Filtered by CWE-346
Filtered by vendor Subscriptions
Total 304 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2011-3956 1 Google 1 Chrome 2024-11-21 N/A
The extension implementation in Google Chrome before 17.0.963.46 does not properly handle sandboxed origins, which might allow remote attackers to bypass the Same Origin Policy via a crafted extension.
CVE-2011-3072 1 Google 1 Chrome 2024-11-21 N/A
Google Chrome before 18.0.1025.151 allows remote attackers to bypass the Same Origin Policy via vectors related to pop-up windows.
CVE-2011-3067 2 Apple, Google 3 Iphone Os, Safari, Chrome 2024-11-21 N/A
Google Chrome before 18.0.1025.151 allows remote attackers to bypass the Same Origin Policy via vectors related to replacement of IFRAME elements.
CVE-2011-3056 3 Apple, Google, Opensuse 4 Iphone Os, Safari, Chrome and 1 more 2024-11-21 N/A
Google Chrome before 17.0.963.83 allows remote attackers to bypass the Same Origin Policy via vectors involving a "magic iframe."
CVE-2011-2856 1 Google 1 Chrome 2024-11-21 N/A
Google V8, as used in Google Chrome before 14.0.835.163, allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
CVE-2009-1185 8 Canonical, Debian, Fedoraproject and 5 more 10 Ubuntu Linux, Debian Linux, Fedora and 7 more 2024-11-21 N/A
udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space.
CVE-2005-0877 1 Thekelleys 1 Dnsmasq 2024-11-21 7.5 High
Dnsmasq before 2.21 allows remote attackers to poison the DNS cache via answers to queries that were not made by Dnsmasq.
CVE-2003-0981 1 Freescripts 1 Visitorbook Le 2024-11-21 6.1 Medium
FreeScripts VisitorBook LE (visitorbook.pl) logs the reverse DNS name of a visiting host, which allows remote attackers to spoof the origin of their incoming requests and facilitate cross-site scripting (XSS) attacks.
CVE-2003-0174 1 Sgi 1 Irix 2024-11-21 9.8 Critical
The LDAP name service (nsd) in IRIX 6.5.19 and earlier does not properly verify if the USERPASSWORD attribute has been provided by an LDAP server, which could allow attackers to log in without a password.
CVE-2001-1452 1 Microsoft 2 Windows 2000, Windows Nt 2024-11-21 7.5 High
By default, DNS servers on Windows NT 4.0 and Windows 2000 Server cache glue records received from non-delegated name servers, which allows remote attackers to poison the DNS cache via spoofed DNS responses.
CVE-2000-1218 1 Microsoft 5 Windows 2000, Windows 98, Windows 98se and 2 more 2024-11-21 9.8 Critical
The default configuration for the domain name resolver for Microsoft Windows 98, NT 4.0, 2000, and XP sets the QueryIpMatching parameter to 0, which causes Windows to accept DNS updates from hosts that it did not query, which allows remote attackers to poison the DNS cache.
CVE-1999-1549 1 Lynx Project 1 Lynx 2024-11-21 7.8 High
Lynx 2.x does not properly distinguish between internal and external HTML, which may allow a local attacker to read a "secure" hidden form value from a temporary file and craft a LYNXOPTIONS: URL that causes Lynx to modify the user's configuration file and execute commands.
CVE-2024-10534 2 Dataprom, Dataprom Informatics 3 Personnel Attendance Control Systems \/ Access Control Security Systems, Access Control Security Systems, Personnel Attendance Control Systems 2024-11-19 9.8 Critical
Origin Validation Error vulnerability in Dataprom Informatics Personnel Attendance Control Systems (PACS) / Access Control Security Systems (ACSS) allows Traffic Injection.This issue affects Personnel Attendance Control Systems (PACS) / Access Control Security Systems (ACSS): before 2024.
CVE-2024-51037 1 Kalcaddle 1 Kodbox 2024-11-18 5.3 Medium
An issue in kodbox v.1.52.04 and before allows a remote attacker to obtain sensitive information via the captcha feature in the password reset function.
CVE-2024-6674 2 Lollms, Parisneo 2 Lollms Web Ui, Lollms-webui 2024-11-01 7.1 High
A CORS misconfiguration in parisneo/lollms-webui prior to version 10 allows attackers to steal sensitive information such as logs, browser sessions, and settings containing private API keys from other services. This vulnerability can also enable attackers to perform actions on behalf of a user, such as deleting a project or sending a message. The issue impacts the confidentiality and integrity of the information.
CVE-2024-10460 2 Mozilla, Redhat 8 Firefox, Thunderbird, Enterprise Linux and 5 more 2024-10-31 5.4 Medium
The origin of an external protocol handler prompt could have been obscured using a data: URL within an `iframe`. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.
CVE-2024-9393 2 Mozilla, Redhat 9 Firefox, Firefox Esr, Thunderbird and 6 more 2024-10-30 7.5 High
An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://pdf.js` origin. This could allow them to access cross-origin PDF content. This access is limited to "same site" documents by the Site Isolation feature on desktop clients, but full cross-origin access is possible on Android versions. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131.
CVE-2024-7978 1 Google 1 Chrome 2024-10-29 4.3 Medium
Insufficient policy enforcement in Data Transfer in Google Chrome prior to 128.0.6613.84 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
CVE-2024-44734 1 Mirotalk 1 Mirotalk P2p 2024-10-16 7.5 High
Incorrect access control in Mirotalk before commit 9de226 allows attackers to arbitrarily change usernames via sending a crafted roomAction request to the server.
CVE-2024-9392 2 Mozilla, Redhat 9 Firefox, Firefox Esr, Thunderbird and 6 more 2024-10-04 9.8 Critical
A compromised content process could have allowed for the arbitrary loading of cross-origin pages. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131.