15 matches found
EUVD-2015-1427
Malware in sbrugna...
EUVD-2015-1422
Malware in sbrugna...
EUVD-2022-5939
Malicious code in bioql PyPI...
SUSE CVE-2015-1286
Cross-site scripting XSS vulnerability in the V8ContextNativeHandler::GetModuleSystem function in extensions/renderer/v8contextnativehandler.cc in Google Chrome before 44.0.2403.89 allows remote attackers to inject arbitrary web script or HTML by leveraging the lack of a certain V8 context...
Code Injection in metacalc
The package metacalc before 0.0.2 is vulnerable to Arbitrary Code Execution when it exposes JavaScript's Math class to the v8 context. As the Math class is exposed to user-land, it can be used to get access to JavaScript's Function constructor...
PT-2022-14865
Name of the Vulnerable Software and Affected Versions metacalc versions prior to 0.0.2 Description The issue allows for Arbitrary Code Execution when the Math class is exposed to the v8 context, enabling access to JavaScript's Function constructor. This exposure to user-land can be exploited...
Chrome Universal XSS via the unload_event module (CVE-2015-6769)
VULNERABILITY DETAILS From /WebKit/Source/core/loader/DocumentLoader.cpp: PassRefPtrWillBeRawPtr DocumentLoader::createWriterForconst Document ownerDocument, const DocumentInit& init, ... LocalFrame frame = init.frame; ASSERT!frame-document || !frame-document-isActive; ASSERTframe-tree.childCount...
chromium-browser: UXSS in blink.
Cross-site scripting XSS vulnerability in the V8ContextNativeHandler::GetModuleSystem function in extensions/renderer/v8contextnativehandler.cc in Google Chrome before 44.0.2403.89 allows remote attackers to inject arbitrary web script or HTML by leveraging the lack of a certain V8 context...
chromium-browser: CSP bypass in unspecified component
core/loader/ImageLoader.cpp in Blink, as used in Google Chrome before 44.0.2403.89, does not properly determine the V8 context of a microtask, which allows remote attackers to bypass Content Security Policy CSP restrictions by providing an image from an unintended source...
CVE-2015-1281
core/loader/ImageLoader.cpp in Blink, as used in Google Chrome before 44.0.2403.89, does not properly determine the V8 context of a microtask, which allows remote attackers to bypass Content Security Policy CSP restrictions by providing an image from an unintended source...
CVE-2015-1286
Cross-site scripting XSS vulnerability in the V8ContextNativeHandler::GetModuleSystem function in extensions/renderer/v8contextnativehandler.cc in Google Chrome before 44.0.2403.89 allows remote attackers to inject arbitrary web script or HTML by leveraging the lack of a certain V8 context...
Cross site scripting
Cross-site scripting XSS vulnerability in the V8ContextNativeHandler::GetModuleSystem function in extensions/renderer/v8contextnativehandler.cc in Google Chrome before 44.0.2403.89 allows remote attackers to inject arbitrary web script or HTML by leveraging the lack of a certain V8 context...
Design/Logic Flaw
core/loader/ImageLoader.cpp in Blink, as used in Google Chrome before 44.0.2403.89, does not properly determine the V8 context of a microtask, which allows remote attackers to bypass Content Security Policy CSP restrictions by providing an image from an unintended source...
CVE-2015-1286
Cross-site scripting XSS vulnerability in the V8ContextNativeHandler::GetModuleSystem function in extensions/renderer/v8contextnativehandler.cc in Google Chrome before 44.0.2403.89 allows remote attackers to inject arbitrary web script or HTML by leveraging the lack of a certain V8 context...
CVE-2015-1281
CVE-2015-1281 is documented in multiple connected sources as a CSP bypass in Blink (core/loader/ImageLoader.cpp) used by Google Chrome/Chromium prior to 44.0.2403.89. The root cause is a failure to correctly determine the V8 context of a microtask, enabling remote CSP restrictions bypass via an i...