8181 matches found
CVE-2020-16004
Use after free in user interface in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
DEBIAN-CVE-2020-15983
Insufficient data validation in webUI in Google Chrome on ChromeOS prior to 86.0.4240.75 allowed a local attacker to bypass content security policy via a crafted HTML page...
UBUNTU-CVE-2020-16004
Use after free in user interface in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
KLA11990 Multiple vulnerabilities in Google Chrome
Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, spoof user interface. Below is a complete list of vulnerabilities: 1. Implementation vulnerability in V8 can be exploited to potentiall...
Google Chrome post-release reuse vulnerability (CNVD-2020-60475)
Chrome is a simple and efficiently designed web browsing tool developed by Google that is characterized by its simplicity and speed. A post-release reuse vulnerability exists in the user interface in versions prior to Google Chrome 86.0.4240.183. A remote attacker can then exploit the vulnerabili...
PT-2020-4553 · Google · Google Chrome
Name of the Vulnerable Software and Affected Versions: Google Chrome for Android versions prior to 86.0.4240.185 Description: The issue is related to a heap buffer overflow in the UI component of Google Chrome on Android. This could allow a remote attacker who has compromised the renderer process...
chromium -- multiple vulnerabilities
Chrome Releases reports: This release contains 10 security fixes, including: 1138911 High CVE-2020-16004: Use after free in user interface. Reported by Leecraso and Guang Gong of 360 Alpha Lab working with 360 BugCloud on 2020-10-15 1139398 High CVE-2020-16005: Insufficient policy enforcement in...
SUSE-SU-2020:3091-1 Security update for MozillaThunderbird and mozilla-nspr
This update for MozillaThunderbird and mozilla-nspr fixes the following issues: - Mozilla Thunderbird 78.4 new: MailExtensions: browser.tabs.sendMessage API added new: MailExtensions: messageDisplayScripts API added changed: Yahoo and AOL mail users using password authentication will be migrated ...
IBM Spectrum Scale Cross-Site Scripting Vulnerability (CNVD-2020-59701)
IBM Spectrum Scale is a scalable data and file management solution from IBM USA based on IBM GPFS, an enterprise file management system optimized for petabyte-scale storage management. The product supports helping clients reduce storage costs while improving security and management efficiency in...
CVE-2018-4390
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan, watchOS 4.3, iOS 12.1. Processing a maliciously crafted text message may lead to UI spoofi...
CVE-2018-4390
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan, watchOS 4.3, iOS 12.1. Processing a maliciously crafted text message may lead to UI spoofi...
Decoder++ - An Extensible Application For Penetration Testers And Software Developers To Decode/Encode Data Into Various Formats
An extensible application for penetration testers and software developers to decode/encode data into various formats. Setup Decoder++ can be either installed by using pip or by pulling the source from this repository: Install using pip pip3 install decoder-plus-plus Overview This section provides...
IBM Spectrum Scale Cross-Site Scripting Vulnerability (CNVD-2020-58213)
IBM Spectrum Scale is a scalable data and file management solution from IBM USA based on IBM GPFS, an enterprise file management system optimized for petabyte-scale storage management. The product supports helping clients reduce storage costs while improving security and management efficiency in...
Yandex Browser Information Disclosure Vulnerability
Yandex Browser is a desktop version of the web browser from the Russian company Yandex. Yandex Browser suffers from an information disclosure vulnerability that originates from a critical information vulnerability that is incorrectly displayed in the user interface UI on the address bar, which ca...
The vulnerability of the win32k component of the Windows operating system, which allows a hacker to increase their privileges
The vulnerability of the win32k component of the Windows operating system exists due to errors in memory object handling. Exploiting this vulnerability can allow an attacker to increase their privileges...
Cross site scripting
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. These vulnerabilities are due to insufficient validation o...
Cross site scripting
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. These vulnerabilities are due to insufficient validation o...
CVE-2020-3581 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Interface Cross-Site Scripting Vulnerabilities
Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the web services interface of an...
CVE-2020-3553 Cisco Firepower Management Center Software Cross-Site Scripting Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. These vulnerabilities are due to insufficient validation o...
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Interface Cross-Site Scripting Vulnerabilities
Update June 28, 2021: Cisco has become aware that public exploit code exists for CVE-2020-3580, and this vulnerability is being actively exploited. Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD...