Lucene search
K

5111 matches found

ATTACKERKB
ATTACKERKB
added 2022/02/12 12:15 a.m.5 views

CVE-2022-0098

Use after free in Screen Capture in Google Chrome on Chrome OS prior to 97.0.4692.71 allowed an attacker who convinced a user to perform specific user gestures to potentially exploit heap corruption via specific user gestures...

8.8CVSS7.8AI score0.00918EPSS
Exploits1References9
OSV
OSV
added 2022/02/12 12:15 a.m.5 views

CVE-2022-0098

Use after free in Screen Capture in Google Chrome on Chrome OS prior to 97.0.4692.71 allowed an attacker who convinced a user to perform specific user gestures to potentially exploit heap corruption via specific user gestures...

8.8CVSS9.7AI score
Exploits0References5
Prion
Prion
added 2022/02/12 12:15 a.m.21 views

Design/Logic Flaw

Use after free in Screen Capture in Google Chrome on Chrome OS prior to 97.0.4692.71 allowed an attacker who convinced a user to perform specific user gestures to potentially exploit heap corruption via specific user gestures...

6.8CVSS9.2AI score0.00918EPSS
Exploits1References5Affected Software2
UbuntuCve
UbuntuCve
added 2022/02/12 12:15 a.m.20 views

CVE-2022-0098

Use after free in Screen Capture in Google Chrome on Chrome OS prior to 97.0.4692.71 allowed an attacker who convinced a user to perform specific user gestures to potentially exploit heap corruption via specific user gestures...

8.8CVSS7.2AI score0.00918EPSS
Exploits1References1
OSV
OSV
added 2022/02/12 12:15 a.m.1 views

UBUNTU-CVE-2022-0098

Use after free in Screen Capture in Google Chrome on Chrome OS prior to 97.0.4692.71 allowed an attacker who convinced a user to perform specific user gestures to potentially exploit heap corruption via specific user gestures...

8.8CVSS7.3AI score0.00918EPSS
Exploits1References2
CVE
CVE
added 2022/02/11 11:35 p.m.113 views

CVE-2022-0098

CVE-2022-0098 involves a use-after-free in Chrome OS Screen Capture. The vulnerability can allow heap corruption when a user is convinced to perform specific gestures, potentially enabling arbitrary code execution. Affected software is Google Chrome/Chromium with the Screen Capture component prio...

8.8CVSS9.2AI score0.00918EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2022/02/11 11:35 p.m.18 views

CVE-2022-0098

Use after free in Screen Capture in Google Chrome on Chrome OS prior to 97.0.4692.71 allowed an attacker who convinced a user to perform specific user gestures to potentially exploit heap corruption via specific user gestures...

9.5AI score0.00918EPSS
Exploits1References5
Debian CVE
Debian CVE
added 2022/02/11 11:35 p.m.26 views

CVE-2022-0098

Use after free in Screen Capture in Google Chrome on Chrome OS prior to 97.0.4692.71 allowed an attacker who convinced a user to perform specific user gestures to potentially exploit heap corruption via specific user gestures...

8.8CVSS9.7AI score0.00918EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2022/02/09 12:0 a.m.27 views

Capture-replay in Gitea

Gitea is a project to help users set up a self-hosted Git service. Gitea before 1.11.2 is affected by Trusting HTTP Permission Methods on the Server Side when referencing the vulnerable admin or user API. This could allow a remote malicious user to execute arbitrary code...

9.8CVSS4.9AI score0.02139EPSS
Exploits0References9Affected Software1
hivepro
hivepro
added 2022/02/07 2:23 p.m.21 views

Iranian state-sponsored APT group MuddyWater targeting organizations via malicious executables

THREAT LEVEL: Red. United States Cyber Command USCYBERCOM has warned of an ongoing cyber attack by Iranian state sponsored actor named as MuddyWater. This APT group is currently targeting Middle Eastern countries and has also targeted European and North American nations. The Iranian-backed...

