chrome

CVE-2020-28041: GitHub - samyk/slipstream: NAT Slipstreaming allows an attacker to remotely access any TCP/UDP services bound to a victim machine, bypassing the victim’s NAT/firewall, just by anyone on the victim's n

The SIP ALG implementation on NETGEAR Nighthawk R7000 1.0.9.64_10.2.64 devices allows remote attackers to communicate with arbitrary TCP and UDP services on a victim's intranet machine, if the victim visits an attacker-controlled web site with a modern browser, aka NAT Slipstreaming. This occurs because the ALG takes action based on an IP packet with an initial REGISTER substring in the TCP data, and the correct intranet IP address in the subsequent Via header, without properly considering that connection progress and fragmentation affect the meaning of the packet data.

4 years ago

CVE

Open in Source

#web #mac #apple #google #linux #js #git #java #intel #perl #samba #auth #ssh #chrome #webkit #firefox #ssl

CVE-2020-24303: grafana/CHANGELOG.md at main · grafana/grafana

Grafana before 7.1.0-beta 1 allows XSS via a query alias for the ElasticSearch datasource.

CVE-2019-11556: Changelog — pagure documentation

Pagure before 5.6 allows XSS via the templates/blame.html blame view.

4 years ago

CVE

Open in Source

#sql #xss #csrf #web #mac #google #apache #redis #js #git #java #perl #nginx #auth #ssh #rpm #postgres #docker #chrome #ssl

CVE-2020-6574: Stable Channel Update for Desktop

Insufficient policy enforcement in installer in Google Chrome on OS X prior to 85.0.4183.102 allowed a local attacker to potentially achieve privilege escalation via a crafted binary.

4 years ago

Insufficient validation of untrusted input in command line handling in Google Chrome on Windows prior to 85.0.4183.83 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

4 years ago

CVE

Open in Source

#windows #google #chrome

CVE-2020-6560: Stable Channel Update for Desktop

Insufficient policy enforcement in autofill in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

4 years ago

CVE

Open in Source

#google #chrome

CVE-2020-16602: Razer Chroma SDK: Main Page

Razer Chroma SDK Rest Server through 3.12.17 allows remote attackers to execute arbitrary programs because there is a race condition in which a file created under "%PROGRAMDATA%\Razer Chroma\SDK\Apps" can be replaced before it is executed by the server. The attacker must have access to port 54236 for a registration step.

4 years ago

CVE

Open in Source

#chrome

CVE-2020-15020: Elementor Website Builder – More than Just a Page Builder

An issue was discovered in the Elementor plugin through 2.9.13 for WordPress. An authenticated attacker can achieve stored XSS via the Name Your Template field.

4 years ago

CVE

Open in Source

#sql #xss #vulnerability #web #ios #android #mac #windows #apple #google #js #git #wordpress #php #perl #acer #auth #chrome #webkit #firefox #sap #ssl

CVE-2020-14356: kernel NULL pointer dereference in __cgroup_bpf_run_filter_skb

A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system. A local user could use this flaw to crash the system or escalate their privileges on the system.

CVE-2020-24368: icingaweb2/CHANGELOG.md at master · Icinga/icingaweb2

Icinga Icinga Web2 2.0.0 through 2.6.4, 2.7.4 and 2.8.2 has a Directory Traversal vulnerability which allows an attacker to access arbitrary files that are readable by the process running Icinga Web 2. This issue is fixed in Icinga Web 2 in v2.6.4, v2.7.4 and v2.8.2.

4 years ago

CVE

Open in Source

#sql #vulnerability #web #mac #windows #microsoft #ubuntu #linux #debian #apache #js #git #java #oracle #php #rce #perl #ldap #pdf #auth #ssh #rpm #postgres #chrome #firefox #sap #ssl

Tag

#chrome