Lucene search
K

116 matches found

Veracode
Veracode
added 2022/07/30 6:38 a.m.31 views

Authentication Bypass

firefox is vulnerable to authentication bypass. The vulnerability exists because preload cache bypasses subresource integrity when loading a script which allows an attacker to gain access to internal system and perform unwanted action...

4.3CVSS7.3AI score0.00196EPSS
Exploits0References3Affected Software3
OpenVAS
OpenVAS
added 2022/07/29 12:0 a.m.20 views

Ubuntu: Security Advisory (USN-5536-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.1AI score0.00748EPSS
Exploits0References2
OSV
OSV
added 2022/07/28 1:29 p.m.8 views

USN-5536-1 firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the mouse pointer position, bypass Subresource Integrity protections, obtain sensitive information,...

9.8CVSS6.9AI score0.00748EPSS
Exploits0References7
Ubuntu
Ubuntu
added 2022/07/28 1:29 p.m.73 views

USN-5536-1: Firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the mouse pointer position, bypass Subresource Integrity protections, obtain sensitive information,...

9.8CVSS7.7AI score0.00748EPSS
Exploits0
CNVD
CNVD
added 2022/07/28 12:0 a.m.118 views

Mozilla Firefox Resource Management Error Vulnerability (CNVD-2023-17325)

Mozilla Firefox is an open source Web browser from the Mozilla Foundation. versions prior to Mozilla Firefox 103 are vulnerable to a resource management error that stems from a cache preload error. When loading a script with subresource integrity, an attacker could exploit the vulnerability to...

6.7AI score0.00196EPSS
Exploits0Affected Software1
UbuntuCve
UbuntuCve
added 2022/07/27 12:0 a.m.35 views

CVE-2022-36315

When loading a script with Subresource Integrity, attackers with an injection capability could trigger the reuse of previously cached entries with incorrect, different integrity metadata. This vulnerability affects Firefox 103...

4.3CVSS6.3AI score0.00196EPSS
Exploits0References3
OSV
OSV
added 2022/07/27 12:0 a.m.2 views

UBUNTU-CVE-2022-36315

When loading a script with Subresource Integrity, attackers with an injection capability could trigger the reuse of previously cached entries with incorrect, different integrity metadata. This vulnerability affects Firefox 103...

4.3CVSS6.1AI score0.00196EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2022/07/27 12:0 a.m.60 views

Mozilla Firefox < 103.0

The version of Firefox installed on the remote Windows host is prior to 103.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-28 advisory. - Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102. Some of these bugs...

9.8CVSS6.8AI score0.00748EPSS
Exploits0References9
OpenVAS
OpenVAS
added 2022/07/27 12:0 a.m.23 views

Mozilla Firefox Security Advisory (MFSA2022-28) - Linux

The remote host is missing an update for Mozilla Firefox, announced via the advisory MFSA2022-28. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-on...

9.8CVSS6.7AI score0.00748EPSS
Exploits0References8
CNNVD
CNNVD
added 2022/07/26 12:0 a.m.4 views

Mozilla Firefox 资源管理错误漏洞

Mozilla Firefox is an open source Web browser from the Mozilla Foundation. versions prior to Mozilla Firefox 103 are vulnerable to a resource management error that stems from a cache preload error. When loading a script with subresource integrity, an attacker could exploit the vulnerability to...

4.3CVSS8.4AI score0.00196EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2021/09/22 9:6 a.m.5 views

nodejs-ssri: Regular expression DoS (ReDoS) when parsing malicious SRI in strict mode

A flaw was found in ssri package. A malicious string provided by an attacker may lead to Regular Expression Denial of Service ReDoS. This issue only affects consumers using the strict option. The highest threat from this vulnerability is to availability...

7.5CVSS7.3AI score0.0472EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2021/08/10 4:37 p.m.4 views

nodejs-ssri: Regular expression DoS (ReDoS) when parsing malicious SRI in strict mode

A flaw was found in ssri package. A malicious string provided by an attacker may lead to Regular Expression Denial of Service ReDoS. This issue only affects consumers using the strict option. The highest threat from this vulnerability is to availability...

7.5CVSS7.3AI score0.0472EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2021/08/10 4:37 p.m.4 views

nodejs-ssri: Regular expression DoS (ReDoS) when parsing malicious SRI in strict mode

A flaw was found in ssri package. A malicious string provided by an attacker may lead to Regular Expression Denial of Service ReDoS. This issue only affects consumers using the strict option. The highest threat from this vulnerability is to availability...

7.5CVSS7.3AI score0.0472EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2021/07/28 8:36 a.m.3 views

nodejs-ssri: Regular expression DoS (ReDoS) when parsing malicious SRI in strict mode

A flaw was found in ssri package. A malicious string provided by an attacker may lead to Regular Expression Denial of Service ReDoS. This issue only affects consumers using the strict option. The highest threat from this vulnerability is to availability...

7.5CVSS7.3AI score0.0472EPSS
Exploits1References4
OSV
OSV
added 2021/03/19 9:24 p.m.1 views

GHSA-VX3P-948G-6VHQ Regular Expression Denial of Service (ReDoS)

npm ssri 5.2.2-6.0.1 and 7.0.0-8.0.0, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the strict option...

7.5CVSS6.8AI score0.0472EPSS
Exploits1References12
OSV
OSV
added 2021/03/12 10:15 p.m.3 views

ALPINE-CVE-2021-27290

ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the strict option...

7.5CVSS6.9AI score0.0472EPSS
Exploits1References1
OSV
OSV
added 2021/03/12 10:15 p.m.1 views

DEBIAN-CVE-2021-27290

ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the strict option...

7.5CVSS6.7AI score0.0472EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/03/12 12:0 a.m.0 views

ssri 安全漏洞

nlf ssri is nlf an open source application. Provides an acronym for Standard Subresource Integrity, a Node.js utility for parsing, manipulating, serializing, generating and validating Subresource Integrity hashes. A security vulnerability exists in ssri 5.2.2-8.0.0 that stems from the use of...

7.5CVSS7AI score0.0472EPSS
Exploits1References26
OSV
OSV
added 2020/11/16 3:15 p.m.7 views

CVE-2020-25209

In JetBrains YouTrack before 2020.3.6638, improper access control for some subresources leads to information disclosure via the REST API...

7.5CVSS7.1AI score0.02362EPSS
Exploits0References2
CNVD
CNVD
added 2020/10/26 12:0 a.m.1 views

webpack-subresource-integrity data forgery issue vulnerability

webpack-subresource-integrity is a personal developer's npm extension for website static file security. The library generates an encrypted hash code that can be used to verify that files fetched by the browser e.g. from a CDN are secure. A webpack plugin vulnerability exists in versions prior to...

5CVSS7.1AI score0.00517EPSS
Exploits0References1
Rows per page
Query Builder