153 matches found
GHSA-PXV2-MFQ7-VHP6 Jenkins Inedo BuildMaster Plugin showed plain text password in configuration form
Jenkins Inedo BuildMaster Plugin Plugin stores a service password in its global Jenkins configuration. While the password is stored encrypted on disk, it was transmitted in plain text as part of the configuration form. This could result in exposure of the password through browser extensions,...
Exposure of Sensitive Information in Jenkins Datadog plugin
The Datadog Plugin stores an API key to access the Datadog service in the global Jenkins configuration. While the API key is stored encrypted on disk, it was transmitted in plain text as part of the configuration form. This could result in exposure of the API key for example through browser...
GHSA-HF7W-F4H4-9XP8 Exposure of Sensitive Information in Jenkins Datadog plugin
The Datadog Plugin stores an API key to access the Datadog service in the global Jenkins configuration. While the API key is stored encrypted on disk, it was transmitted in plain text as part of the configuration form. This could result in exposure of the API key for example through browser...
CVE-2022-28795
A vulnerability within the Avira Password Manager Browser Extensions provided a potential loophole where, if a user visited a page crafted by an attacker, the discovered vulnerability could trigger the Password Manager Extension to fill in the password field automatically. An attacker could then...
Design/Logic Flaw
A vulnerability within the Avira Password Manager Browser Extensions provided a potential loophole where, if a user visited a page crafted by an attacker, the discovered vulnerability could trigger the Password Manager Extension to fill in the password field automatically. An attacker could then...
CVE-2022-28795
CVE-2022-28795 affects Avira Password Manager Browser Extensions (Chrome, Edge, Opera, Firefox, Safari). A loophole could allow an attacker-supplied page to trigger the extension to autofill the password field, enabling access via JavaScript. The issue was fixed in extensions version 2.18.5 (Chro...
CVE-2022-28795
A vulnerability within the Avira Password Manager Browser Extensions provided a potential loophole where, if a user visited a page crafted by an attacker, the discovered vulnerability could trigger the Password Manager Extension to fill in the password field automatically. An attacker could then...
Avira Password Manager Browser Extensions 安全漏洞
Avira Password Manager Browser Extensions is a password management software by Little Red Umbrella, which is designed for chrome and can also be used on edge browsers to ensure that users can manage their passwords on the web. A security vulnerability exists in Avira Password Manager Browser...
CVE-2022-0815
Improper access control vulnerability in McAfee WebAdvisor Chrome and Edge browser extensions up to 8.1.0.1895 allows a remote attacker to gain access to McAfee WebAdvisor settings and other details about the user’s system. This could lead to unexpected behaviors including; settings being changed...
Microsoft Edge browser extensions are not retained in Citrix user profile
Microsoft EDGE browser extensions are not being saved to the users' Citrix Profile Management user store folder...
The vulnerability of Google Chrome browser extensions, which allows a hacker to execute arbitrary code.
The vulnerability of Google Chrome’s browser extensions is caused by an overflow in the buffer of dynamic memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code through a specially created web page from a remote location...
The best browsers for privacy and security
Unfortunately there is a low correlation factor between what most people find the best browsers and what are the best browsers when it comes to privacy and security. If you look at the market share of the most popular browsers, there is one browser that steals the crown without a lot of...
Raccoon Stealer Bundles Malware, Propagates Via SEO
Criminals behind the Raccoon Stealer platform have updated their services to include tools for siphoning cryptocurrency from a target’s computer and new remote access features for dropping malware and scooping up files. The stealer-as-a-service platform, whose customers are typically rookie...
What is scareware?
Scareware is a type of rogue program which has been around for many years, arguably dating back to 1990. It can be installed without permission, or via deception and false promises. Scareware is primarily used to panic or worry someone into performing a task they otherwise wouldn’t have done. The...
How to Make Sure Your Browser Extensions Are Safe
As useful as all those add-ons can be, don't get complacent when it comes to making sure they're also secure...
The vulnerability of Google Chrome’s browser extensions allows a perpetrator to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of Google Chrome’s browser extensions relates to the use of memory after it is freed. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...
Is Your Browser Extension a Botnet Backdoor?
A company that rents out access to more than 10 million Web browsers so that clients can hide their true Internet addresses has built its network by paying browser extension makers to quietly include its code in their creations. This story examines the lopsided economics of extension development,...
Malware infected browser extensions stealing Chrome, Edge user data
By Waqas Avast noted that the malware is quite tricky and does not execute itself if the victim is a web developer as it will be easy for them to identify its malicious activities. This is a post from HackRead.com Read the original post: Malware infected browser extensions stealing Chrome, Edge...
Malicious Google Web Extensions Harvest Cryptowallet Secrets
Large campaigns that are spreading malicious browser extensions are abusing Google Ads and well-known cryptocurrency brands to draw in victims. Extensions can be installed to add widgets or other functionality to web browsers; they offer the ability to do everything from setting a special search...
Google, Mozilla Ban Hundreds of Browser Extensions in Chrome, Firefox
UPDATE Both the Google Chrome and Mozilla Firefox teams are cracking down on web browser extensions that steal user data and execute remote code, among other bad actions. Browser extensions are add-ons that users can install to enhance their web surfing experience – they offer the ability to do...