Security
Headlines
HeadlinesLatestCVEs

Tag

#chrome

GHSA-cx3j-qqxj-9597: Critters Cross-site Scripting Vulnerability

### Impact Critters version 0.0.17-0.0.19 have an issue when parsing the HTML which leads to a potential [cross-site scripting (XSS)](https://owasp.org/www-community/attacks/xss/) bug. ### Patches The bug has been fixed in `v0.0.20`. ### Workarounds Upgrading Critters version to `>0.0.20` is the easiest fix. This is a non breaking version upgrade so we recommend all users to use `v0.0.20`.

ghsa
Open in Source
#xss#vulnerability#google#git#chrome
CVE-2020-36138: Disallow striped and tiled tiffs except for DNG

An issue was discovered in decode_frame in libavcodec/tiff.c in FFmpeg version 4.3, allows remote attackers to cause a denial of service (DoS).

CVE-2021-25856: Arbitrary file deletion vulnerability · Issue #1 · pcmt/superMicro-CMS

An issue was discovered in pcmt superMicro-CMS version 3.11, allows attackers to delete files via crafted image file in images.php.

CVE-2020-24075: Kalium Changelog - Laborator

Cross Site Scripting (XSS) vulnerability in Name Input Field in Contact Us form in Laborator Kalium before 3.0.4, allows remote attackers to execute arbitrary code.

CVE-2020-24904: Security issue · Issue #84 · davesteele/gnome-gmail

An issue was discovered in attach parameter in GNOME Gmail version 2.5.4, allows remote attackers to gain sensitive information via crafted "mailto" link.

CVE-2020-25915: There is a store Stored XSS vulnerability in user management · Issue #675 · thinkcmf/thinkcmf

Cross Site Scripting (XSS) vulnerability in UserController.php in ThinkCMF version 5.1.5, allows attackers to execute arbitrary code via crafted user_login.

CVE-2020-36082: An arbitrary file upload vulnerability was found · Issue #7 · alexlang24/bloofoxCMS

File Upload vulnerability in bloofoxCMS version 0.5.2.1, allows remote attackers to execute arbitrary code and escalate privileges via crafted webshell file to upload module.

Enhancing TLS Security: Google Adds Quantum-Resistant Encryption in Chrome 116

Google has announced plans to add support for quantum-resistant encryption algorithms in its Chrome browser, starting with version 116. "Chrome will begin supporting X25519Kyber768 for establishing symmetric secrets in TLS, starting in Chrome 116, and available behind a flag in Chrome 115," Devon O'Brien said in a post published Thursday. Kyber was chosen by the U.S. Department of Commerce's

Google’s “browse privately” is nothing more than a word play, lawyers say

Categories: News Categories: Privacy Tags: Google Tags: Chrome Tags: Incognito Tags: private mode Tags: fingerprinting Tags: cookies Tags: tracking Private browsing is not what users expect it to be (Read more...) The post Google’s “browse privately” is nothing more than a word play, lawyers say appeared first on Malwarebytes Labs.