50 matches found
USN-4134-2 ibus regression
USN-4134-1 fixed a vulnerability in IBus. The security fix introduced a regression when being used with Qt applications. This update reverts the security fix pending further investigation. Original advisory details: Simon McVittie discovered that IBus did not enforce appropriate access controls o...
USN-4134-1 ibus vulnerability
Simon McVittie discovered that IBus did not enforce appropriate access controls on its private D-Bus socket. A local unprivileged user who discovers the IBus socket address of another user could exploit this to capture the key strokes of the other user...
Oil and Gas Firms Targeted By New LYCEUM Threat Group
Researchers have identified a never-before-seen threat group targeting Middle East critical infrastructure organizations with novel malware, sent via spearphishing emails. The threat group, LYCEUM, was observed in 2019 sending spear phishing emails harboring malicious Microsoft Excel attachments ...
Synaptics Keyboard Driver Unprotected Debug Mode - us
Synaptics Keyboard Driver Unprotected Debug Mode Lenovo Security Advisory: LEN-18507 Potential Impact: Loss of confidentiality local to system Severity: Medium Scope of Impact: Industry-wide CVE Identifier: CVE-2017-17556 Summary Description: A researcher discovered a vulnerability in Synaptics...
FormBook—Cheap Password Stealing Malware Used In Targeted Attacks
It seems sophisticated hackers have changed the way they conduct targeted cyber operations—instead of investing in zero-days and developing their malware; some hacking groups have now started using ready-made malware just like script kiddies. Possibly, this could be a smart move for state-sponsor...
UBUNTU-CVE-2016-3100
kinit in KDE Frameworks before 5.23.0 uses weak permissions 644 for /tmp/xauth-xxx-y, which allows local users to obtain X11 cookies of other users and consequently capture keystrokes and possibly gain privileges by reading the file...
CVE-2016-2856
ptchown in the glibc package before 2.19-18+deb8u4 on Debian jessie; the elibc package before 2.15-0ubuntu10.14 on Ubuntu 12.04 LTS and before 2.19-0ubuntu6.8 on Ubuntu 14.04 LTS; and the glibc package before 2.21-0ubuntu4.2 on Ubuntu 15.10 and before 2.23-0ubuntu1 on Ubuntu 16.04 LTS and 16.10...
CVE-2016-2856
CVE-2016-2856 affects glibc//pt_chown and related packages across Debian/Ubuntu releases. Root cause: pt_chown lacks a namespace check for file-descriptor passing, enabling a local attacker to capture keystrokes, spoof data, and potentially gain privileges via pts read/write. Affected: Debian jes...
UBUNTU-CVE-2016-2856
ptchown in the glibc package before 2.19-18+deb8u4 on Debian jessie; the elibc package before 2.15-0ubuntu10.14 on Ubuntu 12.04 LTS and before 2.19-0ubuntu6.8 on Ubuntu 14.04 LTS; and the glibc package before 2.21-0ubuntu4.2 on Ubuntu 15.10 and before 2.23-0ubuntu1 on Ubuntu 16.04 LTS and 16.10...
UBUNTU-CVE-2011-5319
content/renderer/devicesensors/devicemotioneventpump.cc in Google Chrome before 41.0.2272.76 does not properly restrict access to high-rate accelerometer data, which makes it easier for remote attackers to capture keystrokes via a crafted web site that listens for ondevicemotion events, a differe...
Adobe Flash Player Multiple Vulnerabilities-01 (Jan 2015) - Linux
Adobe Flash Player is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:adobe:flashplayer";...
Ubuntu Update for xorg-server USN-1803-1
Check for the Version of xorg-server OpenVAS Vulnerability Test $Id: gbubuntuUSN18031.nasl 8448 2018-01-17 16:18:06Z teissa $ Ubuntu Update for xorg-server USN-1803-1 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free...
CVE-2011-3663
Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to capture keystrokes entered on a web page, even when JavaScript is disabled, by using SVG animation accessKey events within that web page...
CVE-2011-3663
Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to capture keystrokes entered on a web page, even when JavaScript is disabled, by using SVG animation accessKey events within that web page...
CVE-2011-3663
CVE-2011-3663 affects Mozilla Firefox 4.x–8.0, Thunderbird 5.0–8.0, and SeaMonkey before 2.6. It allows remote attackers to capture keystrokes entered on a web page via SVG animation accessKey events, even when JavaScript is disabled. The description in the provided documents states the affected ...
CVE-2011-3663
Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to capture keystrokes entered on a web page, even when JavaScript is disabled, by using SVG animation accessKey events within that web page...
New Research Shows Possibility of Using an iPhone as a Keylogger
Researchers from MIT and Georgia Tech have developed a new technique that enables them to use the accelerometer in an iPhone or other smartphone to capture keystrokes from a nearby PC and decipher the typed words with about 80 percent accuracy. The tactic, while quite complicated, could be used t...
Windows Capture Keystroke Recorder
This module can be used to capture keystrokes. To capture keystrokes when the session is running as SYSTEM, the MIGRATE option must be enabled and the CAPTURETYPE option should be set to one of Explorer, Winlogon, or a specific PID. To capture the keystrokes of the interactive user, the Explorer...
Ubuntu 8.04 LTS / 10.04 LTS : firefox, firefox-3.0, xulrunner-1.9.2 vulnerabilities (USN-930-1)
If was discovered that Firefox could be made to access freed memory. If a user were tricked into viewing a malicious site, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 8.0...
Mozilla Products Multiple Vulnerabilities Mar-10 (Windows)
The host is installed with Mozilla Firefox/Seamonkey/Thunderbird and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: secpodmozillaprdtsmultvulnmar10win.nasl 6444 2017-06-27 11:24:02Z santu $ Mozilla Products Multiple Vulnerabilities Mar-10 Windows Authors: Antu Sanadi...