Search Hints

  • Try searching for a product or vendor.
  • Only vulnerabilities that match all search terms will be returned.
  • Enclose search terms in double quotes for an exact search.
  • For CVE searches, only enter the CVE-YYYY-XXXX code.

Displaying vulnerability details 1 - 10 of 63778 in total

SUSE Linux Security Vulnerability: CVE-2015-3216 Vulnerability

  • Severity: 4
  • Published: June 28, 2015

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

SUSE Linux Security Vulnerability: CVE-2015-1268 Vulnerability

  • Severity: 5
  • Published: June 25, 2015

bindings/scripts/v8_types.py in Blink, as used in Google Chrome before 43.0.2357.130, does not properly select a creation context for a return value's DOM wrapper, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code, as demonstrated by use of a data: URL.

SUSE Linux Security Vulnerability: CVE-2015-1267 Vulnerability

  • Severity: 5
  • Published: June 25, 2015

Blink, as used in Google Chrome before 43.0.2357.130, does not properly restrict the creation context during creation of a DOM wrapper, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code that uses a Blink public API, related to WebArrayBufferConverter.cpp, WebBlob.cpp, WebDOMError.cpp, and WebDOMFi...

SUSE Linux Security Vulnerability: CVE-2015-0848 Vulnerability

  • Severity: 4
  • Published: June 25, 2015

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Google Chrome Vulnerability: CVE-2015-1268 Vulnerability

  • Severity: 5
  • Published: June 25, 2015

bindings/scripts/v8_types.py in Blink, as used in Google Chrome before 43.0.2357.130, does not properly select a creation context for a return value's DOM wrapper, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code, as demonstrated by use of a data: URL.

Google Chrome Vulnerability: CVE-2015-1266 Vulnerability

  • Severity: 5
  • Published: June 25, 2015

content/browser/webui/content_web_ui_controller_factory.cc in Google Chrome before 43.0.2357.130 does not properly consider the scheme in determining whether a URL is associated with a WebUI SiteInstance, which allows remote attackers to bypass intended access restrictions via a similar URL, as demonstrated by use of http://gpu when ther...

Google Chrome Vulnerability: CVE-2015-1267 Vulnerability

  • Severity: 5
  • Published: June 25, 2015

Blink, as used in Google Chrome before 43.0.2357.130, does not properly restrict the creation context during creation of a DOM wrapper, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code that uses a Blink public API, related to WebArrayBufferConverter.cpp, WebBlob.cpp, WebDOMError.cpp, and WebDOMFi...

Google Chrome Vulnerability: CVE-2015-1269 Vulnerability

  • Severity: 4
  • Published: June 25, 2015

The DecodeHSTSPreloadRaw function in net/http/transport_security_state.cc in Google Chrome before 43.0.2357.130 does not properly canonicalize DNS hostnames before making comparisons to HSTS or HPKP preload entries, which allows remote attackers to bypass intended access restrictions via a string that (1) ends in a . (dot) character or (...

SUSE Linux Security Vulnerability: CVE-2015-4588 Vulnerability

  • Severity: 4
  • Published: June 25, 2015

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

SUSE Linux Security Vulnerability: CVE-2015-1269 Vulnerability

  • Severity: 4
  • Published: June 25, 2015

The DecodeHSTSPreloadRaw function in net/http/transport_security_state.cc in Google Chrome before 43.0.2357.130 does not properly canonicalize DNS hostnames before making comparisons to HSTS or HPKP preload entries, which allows remote attackers to bypass intended access restrictions via a string that (1) ends in a . (dot) character or (...