Lucene search
+L

129 matches found

ptsecurity
ptsecurity
added 2023/08/08 12:0 a.m.5 views

PT-2023-27003 · Node.Js +1 · Node.Js +1

Name of the Vulnerable Software and Affected Versions: SES versions 0.13.0 through 0.13.4 SES versions 0.14.0 through 0.14.4 SES versions 0.15.0 through 0.15.23 SES versions 0.16.0 through 0.16.0 SES versions 0.17.0 through 0.17.0 SES versions 0.18.0 through 0.18.6 Description: There is a hole in...

9.8CVSS9.7AI score0.01234EPSS
Exploits1References15
susecve
susecve
added 2023/02/15 6:0 a.m.4 views

SUSE CVE-2010-0160

The Web Worker functionality in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly handle array data types for posted messages, which allows remote attackers to cause a denial of service heap memory corruption and application crash or possibl...

10CVSS8AI score0.06006EPSS
Exploits0References6
susecve
susecve
added 2023/02/15 4:46 a.m.5 views

SUSE CVE-2017-7843

When Private Browsing mode is used, it is possible for a web worker to write persistent data to IndexedDB and fingerprint a user uniquely. IndexedDB should not be available in Private Browsing mode and this stored data will persist across multiple private browsing mode sessions because it is not...

5.3CVSS8.1AI score0.02989EPSS
Exploits1References4
susecve
susecve
added 2023/02/15 4:32 a.m.4 views

SUSE CVE-2018-5092

A use-after-free vulnerability can occur when the thread for a Web Worker is freed from memory prematurely instead of from memory in the main thread while cancelling fetch operations. This vulnerability affects Firefox 58...

9.8CVSS8.8AI score0.0184EPSS
Exploits0References4
susecve
susecve
added 2023/02/15 3:59 a.m.2 views

SUSE CVE-2020-12387

A race condition when running shutdown code for Web Worker led to a use-after-free vulnerability. This resulted in a potentially exploitable crash. This vulnerability affects Firefox ESR 68.8, Firefox 76, and Thunderbird 68.8.0...

8.8CVSS8.8AI score0.01403EPSS
Exploits0References10
redhat
redhat
added 2023/01/25 3:30 p.m.10 views

Mozilla: Content Security Policy wasn't being correctly applied to WebSockets in WebWorkers

The Mozilla Foundation Security Advisory describes this flaw as: A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers...

6.5CVSS7.2AI score0.00601EPSS
Exploits0References6
redhat
redhat
added 2023/01/23 10:3 a.m.8 views

Mozilla: Content Security Policy wasn't being correctly applied to WebSockets in WebWorkers

The Mozilla Foundation Security Advisory describes this flaw as: A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers...

6.5CVSS7.2AI score0.00601EPSS
Exploits0References6
osv
osv
added 2023/01/20 4:56 p.m.51 views

GHSA-MC52-JPM2-CQH6 Deno is vulnerable to race condition via interactive permission prompt spoofing

Impact Multi-threaded programs were able to spoof interactive permission prompt by rewriting the prompt to suggest that program is waiting on user confirmation to unrelated action. A malicious program could clear the terminal screen after permission prompt was shown and write a generic message li...

8.8CVSS7.2AI score0.00601EPSS
Exploits1References4
nvd
nvd
added 2023/01/17 9:15 p.m.44 views

CVE-2023-22499

Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Multi-threaded programs were able to spoof interactive permission prompt by rewriting the prompt to suggest that program is waiting on user confirmation to unrelated action. A malicious program could clear the...

7.5CVSS7.4AI score0.00601EPSS
Exploits1References2
prion
prion
added 2023/01/17 9:15 p.m.20 views

Code injection

Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Multi-threaded programs were able to spoof interactive permission prompt by rewriting the prompt to suggest that program is waiting on user confirmation to unrelated action. A malicious program could clear the...

5.1CVSS7.4AI score0.00601EPSS
Exploits1References2Affected Software1
vulnrichment
vulnrichment
added 2023/01/17 8:23 p.m.11 views

CVE-2023-22499 Interactive permission prompt spoofing in Deno

Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Multi-threaded programs were able to spoof interactive permission prompt by rewriting the prompt to suggest that program is waiting on user confirmation to unrelated action. A malicious program could clear the...

7.5CVSS7.6AI score0.00601EPSS
Exploits1References2
cvelist
cvelist
added 2023/01/17 8:23 p.m.26 views

CVE-2023-22499 Interactive permission prompt spoofing in Deno

Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Multi-threaded programs were able to spoof interactive permission prompt by rewriting the prompt to suggest that program is waiting on user confirmation to unrelated action. A malicious program could clear the...

7.5CVSS7.6AI score0.00601EPSS
Exploits1References2
osv
osv
added 2023/01/17 8:23 p.m.26 views

CVE-2023-22499 Interactive permission prompt spoofing in Deno

Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Multi-threaded programs were able to spoof interactive permission prompt by rewriting the prompt to suggest that program is waiting on user confirmation to unrelated action. A malicious program could clear the...

7.5CVSS7.3AI score0.00601EPSS
Exploits1References4
ptsecurity
ptsecurity
added 2023/01/17 12:0 a.m.6 views

PT-2023-1315 · Deno · Deno

Name of the Vulnerable Software and Affected Versions: Deno versions prior to 1.29.3 Description: The issue is related to errors in synchronization when using a shared resource in Deno, a runtime for JavaScript and TypeScript. This could allow a remote attacker to execute arbitrary code...

10CVSS7.5AI score0.00601EPSS
Exploits1References9
mageia
mageia
added 2022/02/12 5:31 p.m.44 views

Updated firefox packages fix security vulnerability

If a user installed an extension of a particular type, the extension could have auto-updated itself and while doing so, bypass the prompt which grants the new version the new requested permissions CVE-2022-22754. If a user was convinced to drag and drop an image to their desktop or other folder,...

9.6CVSS0.3AI score0.00926EPSS
Exploits1References3
openvas
openvas
added 2022/01/28 12:0 a.m.16 views

Mageia: Security Advisory (MGASA-2017-0448)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.7AI score0.02989EPSS
Exploits1References4
osv
osv
added 2020/08/10 6:15 p.m.1 views

DEBIAN-CVE-2020-15652

By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to content that can be parsed as script. This vulnerability affects Firefox 79, Firefox ESR 68.11, Firefox ESR 78.1, Thunderbird 68.11, and Thunderbi...

6.5CVSS7.1AI score0.01263EPSS
Exploits0References1
redhat
redhat
added 2020/08/06 7:16 a.m.6 views

Mozilla: Potential leak of redirect targets when loading scripts in a worker

The Mozilla Foundation Security Advisory describes this flaw as: By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to content that can be parsed as script...

6.5CVSS6.9AI score0.01263EPSS
Exploits0References5
redhat
redhat
added 2020/07/29 10:47 p.m.5 views

Mozilla: Potential leak of redirect targets when loading scripts in a worker

The Mozilla Foundation Security Advisory describes this flaw as: By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to content that can be parsed as script...

6.5CVSS6.8AI score0.01263EPSS
Exploits0References5
nvd
nvd
added 2020/05/26 6:15 p.m.25 views

CVE-2020-12387

A race condition when running shutdown code for Web Worker led to a use-after-free vulnerability. This resulted in a potentially exploitable crash. This vulnerability affects Firefox ESR 68.8, Firefox 76, and Thunderbird 68.8.0...

8.1CVSS8.5AI score0.01403EPSS
Exploits0References7
Rows per page
Query Builder