#chrome

A week in security (August 7 - August 13)

Categories: News Tags: Zoom Tags: YouTube Tags: Chrome Tags: TikTok Tags: ransomware Tags: Cloudflare Tags: robocallers Tags: security advisor A list of topics we covered in the week of August 7 to August 13 of 2023 (Read more...) The post A week in security (August 7 - August 13) appeared first on Malwarebytes Labs.

2 years ago

Malwarebytes

Open in Source

#ios #android #mac #windows #chrome

GHSA-cx3j-qqxj-9597: Critters Cross-site Scripting Vulnerability

### Impact Critters version 0.0.17-0.0.19 have an issue when parsing the HTML which leads to a potential [cross-site scripting (XSS)](https://owasp.org/www-community/attacks/xss/) bug. ### Patches The bug has been fixed in `v0.0.20`. ### Workarounds Upgrading Critters version to `>0.0.20` is the easiest fix. This is a non breaking version upgrade so we recommend all users to use `v0.0.20`.

2 years ago

ghsa

Open in Source

#xss #vulnerability #google #git #chrome

CVE-2020-27449: Release Notes - ManageEngine Password Manager Pro

Cross Site Scripting (XSS) vulnerability in Query Report feature in Zoho ManageEngine Password Manager Pro version 11001, allows remote attackers to execute arbitrary code and steal cookies via crafted JavaScript payload.

CVE-2020-24075: Kalium Changelog - Laborator

Cross Site Scripting (XSS) vulnerability in Name Input Field in Contact Us form in Laborator Kalium before 3.0.4, allows remote attackers to execute arbitrary code.

2 years ago

CVE

Open in Source

#sql #xss #vulnerability #web #ios #android #windows #apple #google #microsoft #js #git #java #wordpress #intel #php #perl #auth #chrome #firefox #sap #ssl

CVE-2020-24904: Security issue · Issue #84 · davesteele/gnome-gmail

An issue was discovered in attach parameter in GNOME Gmail version 2.5.4, allows remote attackers to gain sensitive information via crafted "mailto" link.

2 years ago

CVE

Open in Source

#web #ubuntu #asus #ibm #chrome

CVE-2020-25915: There is a store Stored XSS vulnerability in user management · Issue #675 · thinkcmf/thinkcmf

Cross Site Scripting (XSS) vulnerability in UserController.php in ThinkCMF version 5.1.5, allows attackers to execute arbitrary code via crafted user_login.

2 years ago

CVE

Open in Source

#xss #vulnerability #web #windows #apple #js #java #php #chrome #webkit

CVE-2020-36082: An arbitrary file upload vulnerability was found · Issue #7 · alexlang24/bloofoxCMS

File Upload vulnerability in bloofoxCMS version 0.5.2.1, allows remote attackers to execute arbitrary code and escalate privileges via crafted webshell file to upload module.

2 years ago

CVE

Open in Source

#vulnerability #web #windows #apple #js #java #php #nginx #auth #chrome #webkit

CVE-2020-36138: Disallow striped and tiled tiffs except for DNG

An issue was discovered in decode_frame in libavcodec/tiff.c in FFmpeg version 4.3, allows remote attackers to cause a denial of service (DoS).

2 years ago

CVE

Open in Source

#dos #git #auth #chrome

CVE-2021-25856: Arbitrary file deletion vulnerability · Issue #1 · pcmt/superMicro-CMS

An issue was discovered in pcmt superMicro-CMS version 3.11, allows attackers to delete files via crafted image file in images.php.

2 years ago

CVE

Open in Source

#vulnerability #git #php #chrome

Enhancing TLS Security: Google Adds Quantum-Resistant Encryption in Chrome 116

Google has announced plans to add support for quantum-resistant encryption algorithms in its Chrome browser, starting with version 116. "Chrome will begin supporting X25519Kyber768 for establishing symmetric secrets in TLS, starting in Chrome 116, and available behind a flag in Chrome 115," Devon O'Brien said in a post published Thursday. Kyber was chosen by the U.S. Department of Commerce's

2 years ago

The Hacker News

Open in Source

#web #google #amazon #aws #ibm #zero_day #chrome #ssl #The Hacker News