Lucene search
+L

153 matches found

OSV
OSV
added 2022/05/24 4:56 p.m.17 views

GHSA-PXV2-MFQ7-VHP6 Jenkins Inedo BuildMaster Plugin showed plain text password in configuration form

Jenkins Inedo BuildMaster Plugin Plugin stores a service password in its global Jenkins configuration. While the password is stored encrypted on disk, it was transmitted in plain text as part of the configuration form. This could result in exposure of the password through browser extensions,...

3.1CVSS7.3AI score0.00947EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/05/17 12:33 a.m.23 views

Exposure of Sensitive Information in Jenkins Datadog plugin

The Datadog Plugin stores an API key to access the Datadog service in the global Jenkins configuration. While the API key is stored encrypted on disk, it was transmitted in plain text as part of the configuration form. This could result in exposure of the API key for example through browser...

4.3CVSS1.1AI score0.01038EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/05/17 12:33 a.m.35 views

GHSA-HF7W-F4H4-9XP8 Exposure of Sensitive Information in Jenkins Datadog plugin

The Datadog Plugin stores an API key to access the Datadog service in the global Jenkins configuration. While the API key is stored encrypted on disk, it was transmitted in plain text as part of the configuration form. This could result in exposure of the API key for example through browser...

3.1CVSS3.5AI score0.01038EPSS
Exploits0References3
NVD
NVD
added 2022/04/12 5:15 p.m.15 views

CVE-2022-28795

A vulnerability within the Avira Password Manager Browser Extensions provided a potential loophole where, if a user visited a page crafted by an attacker, the discovered vulnerability could trigger the Password Manager Extension to fill in the password field automatically. An attacker could then...

6.5CVSS0.00983EPSS
Exploits0References1
Prion
Prion
added 2022/04/12 5:15 p.m.29 views

Design/Logic Flaw

A vulnerability within the Avira Password Manager Browser Extensions provided a potential loophole where, if a user visited a page crafted by an attacker, the discovered vulnerability could trigger the Password Manager Extension to fill in the password field automatically. An attacker could then...

4.3CVSS6.3AI score0.00983EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/04/12 4:11 p.m.73 views

CVE-2022-28795

CVE-2022-28795 affects Avira Password Manager Browser Extensions (Chrome, Edge, Opera, Firefox, Safari). A loophole could allow an attacker-supplied page to trigger the extension to autofill the password field, enabling access via JavaScript. The issue was fixed in extensions version 2.18.5 (Chro...

6.5CVSS6.3AI score0.00983EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/04/12 4:11 p.m.22 views

CVE-2022-28795

A vulnerability within the Avira Password Manager Browser Extensions provided a potential loophole where, if a user visited a page crafted by an attacker, the discovered vulnerability could trigger the Password Manager Extension to fill in the password field automatically. An attacker could then...

6.6AI score0.00983EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/04/12 12:0 a.m.8 views

Avira Password Manager Browser Extensions 安全漏洞

Avira Password Manager Browser Extensions is a password management software by Little Red Umbrella, which is designed for chrome and can also be used on edge browsers to ensure that users can manage their passwords on the web. A security vulnerability exists in Avira Password Manager Browser...

6.5CVSS6.5AI score0.00983EPSS
Exploits0References2
NVD
NVD
added 2022/03/10 11:15 p.m.34 views

CVE-2022-0815

Improper access control vulnerability in McAfee WebAdvisor Chrome and Edge browser extensions up to 8.1.0.1895 allows a remote attacker to gain access to McAfee WebAdvisor settings and other details about the user’s system. This could lead to unexpected behaviors including; settings being changed...

7.5CVSS0.00982EPSS
Exploits0References1
Citrix
Citrix
added 2022/01/06 12:0 a.m.15 views

Microsoft Edge browser extensions are not retained in Citrix user profile

Microsoft EDGE browser extensions are not being saved to the users' Citrix Profile Management user store folder...

6.9AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2021/12/16 12:0 a.m.9 views

The vulnerability of Google Chrome browser extensions, which allows a hacker to execute arbitrary code.

The vulnerability of Google Chrome’s browser extensions is caused by an overflow in the buffer of dynamic memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code through a specially created web page from a remote location...

10CVSS8.3AI score0.01052EPSS
Exploits0References12Affected Software7
Malwarebytes
Malwarebytes
added 2021/08/25 5:6 p.m.44 views

The best browsers for privacy and security

Unfortunately there is a low correlation factor between what most people find the best browsers and what are the best browsers when it comes to privacy and security. If you look at the market share of the most popular browsers, there is one browser that steals the crown without a lot of...

6.8AI score
Exploits0
ThreatPost
ThreatPost
added 2021/08/03 3:28 p.m.176 views

Raccoon Stealer Bundles Malware, Propagates Via SEO

Criminals behind the Raccoon Stealer platform have updated their services to include tools for siphoning cryptocurrency from a target’s computer and new remote access features for dropping malware and scooping up files. The stealer-as-a-service platform, whose customers are typically rookie...

7.8AI score
Exploits0References5
Malwarebytes
Malwarebytes
added 2021/07/16 9:44 a.m.217 views

What is scareware?

Scareware is a type of rogue program which has been around for many years, arguably dating back to 1990. It can be installed without permission, or via deception and false promises. Scareware is primarily used to panic or worry someone into performing a task they otherwise wouldn’t have done. The...

7.3AI score
Exploits0
Wired Threat Level
Wired Threat Level
added 2021/06/27 11:0 a.m.53 views

How to Make Sure Your Browser Extensions Are Safe

As useful as all those add-ons can be, don't get complacent when it comes to making sure they're also secure...

1.9AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2021/04/27 12:0 a.m.10 views

The vulnerability of Google Chrome’s browser extensions allows a perpetrator to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of Google Chrome’s browser extensions relates to the use of memory after it is freed. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

7.3CVSS7.6AI score0.01022EPSS
Exploits0References11Affected Software6
Krebs on Security
Krebs on Security
added 2021/03/01 5:22 p.m.194 views

Is Your Browser Extension a Botnet Backdoor?

A company that rents out access to more than 10 million Web browsers so that clients can hide their true Internet addresses has built its network by paying browser extension makers to quietly include its code in their creations. This story examines the lopsided economics of extension development,...

7.2AI score
Exploits0
HackRead
HackRead
added 2020/12/17 7:33 p.m.34 views

Malware infected browser extensions stealing Chrome, Edge user data

By Waqas Avast noted that the malware is quite tricky and does not execute itself if the victim is a web developer as it will be easy for them to identify its malicious activities. This is a post from HackRead.com Read the original post: Malware infected browser extensions stealing Chrome, Edge...

3AI score
Exploits0
ThreatPost
ThreatPost
added 2020/04/15 9:10 p.m.90 views

Malicious Google Web Extensions Harvest Cryptowallet Secrets

Large campaigns that are spreading malicious browser extensions are abusing Google Ads and well-known cryptocurrency brands to draw in victims. Extensions can be installed to add widgets or other functionality to web browsers; they offer the ability to do everything from setting a special search...

6.8AI score
Exploits0References8
ThreatPost
ThreatPost
added 2020/01/27 9:26 p.m.20989 views

Google, Mozilla Ban Hundreds of Browser Extensions in Chrome, Firefox

UPDATE Both the Google Chrome and Mozilla Firefox teams are cracking down on web browser extensions that steal user data and execute remote code, among other bad actions. Browser extensions are add-ons that users can install to enhance their web surfing experience – they offer the ability to do...

0.26869EPSS
Exploits0References15
Rows per page
Query Builder