96 matches found
dictionary.cambridge.org XSS vulnerability
Vulnerable URL: http://dictionary.cambridge.org/us/spellcheck/english/?q=+ Details: Description| Value ---|--- Patched:| Yes, at 11.10.2015 Latest check for patch:| 11.10.2015 09:11 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated Google...
Google Chrome Spellcheck API Man-in-the-Middle Attack Vulnerability
Google Chrome is a web browser developed by the American company Google Google. A security vulnerability exists in the implementation of the Spellcheck API in versions of Google Chrome prior to 44.0.2403.89, which stems from the program failing to download the Hunspell directory using an HTTPS...
CVE-2015-1288
The Spellcheck API implementation in Google Chrome before 44.0.2403.89 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file, a related...
UBUNTU-CVE-2015-1288
The Spellcheck API implementation in Google Chrome before 44.0.2403.89 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file, a related...
CVE-2015-1288
The Spellcheck API implementation in Google Chrome before 44.0.2403.89 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file, a related...
Design/Logic Flaw
The Spellcheck API implementation in Google Chrome before 44.0.2403.89 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file, a related...
CVE-2015-1288
CVE-2015-1288 affects Google Chrome’s Spellcheck API: the Hunspell dictionary was downloaded without HTTPS, enabling potential MITM manipulation of spelling suggestions. Affected code path: downloading Hunspell dictionaries over plain HTTP. Impact, as stated, includes possible incorrect spelling ...
CVE-2015-1288
The Spellcheck API implementation in Google Chrome before 44.0.2403.89 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file, a related...
CVE-2015-1288
Removed by vendor...
chromium-browser: insecure download of spellcheck dictionary in unspecified component
The Spellcheck API implementation in Google Chrome before 43.0.2357.65 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file...
chromium: multiple issues
CVE-2015-1251 arbitrary code execution Use-after-free vulnerability in the SpeechRecognitionClient implementation in the Speech subsystem allows remote attackers to execute arbitrary code via a crafted document. - CVE-2015-1252 sandbox protection bypass It has been discovered that...
CVE-2015-1263
The Spellcheck API implementation in Google Chrome before 43.0.2357.65 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file...
Design/Logic Flaw
The Spellcheck API implementation in Google Chrome before 43.0.2357.65 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file...
CVE-2015-1263
The Spellcheck API implementation in Google Chrome before 43.0.2357.65 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file...
UBUNTU-CVE-2015-1263
The Spellcheck API implementation in Google Chrome before 43.0.2357.65 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file...
CVE-2015-1263
The Spellcheck API implementation in Google Chrome before 43.0.2357.65 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file...
CVE-2015-1263
The CVE-2015-1263 entry concerns Google Chrome and its Spellcheck API: the Hunspell dictionary download was not performed over HTTPS, enabling potential MITM manipulation of spelling suggestions. Connected records corroborate the same issue for CVE-2015-1288 (and related Debian security advisorie...
CVE-2015-1263
Removed by vendor...
FreeBSD : chromium -- multiple vulnerabilities (a9d456b4-fe4c-11e4-ad15-00262d5ed8ee)
Google Chrome Releases reports : 37 security fixes in this release, including : - 474029 High CVE-2015-1252: Sandbox escape in Chrome. Credit to anonymous. - 464552 High CVE-2015-1253: Cross-origin bypass in DOM. Credit to anonymous. - 444927 High CVE-2015-1254: Cross-origin bypass in Editing...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 37 security fixes in this release, including: 474029 High CVE-2015-1252: Sandbox escape in Chrome. Credit to anonymous. 464552 High CVE-2015-1253: Cross-origin bypass in DOM. Credit to anonymous. 444927 High CVE-2015-1254: Cross-origin bypass in Editing. Credit to...