Lucene search
K

135 matches found

Huntr
Huntr
added 2021/08/04 3:45 p.m.8 views

Cross-Site Request Forgery (CSRF) in hdinnovations/unit3d-community-edition

✍️ Description Attacker is able to change a user profile state to private if a logged in user visits attacker website. 🕵️‍♂️ Proof of Concept 1. when you logged in open this POC.html in a browser 2. you can check your profile state changed form public to private history.pushState'', '', '/'...

0.5AI score
Exploits0
Huntr
Huntr
added 2021/08/04 3:38 p.m.10 views

Cross-Site Request Forgery (CSRF) in hdinnovations/unit3d-community-edition

✍️ Description Attacker is able to disable a user notification if a logged in user visits attacker website. 🕵️‍♂️ Proof of Concept 1. when you logged in open this POC.html in a browser 2. you can check your notification is disabled history.pushState'', '', '/' document.forms0.submit; 💥 Impact This...

1.3AI score
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2021/02/10 5:56 p.m.22 views

Security Bulletin: IBM Security Verify Information Queue still supports older browsers that don't enforce CSRF token protections (CVE-2021-20403)

Summary The IBM Security Verify Information Queue ISIQ web application protects against cross-site request forgery CSRF attacks by using the SameSite cookie attribute. However, ISIQ's web browser requirements are not current enough to ensure that this cookie attribute gets consistently used. As o...

8.8CVSS0.7AI score0.00373EPSS
Exploits0Affected Software1
Microsoft KB
Microsoft KB
added 2020/03/10 7:0 a.m.38 views

Description of the security update for SharePoint Foundation 2013: March 10, 2020

Description of the security update for SharePoint Foundation 2013: March 10, 2020 Summary This security update resolves a vulnerability that occurs if SharePoint Server does not correctly sanitize a specially crafted request to an affected SharePoint server. To learn more about the vulnerability,...

5.4CVSS5.1AI score0.01546EPSS
Exploits0
Microsoft KB
Microsoft KB
added 2020/03/10 7:0 a.m.36 views

Description of the security update for SharePoint Foundation 2010: March 10, 2020

Description of the security update for SharePoint Foundation 2010: March 10, 2020 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see...

5.4CVSS5.9AI score0.01507EPSS
Exploits0
Microsoft KB
Microsoft KB
added 2020/03/10 7:0 a.m.409 views

Description of the security update for SharePoint Enterprise Server 2016: March 10, 2020

None None...

9.3CVSS6.7AI score0.11548EPSS
Exploits0
Packet Storm
Packet Storm
added 2020/02/21 12:0 a.m.139 views

D-Link DGS-1250 Header Injection

D-Link DGS-1250 header injection vulnerability ============================================== The latest version of this advisory is available at: https://sintonen.fi/advisories/d-link-dgs-1250-header-injection.txt Overview -------- D-Link DGS-1250 switch is susceptible to a header injection...

Exploits0
Microsoft KB
Microsoft KB
added 2020/02/11 8:0 a.m.36 views

Description of the security update for SharePoint Server 2019: February 11, 2020

None None...

5.4CVSS6.2AI score0.01592EPSS
Exploits0
Microsoft KB
Microsoft KB
added 2020/01/14 8:0 a.m.323 views

January 14, 2020—KB4534309 (Security-only update)

None None...

10CVSS6.8AI score0.74897EPSS
Exploits15
Microsoft KB
Microsoft KB
added 2019/12/10 8:0 a.m.3789 views

December 10, 2019—KB4530689 (OS Build 14393.3384)

None None...

9.3CVSS6.8AI score0.73856EPSS
Exploits14
Microsoft KB
Microsoft KB
added 2019/12/10 12:0 a.m.40 views

December 10, 2019—KB4530711 (OS Build 15063.2224)

None None...

6.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2019/11/12 12:0 a.m.44 views

Debian DSA-4562-1 : chromium - security update

Several vulnerabilities have been discovered in the chromium web browser. - CVE-2019-5869 Zhe Jin discovered a use-after-free issue. - CVE-2019-5870 Guang Gong discovered a use-after-free issue. - CVE-2019-5871 A buffer overflow issue was discovered in the skia library. - CVE-2019-5872 Zhe Jin...

9.6CVSS8AI score0.72977EPSS
Exploits4References139
Debian
Debian
added 2019/11/10 7:16 p.m.181 views

[SECURITY] [DSA 4562-1] chromium security update

-------------------------------------------------------------------------- Debian Security Advisory DSA-4562-1 [email protected] https://www.debian.org/security/ Michael Gilbert November 10, 2019 https://www.debian.org/security/faq -...

9.6CVSS9AI score0.72977EPSS
Exploits4
OPENSUSE Linux
OPENSUSE Linux
added 2019/09/20 12:0 a.m.275 views

Security update for chromium (important)

openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2019:2155-1 Rating: important References: 1150425 Cross-References: CVE-2019-13659 CVE-2019-13660 CVE-2019-13661 CVE-2019-13662 CVE-2019-13663 CVE-2019-13664 CVE-2019-13665 CVE-2019-13666 CVE-2019-13667...

9.6CVSS6.7AI score0.01443EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2019/09/20 12:0 a.m.23 views

openSUSE: Security Advisory for chromium (openSUSE-SU-2019:2153-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.6CVSS6.6AI score0.01443EPSS
Exploits0References2
OPENSUSE Linux
OPENSUSE Linux
added 2019/09/19 12:0 a.m.194 views

Security update for chromium (important)

openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2019:2152-1 Rating: important References: 1150425 Cross-References: CVE-2019-13659 CVE-2019-13660 CVE-2019-13661 CVE-2019-13662 CVE-2019-13663 CVE-2019-13664 CVE-2019-13665 CVE-2019-13666 CVE-2019-13667...

9.6CVSS6.7AI score0.01443EPSS
Exploits0References1
OPENSUSE Linux
OPENSUSE Linux
added 2019/09/19 12:0 a.m.186 views

Security update for chromium (important)

openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2019:2153-1 Rating: important References: 1150425 Cross-References: CVE-2019-13659 CVE-2019-13660 CVE-2019-13661 CVE-2019-13662 CVE-2019-13663 CVE-2019-13664 CVE-2019-13665 CVE-2019-13666 CVE-2019-13667...

9.6CVSS6.7AI score0.01443EPSS
Exploits0References1
Google Chrome Security Advisories
Google Chrome Security Advisories
added 2019/09/10 12:0 a.m.45 views

Stable Channel Update for Desktop

The Chrome team is delighted to announce the promotion of Chrome 77 to the Stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks. Chrome 77.0.3865.75 contains a number of fixes and improvements -- a full list of changes in this build is available in the log. Wat...

9.6CVSS7.4AI score0.01443EPSS
Exploits0Affected Software1
Kaspersky
Kaspersky
added 2019/09/10 12:0 a.m.87 views

KLA11550 Multiple vulnerabilities in Google Chrome

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, bypass security restrictions and spoof user interface. Below is a complete list of vulnerabilities: 1. Use-after-free vulnerability in...

9.6CVSS8.5AI score0.01443EPSS
Exploits0References3
OSV
OSV
added 2018/12/11 4:29 p.m.8 views

CVE-2018-18351

Lack of proper validation of ancestor frames site when sending lax cookies in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass SameSite cookie policy via a crafted HTML page...

6.5CVSS8AI score
Exploits0References6
Rows per page
Query Builder