135 matches found
Cross-Site Request Forgery (CSRF) in hdinnovations/unit3d-community-edition
✍️ Description Attacker is able to change a user profile state to private if a logged in user visits attacker website. 🕵️♂️ Proof of Concept 1. when you logged in open this POC.html in a browser 2. you can check your profile state changed form public to private history.pushState'', '', '/'...
Cross-Site Request Forgery (CSRF) in hdinnovations/unit3d-community-edition
✍️ Description Attacker is able to disable a user notification if a logged in user visits attacker website. 🕵️♂️ Proof of Concept 1. when you logged in open this POC.html in a browser 2. you can check your notification is disabled history.pushState'', '', '/' document.forms0.submit; 💥 Impact This...
Security Bulletin: IBM Security Verify Information Queue still supports older browsers that don't enforce CSRF token protections (CVE-2021-20403)
Summary The IBM Security Verify Information Queue ISIQ web application protects against cross-site request forgery CSRF attacks by using the SameSite cookie attribute. However, ISIQ's web browser requirements are not current enough to ensure that this cookie attribute gets consistently used. As o...
Description of the security update for SharePoint Foundation 2013: March 10, 2020
Description of the security update for SharePoint Foundation 2013: March 10, 2020 Summary This security update resolves a vulnerability that occurs if SharePoint Server does not correctly sanitize a specially crafted request to an affected SharePoint server. To learn more about the vulnerability,...
Description of the security update for SharePoint Foundation 2010: March 10, 2020
Description of the security update for SharePoint Foundation 2010: March 10, 2020 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see...
Description of the security update for SharePoint Enterprise Server 2016: March 10, 2020
None None...
D-Link DGS-1250 Header Injection
D-Link DGS-1250 header injection vulnerability ============================================== The latest version of this advisory is available at: https://sintonen.fi/advisories/d-link-dgs-1250-header-injection.txt Overview -------- D-Link DGS-1250 switch is susceptible to a header injection...
Description of the security update for SharePoint Server 2019: February 11, 2020
None None...
January 14, 2020—KB4534309 (Security-only update)
None None...
December 10, 2019—KB4530689 (OS Build 14393.3384)
None None...
December 10, 2019—KB4530711 (OS Build 15063.2224)
None None...
Debian DSA-4562-1 : chromium - security update
Several vulnerabilities have been discovered in the chromium web browser. - CVE-2019-5869 Zhe Jin discovered a use-after-free issue. - CVE-2019-5870 Guang Gong discovered a use-after-free issue. - CVE-2019-5871 A buffer overflow issue was discovered in the skia library. - CVE-2019-5872 Zhe Jin...
[SECURITY] [DSA 4562-1] chromium security update
-------------------------------------------------------------------------- Debian Security Advisory DSA-4562-1 [email protected] https://www.debian.org/security/ Michael Gilbert November 10, 2019 https://www.debian.org/security/faq -...
Security update for chromium (important)
openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2019:2155-1 Rating: important References: 1150425 Cross-References: CVE-2019-13659 CVE-2019-13660 CVE-2019-13661 CVE-2019-13662 CVE-2019-13663 CVE-2019-13664 CVE-2019-13665 CVE-2019-13666 CVE-2019-13667...
openSUSE: Security Advisory for chromium (openSUSE-SU-2019:2153-1)
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Security update for chromium (important)
openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2019:2152-1 Rating: important References: 1150425 Cross-References: CVE-2019-13659 CVE-2019-13660 CVE-2019-13661 CVE-2019-13662 CVE-2019-13663 CVE-2019-13664 CVE-2019-13665 CVE-2019-13666 CVE-2019-13667...
Security update for chromium (important)
openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2019:2153-1 Rating: important References: 1150425 Cross-References: CVE-2019-13659 CVE-2019-13660 CVE-2019-13661 CVE-2019-13662 CVE-2019-13663 CVE-2019-13664 CVE-2019-13665 CVE-2019-13666 CVE-2019-13667...
Stable Channel Update for Desktop
The Chrome team is delighted to announce the promotion of Chrome 77 to the Stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks. Chrome 77.0.3865.75 contains a number of fixes and improvements -- a full list of changes in this build is available in the log. Wat...
KLA11550 Multiple vulnerabilities in Google Chrome
Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, bypass security restrictions and spoof user interface. Below is a complete list of vulnerabilities: 1. Use-after-free vulnerability in...
CVE-2018-18351
Lack of proper validation of ancestor frames site when sending lax cookies in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass SameSite cookie policy via a crafted HTML page...