News aggregator

CVE-2018-6087

National Vulnerability Database - Tue, 12/04/2018 - 12:29
A use-after-free in WebAssembly in Google Chrome prior to 66.0.3359.106 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
Categories: Security News

CVE-2018-6088

National Vulnerability Database - Tue, 12/04/2018 - 12:29
An iterator-invalidation bug in PDFium in Google Chrome prior to 66.0.3359.106 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file.
Categories: Security News

CVE-2018-6089

National Vulnerability Database - Tue, 12/04/2018 - 12:29
A lack of CORS checks, after a Service Worker redirected to a cross-origin PDF, in Service Worker in Google Chrome prior to 66.0.3359.106 allowed a remote attacker to leak limited cross-origin data via a crafted HTML page.
Categories: Security News

CVE-2018-6090

National Vulnerability Database - Tue, 12/04/2018 - 12:29
An integer overflow that lead to a heap buffer-overflow in Skia in Google Chrome prior to 66.0.3359.106 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
Categories: Security News

CVE-2018-6092

National Vulnerability Database - Tue, 12/04/2018 - 12:29
An integer overflow on 32-bit systems in WebAssembly in Google Chrome prior to 66.0.3359.106 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
Categories: Security News

CVE-2018-6094

National Vulnerability Database - Tue, 12/04/2018 - 12:29
Inline metadata in GarbageCollection in Google Chrome prior to 66.0.3359.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Categories: Security News

CVE-2018-6095

National Vulnerability Database - Tue, 12/04/2018 - 12:29
Inappropriate dismissal of file picker on keyboard events in Blink in Google Chrome prior to 66.0.3359.106 allowed a remote attacker to read local files via a crafted HTML page.
Categories: Security News

CVE-2018-6098

National Vulnerability Database - Tue, 12/04/2018 - 12:29
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.106 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
Categories: Security News

CVE-2018-6099

National Vulnerability Database - Tue, 12/04/2018 - 12:29
A lack of CORS checks in Blink in Google Chrome prior to 66.0.3359.106 allowed a remote attacker to leak limited cross-origin data via a crafted HTML page.
Categories: Security News

CVE-2018-6101

National Vulnerability Database - Tue, 12/04/2018 - 12:29
A lack of host validation in DevTools in Google Chrome prior to 66.0.3359.106 allowed a remote attacker to execute arbitrary code via a crafted HTML page, if the user is running a remote DevTools debugging server.
Categories: Security News

CVE-2018-6102

National Vulnerability Database - Tue, 12/04/2018 - 12:29
Missing confusable characters in Internationalization in Google Chrome prior to 66.0.3359.106 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
Categories: Security News

CVE-2018-6103

National Vulnerability Database - Tue, 12/04/2018 - 12:29
A stagnant permission prompt in Prompts in Google Chrome prior to 66.0.3359.106 allowed a remote attacker to bypass permission policy via a crafted HTML page.
Categories: Security News

CVE-2018-6104

National Vulnerability Database - Tue, 12/04/2018 - 12:29
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.106 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
Categories: Security News

CVE-2018-6105

National Vulnerability Database - Tue, 12/04/2018 - 12:29
Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 66.0.3359.106 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
Categories: Security News

CVE-2018-6107

National Vulnerability Database - Tue, 12/04/2018 - 12:29
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.106 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
Categories: Security News

CVE-2018-6108

National Vulnerability Database - Tue, 12/04/2018 - 12:29
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.106 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted HTML page.
Categories: Security News

CVE-2018-6115

National Vulnerability Database - Tue, 12/04/2018 - 12:29
Inappropriate setting of the SEE_MASK_FLAG_NO_UI flag in file downloads in Google Chrome prior to 66.0.3359.106 allowed a remote attacker to potentially bypass OS malware checks via a crafted HTML page.
Categories: Security News

CVE-2018-6116

National Vulnerability Database - Tue, 12/04/2018 - 12:29
A nullptr dereference in WebAssembly in Google Chrome prior to 66.0.3359.106 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
Categories: Security News

CVE-2018-11347

National Vulnerability Database - Tue, 12/04/2018 - 12:29
The YunoHost 2.7.2 through 2.7.14 web application is affected by one HTTP Response Header Injection. This flaw allows an attacker to inject, into the response from the server, one or several HTTP Header. It requires an interaction with the user to send him the malicious link. It could be used to perform other attacks such as user redirection to a malicious website, HTTP response splitting, or HTTP cache poisoning.
Categories: Security News

CVE-2018-11348

National Vulnerability Database - Tue, 12/04/2018 - 12:29
Two XSS vulnerabilities are located in the profile edition page of the user panel of the YunoHost 2.7.2 through 2.7.14 web application. By injecting a JavaScript payload, these flaws could be used to manipulate a user's session.
Categories: Security News

Pages