0.1AI score
Exploits0
Openbugbounty
Openbugbounty
added 2022/02/07 9:54 a.m.17 views

100halatov.ru Cross Site Scripting vulnerability OBB-2359932

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Exploits0
Tenable Nessus
Tenable Nessus
added 2022/02/07 12:0 a.m.20 views

Siemens SICAM MMU, SICAM T, and SICAM SGU Authentication Bypass By Capture-Replay (CVE-2020-10045)

A vulnerability has been identified in SICAM MMU All versions V2.05, SICAM SGU All versions, SICAM T All versions V2.18. An error in the challenge-response procedure could allow an attacker to replay authentication traffic and gain access to protected areas of the web application. This plugin onl...

8.8CVSS7.8AI score0.01066EPSS
Exploits0References3
OSV
OSV
added 2022/02/04 2:15 a.m.3 views

CVE-2021-45735

TOTOLINK X5000R v9.1.0u.6118B20201102 was discovered to use the HTTP protocol for authentication into the admin interface, allowing attackers to intercept user credentials via packet capture software...

7.5CVSS5.8AI score0.03798EPSS
Exploits1References1
NVD
NVD
added 2022/02/04 2:15 a.m.15 views

CVE-2021-45735

TOTOLINK X5000R v9.1.0u.6118B20201102 was discovered to use the HTTP protocol for authentication into the admin interface, allowing attackers to intercept user credentials via packet capture software...

7.5CVSS0.03798EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2022/02/04 2:15 a.m.2 views

CVE-2021-45735

TOTOLINK X5000R v9.1.0u.6118B20201102 was discovered to use the HTTP protocol for authentication into the admin interface, allowing attackers to intercept user credentials via packet capture software...

7.5CVSS5.9AI score0.03798EPSS
Exploits1References2
Prion
Prion
added 2022/02/04 2:15 a.m.15 views

Design/Logic Flaw

TOTOLINK X5000R v9.1.0u.6118B20201102 was discovered to use the HTTP protocol for authentication into the admin interface, allowing attackers to intercept user credentials via packet capture software...

5CVSS7.7AI score0.03798EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2022/02/04 1:33 a.m.56 views

CVE-2021-45735

CVE-2021-45735 affects TOTOLINK X5000R, specifically v9.1.0u.6118_B20201102. The vulnerability results from the device using the HTTP protocol for admin interface authentication, enabling credential interception via packet capture and exposure of user credentials. Root cause: credential input is ...

7.5CVSS7.7AI score0.03798EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2022/02/04 12:0 a.m.4 views

TotoLink X5000R 授权问题漏洞

The TotoLink X5000R is a router from China's Gion Electronics TotoLink. The TOTOLINK X5000R v9.1.0u.6118B20201102 suffers from an authorization issue vulnerability that allows attackers to intercept user credentials via packet capture software...

7.5CVSS7.4AI score0.03798EPSS
Exploits1References2
Qualys Blog
Qualys Blog
added 2022/02/03 7:22 a.m.38 views

Catching the RAT called Agent Tesla

For the last few years, the Qualys Research Team has been observing an infamous "Malware-as-a-service" RAT Remote Access Trojan called Agent Tesla. It first appeared in 2014, and since then many variants have been deployed. This malware uses multiple techniques for evading detection as well as...

0.1AI score
Exploits0
Mageia
Mageia
added 2022/02/02 9:29 p.m.69 views

Updated chromium-browser-stable packages fix security vulnerability

CVE-2022-0096: Use after free in Storage. CVE-2022-0097: Inappropriate implementation in DevTools. CVE-2022-0098: Use after free in Screen Capture. CVE-2022-0099: Use after free in Sign-in. CVE-2022-0100: Heap buffer overflow in Media streams API. CVE-2022-0101: Heap buffer overflow in Bookmarks...

9.6CVSS8.5AI score0.85352EPSS
Exploits21References3
Rows per page
Query Builder