Lucene search
K

96 matches found

Openbugbounty
Openbugbounty
added 2015/09/22 10:41 a.m.13 views

dictionary.cambridge.org XSS vulnerability

Vulnerable URL: http://dictionary.cambridge.org/us/spellcheck/english/?q=+ Details: Description| Value ---|--- Patched:| Yes, at 11.10.2015 Latest check for patch:| 11.10.2015 09:11 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated Google...

6.3AI score
Exploits0
CNVD
CNVD
added 2015/07/24 12:0 a.m.4 views

Google Chrome Spellcheck API Man-in-the-Middle Attack Vulnerability

Google Chrome is a web browser developed by the American company Google Google. A security vulnerability exists in the implementation of the Spellcheck API in versions of Google Chrome prior to 44.0.2403.89, which stems from the program failing to download the Hunspell directory using an HTTPS...

6.8CVSS8.8AI score0.01079EPSS
Exploits0References1
NVD
NVD
added 2015/07/23 12:59 a.m.22 views

CVE-2015-1288

The Spellcheck API implementation in Google Chrome before 44.0.2403.89 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file, a related...

6.8CVSS9.7AI score0.01079EPSS
Exploits0References9
OSV
OSV
added 2015/07/23 12:59 a.m.4 views

UBUNTU-CVE-2015-1288

The Spellcheck API implementation in Google Chrome before 44.0.2403.89 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file, a related...

6.8CVSS7.3AI score0.01079EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2015/07/23 12:59 a.m.34 views

CVE-2015-1288

The Spellcheck API implementation in Google Chrome before 44.0.2403.89 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file, a related...

6.8CVSS7.2AI score0.01079EPSS
Exploits0References2
Prion
Prion
added 2015/07/23 12:59 a.m.23 views

Design/Logic Flaw

The Spellcheck API implementation in Google Chrome before 44.0.2403.89 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file, a related...

6.8CVSS7AI score0.01079EPSS
Exploits0References9Affected Software7
CVE
CVE
added 2015/07/23 12:0 a.m.88 views

CVE-2015-1288

CVE-2015-1288 affects Google Chrome’s Spellcheck API: the Hunspell dictionary was downloaded without HTTPS, enabling potential MITM manipulation of spelling suggestions. Affected code path: downloading Hunspell dictionaries over plain HTTP. Impact, as stated, includes possible incorrect spelling ...

6.8CVSS9.5AI score0.01079EPSS
Exploits0References9Affected Software1
Cvelist
Cvelist
added 2015/07/23 12:0 a.m.26 views

CVE-2015-1288

The Spellcheck API implementation in Google Chrome before 44.0.2403.89 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file, a related...

9.7AI score0.01079EPSS
Exploits0References9
Debian CVE
Debian CVE
added 2015/07/23 12:0 a.m.42 views

CVE-2015-1288

Removed by vendor...

6.8CVSS9.5AI score0.01079EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2015/05/25 3:25 a.m.6 views

chromium-browser: insecure download of spellcheck dictionary in unspecified component

The Spellcheck API implementation in Google Chrome before 43.0.2357.65 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file...

4.3CVSS7.5AI score0.00989EPSS
Exploits0References5
ArchLinux
ArchLinux
added 2015/05/21 12:0 a.m.46 views

chromium: multiple issues

CVE-2015-1251 arbitrary code execution Use-after-free vulnerability in the SpeechRecognitionClient implementation in the Speech subsystem allows remote attackers to execute arbitrary code via a crafted document. - CVE-2015-1252 sandbox protection bypass It has been discovered that...

7.5CVSS5.3AI score0.07855EPSS
Exploits4References14
NVD
NVD
added 2015/05/20 10:59 a.m.16 views

CVE-2015-1263

The Spellcheck API implementation in Google Chrome before 43.0.2357.65 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file...

4.3CVSS9.5AI score0.00989EPSS
Exploits0References9
Prion
Prion
added 2015/05/20 10:59 a.m.21 views

Design/Logic Flaw

The Spellcheck API implementation in Google Chrome before 43.0.2357.65 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file...

4.3CVSS6.9AI score0.00989EPSS
Exploits0References9Affected Software2
UbuntuCve
UbuntuCve
added 2015/05/20 10:59 a.m.35 views

CVE-2015-1263

The Spellcheck API implementation in Google Chrome before 43.0.2357.65 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file...

4.3CVSS7.2AI score0.00989EPSS
Exploits0References4
OSV
OSV
added 2015/05/20 10:59 a.m.5 views

UBUNTU-CVE-2015-1263

The Spellcheck API implementation in Google Chrome before 43.0.2357.65 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file...

4.3CVSS7.3AI score0.00989EPSS
Exploits0References5
Cvelist
Cvelist
added 2015/05/20 10:0 a.m.28 views

CVE-2015-1263

The Spellcheck API implementation in Google Chrome before 43.0.2357.65 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file...

9.5AI score0.00989EPSS
Exploits0References9
CVE
CVE
added 2015/05/20 10:0 a.m.94 views

CVE-2015-1263

The CVE-2015-1263 entry concerns Google Chrome and its Spellcheck API: the Hunspell dictionary download was not performed over HTTPS, enabling potential MITM manipulation of spelling suggestions. Connected records corroborate the same issue for CVE-2015-1288 (and related Debian security advisorie...

4.3CVSS9.3AI score0.00989EPSS
Exploits0References9Affected Software1
Debian CVE
Debian CVE
added 2015/05/20 10:0 a.m.42 views

CVE-2015-1263

Removed by vendor...

4.3CVSS9.4AI score0.00989EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2015/05/20 12:0 a.m.29 views

FreeBSD : chromium -- multiple vulnerabilities (a9d456b4-fe4c-11e4-ad15-00262d5ed8ee)

Google Chrome Releases reports : 37 security fixes in this release, including : - 474029 High CVE-2015-1252: Sandbox escape in Chrome. Credit to anonymous. - 464552 High CVE-2015-1253: Cross-origin bypass in DOM. Credit to anonymous. - 444927 High CVE-2015-1254: Cross-origin bypass in Editing...

7.5CVSS7.9AI score0.07855EPSS
Exploits4References17
FreeBSD
FreeBSD
added 2015/05/19 12:0 a.m.33 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 37 security fixes in this release, including: 474029 High CVE-2015-1252: Sandbox escape in Chrome. Credit to anonymous. 464552 High CVE-2015-1253: Cross-origin bypass in DOM. Credit to anonymous. 444927 High CVE-2015-1254: Cross-origin bypass in Editing. Credit to...

7.5CVSS9.5AI score0.07855EPSS
Exploits4References1
Rows per page
Query Builder