Microsoft Windows 10 - SSPI Network Authentication Session 0 Privilege Escalation

Windows: SSPI Network Authentication Session 0 EoP Platform: Windows 10 1803/1809 not tested earlier versions Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: Session boundary Summary: Performing an NTLM authentication to the same machine results in a network...

[SECURITY] Fedora 29 Update: krb5-1.16.1-24.fc29

Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of sending passwords over the network in unencrypted form...

Security update for Chromium (important)

This update to Chromium 71.0.3578.98 fixes the following issues: Security issues fixed boo1118529: - CVE-2018-17480: Out of bounds write in V8 - CVE-2018-17481: Use after frees in PDFium - CVE-2018-18335: Heap buffer overflow in Skia - CVE-2018-18336: Use after free in PDFium - CVE-2018-18337: Us...

KLA11734 Multiple vulnerabilities in Opera

Multiple vulnerabilities were found in Opera. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, execute arbitrary code, spoof user interface, obtain sensitive information. Below is a complete list of vulnerabilities: 1. Use after free...

CVE-2018-18353

Failure to dismiss http auth dialogs on navigation in Network Authentication in Google Chrome on Android prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of an auto dialog via a crafted HTML page...

CVE-2018-18353

Failure to dismiss http auth dialogs on navigation in Network Authentication in Google Chrome on Android prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of an auto dialog via a crafted HTML page...

CVE-2018-18353

Failure to dismiss http auth dialogs on navigation in Network Authentication in Google Chrome on Android prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of an auto dialog via a crafted HTML page...

Authentication flaw

Failure to dismiss http auth dialogs on navigation in Network Authentication in Google Chrome on Android prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of an auto dialog via a crafted HTML page...

CVE-2018-18353

Failure to dismiss http auth dialogs on navigation in Network Authentication in Google Chrome on Android prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of an auto dialog via a crafted HTML page...

CVE-2018-18353

This CVE refers to Google Chrome/Chromium’s Network Authentication component, where failure to dismiss HTTP auth dialogs on navigation could let a remote attacker confuse the user about the origin of an auto dialog. Connected advisories indicate the issue affects Chromium/Chrome builds before ver...

CVE-2018-18353

Failure to dismiss http auth dialogs on navigation in Network Authentication in Google Chrome on Android prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of an auto dialog via a crafted HTML page...

chromium-browser: Inappropriate implementation in Network Authentication

Failure to dismiss http auth dialogs on navigation in Network Authentication in Google Chrome on Android prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of an auto dialog via a crafted HTML page...

Debian DSA-4352-1 : chromium-browser - security update

Several vulnerabilities have been discovered in the chromium web browser. - CVE-2018-17480 Guang Gong discovered an out-of-bounds write issue in the v8 JavaScript library. - CVE-2018-17481 Several use-after-free issues were discovered in the pdfium library. - CVE-2018-18335 A buffer overflow issu...

[SECURITY] [DSA 4352-1] chromium-browser security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4352-1 [email protected] https://www.debian.org/security/ Michael Gilbert December 07, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4352-1] chromium-browser security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4352-1 [email protected] https://www.debian.org/security/ Michael Gilbert December 07, 2018 https://www.debian.org/security/faq -...

Google Chrome Network Authentication Elevation of Privilege Vulnerability

Google Chrome is a web browser developed by Google, Inc.Network Authentication is one of the network authentication components. A security vulnerability exists in Network Authentication in versions of Google Chrome prior to 71.0.3578.80. A remote attacker can exploit this vulnerability to gain...

CVE-2018-18353

Failure to dismiss http auth dialogs on navigation in Network Authentication in Google Chrome on Android prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of an auto dialog via a crafted HTML page...

krb5, libkadm5 security update

CentOS Errata and Security Advisory CESA-2018:3071 An update for krb5 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...

Yi IoT Home Camera Riddled with Code-Execution Vulnerabilities

Multiple vulnerabilities in the firmware used by the Yi Technology Home Camera version 27US have been found, which could allow remote code-execution on the connected devices. The Yi Home Camera i27US is one of the newer IoT camera models sold in the U.S. It’s an entry-level gadget, which lets...

Vulnerability Spotlight: Multiple Vulnerabilities in Yi Technology Home Camera

Vulnerabilities Discovered by Lilith xx of Cisco Talos. Overview Cisco Talos is disclosing multiple vulnerabilities in the firmware of the Yi Technology Home Camera. In order to prevent the exploitation of these vulnerabilities, Talos worked with Yi Technology to make sure a newer version of the...