EUVD-2011-3340

Malware in sbrugna...

EUVD-2023-32447

Malicious code in bioql PyPI...

OpenText Advanced Authentication 安全漏洞

OpenText Advanced Authentication is an advanced authentication framework from OpenText Canada. A security vulnerability exists in OpenText Advanced Authentication version 6.5.0 and earlier, which originates from a malicious browser plug-in that can record and replay the user authentication proces...

DSIC Cross-browser Components for Official Document Creation 安全漏洞

DSIC Cross-browser Components for Official Document Creation is a browser plug-in from Dewei DSIC Corporation of Taiwan, China. A security vulnerability exists in DSIC Cross-browser Components for Official Document Creation that originates from remote code execution and could lead to the download...

CVE-2023-28812

There is a buffer overflow vulnerability in a web browser plug-in could allow an attacker to exploit the vulnerability by sending crafted messages to computers installed with this plug-in, which could lead to arbitrary code execution or cause process exception of the plug-in...

CVE-2023-28812

There is a buffer overflow vulnerability in a web browser plug-in could allow an attacker to exploit the vulnerability by sending crafted messages to computers installed with this plug-in, which could lead to arbitrary code execution or cause process exception of the plug-in...

Hikvision Web Browser Plug-in LocalServiceComponents Security Vulnerability

Hikvision Web Browser Plug-in LocalServiceComponents is a web browser plug-in from Hikvision, a Chinese company. A security vulnerability exists in Hikvision Web Browser Plug-in LocalServiceComponents, which stems from a buffer overflow vulnerability that could allow an attacker to send a crafted...

Chrome users, here’s how to opt out of the Google FLoC trial

Two weeks after Google launched a trial to replace run-of-the-mill online user tracking with new-fangled online user tracking, several companies and organizations have pushed back, criticizing the new technology—called FLoC—which is designed to respect peoples privacy more, as a detriment to user...

Hacked Security Software Used in Novel South Korean Supply-Chain Attack

The Lazarus cybercriminal group is using a novel supply-chain attack against visitors to websites operated by the South Korean government and financial firms, in order to deliver dropper malware that eventually plants a remote access trojan on victim’s PCs. The attacks use stolen digital...

Sandbox Protection Bypass

The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause t...

Denial Of Service (DoS)

The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause t...

Information Disclosure

The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when...

Information Disclosure

The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when...

Denial Of Service (DoS)

The IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project. It also contains a configuration tool for managing deployment settings for the plug-in and Web Start implementations. An uninitialized pointer use flaw was foun...

Critical: Red Hat Security Advisory: flash-plugin security update

An update for flash-plugin is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Critical: Red Hat Security Advisory: flash-plugin security update

An update for flash-plugin is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

CentOS 6 / 7 : java-1.8.0-openjdk (CESA-2017:2998)

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, i...

GLSA-201707-01 : IcedTea: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201707-01 IcedTea: Multiple vulnerabilities Multiple vulnerabilities have been discovered in IcedTea. Please review the CVE identifiers referenced below for details. Note: If the web browser plug-in provided by the...

Cisco WebEx wonderful vulnerability: a browser plug-in presence of any remote code execution vulnerability-vulnerability warning-the black bar safety net

! Cisco WebEx extension（jlhmfgmfgeifomenelglieieghnjghma has about 2,000 million active users, and it is also the Cisco Webex video conferencing system important part. The extension is adapted to contain a magic mode“cwcsf-nativemsg-iframe-43c85c0d-d633-af5e-c056-32dc7efc570b.html”any URL can be...

RHEL 5 / 6 : flash-plugin (RHSA-2016:1423)

An update for flash-plugin is now available for Red Hat Enterprise Linux 5 Supplementary and Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a...