, enabling a remote attacker to bypass the Same Origin Policy through crafted JavaScript (e.g., data: URLs). Connect...
CVE-2015-1268
Removed by vendor...
CVE-2015-1267
Removed by vendor...
CVE-2015-1267
Blink, as used in Google Chrome before 43.0.2357.130, does not properly restrict the creation context during creation of a DOM wrapper, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code that uses a Blink public API, related to WebArrayBufferConverter.cpp,...
CVE-2015-1268
bindings/scripts/v8types.py in Blink, as used in Google Chrome before 43.0.2357.130, does not properly select a creation context for a return value's DOM wrapper, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code, as demonstrated by use of a data: URL...
UBUNTU-CVE-2015-1267
Blink, as used in Google Chrome before 43.0.2357.130, does not properly restrict the creation context during creation of a DOM wrapper, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code that uses a Blink public API, related to WebArrayBufferConverter.cpp,...
UBUNTU-CVE-2015-1268
bindings/scripts/v8types.py in Blink, as used in Google Chrome before 43.0.2357.130, does not properly select a creation context for a return value's DOM wrapper, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code, as demonstrated by use of a data: URL...
chromium-browser: Cross-origin bypass in Blink
bindings/scripts/v8types.py in Blink, as used in Google Chrome before 43.0.2357.130, does not properly select a creation context for a return value's DOM wrapper, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code, as demonstrated by use of a data: URL...
cURL and libcurl Information Disclosure Vulnerability
cURL/libcURL is a command line file transfer tool that supports FTP, FTPS, HTTP, HTTPS, GOPHER, TELNET, DICT, FILE and LDAP. When cURL and libcurl reuse the curleasyreset connection handle to send requests to the same hostname, they are accompanied by the HTTP Basic authentication credentials of...
DEBIAN-CVE-2015-3236
cURL and libcurl 7.40.0 through 7.42.1 send the HTTP Basic authentication credentials for a previous connection when reusing a reset curleasyreset connection handle to send a request to the same host name, which allows remote attackers to obtain sensitive information via unspecified vectors...
Google Chrome < 43.0.2357.124 Multiple Vulnerabilities
Binary data 8783.pasl...
Google Chrome < 43.0.2357.65 Multiple Vulnerabilities
Binary data 8782.pasl...
CSRF Vulnerability in jquery-ujs
In the scenario where an attacker might be able to control the href attribute of an anchor tag or the action attribute of a form tag that will trigger a POST action, the attacker can set the href or action to " https://attacker.com" note the leading space that will be passed to JQuery, who will s...
CSRF Vulnerability in jquery-rails
In the scenario where an attacker might be able to control the href attribute of an anchor tag or the action attribute of a form tag that will trigger a POST action, the attacker can set the href or action to " https://attacker.com" note the leading space that will be passed to JQuery, who will s...
Adobe Flash Player Multiple Vulnerabilities-01 (Jun 2015) - Windows
Adobe Flash Player is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:adobe:flashplayer";...
Adobe Air Multiple Vulnerabilities - 01 (Jun 2015) - Mac OS X
Adobe Air is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:adobe:adobeair"; ifdescription...
Security update for Adobe Flash Player (important)
Adobe Flash Player was updated to 11.2.202.466 to fix multiple security issues. The following vulnerabilities were fixed: CVE-2015-3096: bypass for CVE-2014-5333 CVE-2015-3098: vulnerabilities that could be exploited to bypass the same-origin-policy and lead to information disclosure CVE-2015-309...
flash-plugin: same-origin-policy bypass fixed in APSB15-11
Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe...
flash-plugin: same-origin-policy bypass fixed in APSB15-11
Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe...