Filtered by vendor
Subscriptions
Total
304 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2011-3956 | 1 Google | 1 Chrome | 2024-11-21 | N/A |
The extension implementation in Google Chrome before 17.0.963.46 does not properly handle sandboxed origins, which might allow remote attackers to bypass the Same Origin Policy via a crafted extension. | ||||
CVE-2011-3072 | 1 Google | 1 Chrome | 2024-11-21 | N/A |
Google Chrome before 18.0.1025.151 allows remote attackers to bypass the Same Origin Policy via vectors related to pop-up windows. | ||||
CVE-2011-3067 | 2 Apple, Google | 3 Iphone Os, Safari, Chrome | 2024-11-21 | N/A |
Google Chrome before 18.0.1025.151 allows remote attackers to bypass the Same Origin Policy via vectors related to replacement of IFRAME elements. | ||||
CVE-2011-3056 | 3 Apple, Google, Opensuse | 4 Iphone Os, Safari, Chrome and 1 more | 2024-11-21 | N/A |
Google Chrome before 17.0.963.83 allows remote attackers to bypass the Same Origin Policy via vectors involving a "magic iframe." | ||||
CVE-2011-2856 | 1 Google | 1 Chrome | 2024-11-21 | N/A |
Google V8, as used in Google Chrome before 14.0.835.163, allows remote attackers to bypass the Same Origin Policy via unspecified vectors. | ||||
CVE-2009-1185 | 8 Canonical, Debian, Fedoraproject and 5 more | 10 Ubuntu Linux, Debian Linux, Fedora and 7 more | 2024-11-21 | N/A |
udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space. | ||||
CVE-2005-0877 | 1 Thekelleys | 1 Dnsmasq | 2024-11-21 | 7.5 High |
Dnsmasq before 2.21 allows remote attackers to poison the DNS cache via answers to queries that were not made by Dnsmasq. | ||||
CVE-2003-0981 | 1 Freescripts | 1 Visitorbook Le | 2024-11-21 | 6.1 Medium |
FreeScripts VisitorBook LE (visitorbook.pl) logs the reverse DNS name of a visiting host, which allows remote attackers to spoof the origin of their incoming requests and facilitate cross-site scripting (XSS) attacks. | ||||
CVE-2003-0174 | 1 Sgi | 1 Irix | 2024-11-21 | 9.8 Critical |
The LDAP name service (nsd) in IRIX 6.5.19 and earlier does not properly verify if the USERPASSWORD attribute has been provided by an LDAP server, which could allow attackers to log in without a password. | ||||
CVE-2001-1452 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2024-11-21 | 7.5 High |
By default, DNS servers on Windows NT 4.0 and Windows 2000 Server cache glue records received from non-delegated name servers, which allows remote attackers to poison the DNS cache via spoofed DNS responses. | ||||
CVE-2000-1218 | 1 Microsoft | 5 Windows 2000, Windows 98, Windows 98se and 2 more | 2024-11-21 | 9.8 Critical |
The default configuration for the domain name resolver for Microsoft Windows 98, NT 4.0, 2000, and XP sets the QueryIpMatching parameter to 0, which causes Windows to accept DNS updates from hosts that it did not query, which allows remote attackers to poison the DNS cache. | ||||
CVE-1999-1549 | 1 Lynx Project | 1 Lynx | 2024-11-21 | 7.8 High |
Lynx 2.x does not properly distinguish between internal and external HTML, which may allow a local attacker to read a "secure" hidden form value from a temporary file and craft a LYNXOPTIONS: URL that causes Lynx to modify the user's configuration file and execute commands. | ||||
CVE-2024-10534 | 2 Dataprom, Dataprom Informatics | 3 Personnel Attendance Control Systems \/ Access Control Security Systems, Access Control Security Systems, Personnel Attendance Control Systems | 2024-11-19 | 9.8 Critical |
Origin Validation Error vulnerability in Dataprom Informatics Personnel Attendance Control Systems (PACS) / Access Control Security Systems (ACSS) allows Traffic Injection.This issue affects Personnel Attendance Control Systems (PACS) / Access Control Security Systems (ACSS): before 2024. | ||||
CVE-2024-51037 | 1 Kalcaddle | 1 Kodbox | 2024-11-18 | 5.3 Medium |
An issue in kodbox v.1.52.04 and before allows a remote attacker to obtain sensitive information via the captcha feature in the password reset function. | ||||
CVE-2024-6674 | 2 Lollms, Parisneo | 2 Lollms Web Ui, Lollms-webui | 2024-11-01 | 7.1 High |
A CORS misconfiguration in parisneo/lollms-webui prior to version 10 allows attackers to steal sensitive information such as logs, browser sessions, and settings containing private API keys from other services. This vulnerability can also enable attackers to perform actions on behalf of a user, such as deleting a project or sending a message. The issue impacts the confidentiality and integrity of the information. | ||||
CVE-2024-10460 | 2 Mozilla, Redhat | 8 Firefox, Thunderbird, Enterprise Linux and 5 more | 2024-10-31 | 5.4 Medium |
The origin of an external protocol handler prompt could have been obscured using a data: URL within an `iframe`. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132. | ||||
CVE-2024-9393 | 2 Mozilla, Redhat | 9 Firefox, Firefox Esr, Thunderbird and 6 more | 2024-10-30 | 7.5 High |
An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://pdf.js` origin. This could allow them to access cross-origin PDF content. This access is limited to "same site" documents by the Site Isolation feature on desktop clients, but full cross-origin access is possible on Android versions. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131. | ||||
CVE-2024-7978 | 1 Google | 1 Chrome | 2024-10-29 | 4.3 Medium |
Insufficient policy enforcement in Data Transfer in Google Chrome prior to 128.0.6613.84 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | ||||
CVE-2024-44734 | 1 Mirotalk | 1 Mirotalk P2p | 2024-10-16 | 7.5 High |
Incorrect access control in Mirotalk before commit 9de226 allows attackers to arbitrarily change usernames via sending a crafted roomAction request to the server. | ||||
CVE-2024-9392 | 2 Mozilla, Redhat | 9 Firefox, Firefox Esr, Thunderbird and 6 more | 2024-10-04 | 9.8 Critical |
A compromised content process could have allowed for the arbitrary loading of cross-origin pages. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131. |