213 matches found
CVE-2021-37968
Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page...
CVE-2021-30618
Chromium: CVE-2021-30618 Inappropriate implementation in DevTools...
CVE-2021-30609
Chromium: CVE-2021-30609 Use after free in Sign-In...
CVE-2021-30620
Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink...
opensysusers 代码注入漏洞
opensysusers is an open source package. It is an alternative implementation of systemd-sysusers that can be run on systems with or without systemd installed. A code injection vulnerability exists in versions of opensysusers prior to 0.6, which poses a security risk primarily due to the use of...
CVE-2021-30578
Uninitialized use in Media in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page...
CVE-2021-30587
Inappropriate implementation in Compositing in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially spoof the contents of the Omnibox URL bar via a crafted HTML page...
Important: kernel-livepatch-4.14.238-182.421
Issue Overview: No CVE associated with this advisory Affected Packages: kernel-livepatch-4.14.238-182.421 Issue Correction: Please ensure you have live patching enabled. Run yum update kernel-livepatch-4.14.238-182.421 or yum update --advisory ALAS2LIVEPATCH-2021-055 to update your system. New...
CVE-2021-21211
Inappropriate implementation in Navigation in Google Chrome on iOS prior to 90.0.4430.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page...
Debian DSA-4883-1 : underscore - security update
It was discovered that missing input sanitising in the template function of the Underscore JavaScript library could result in the execution of arbitrary code. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory...
shescape command injection vulnerability
shescape is open source a simple shell escaping program package for JavaScript . Use it to escape user-controlled input to shell commands to prevent shell injection . A command injection vulnerability exists in versions of shescape prior to 1.1.3, which can be exploited by an attacker to insert a...
Debian DSA-4852-1 : openvswitch - security update
Joakim Hindersson discovered that Open vSwitch, a software-based Ethernet virtual switch, allowed a malicious user to cause a denial-of-service by sending a specially crafted packet. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian...
CVE-2020-16026
Use after free in WebRTC in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
CVE-2020-16017
Use after free in site isolation in Google Chrome prior to 86.0.4240.198 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page...
CVE-2020-16025
Heap buffer overflow in clipboard in Google Chrome prior to 87.0.4280.66 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page...
CVE-2020-6550
Use after free in IndexedDB in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
CVE-2020-6521
Side-channel information leakage in autofill in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page...
CVE-2020-6533
Type Confusion in V8 in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
CVE-2020-6513
Heap buffer overflow in PDFium in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file...
CVE-2020-6500
Inappropriate implementation in interstitials in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...