Brave browser goes the extra mile to block third party cookies

Brave is testing a new feature to stop bounce tracking, a sneaky method that websites use to load third-party tracking cookies so they can gather more information about who is visiting their site. The Brave browser As you may remember from our post about the best browsers for privacy and security...

Linux 竞争条件问题漏洞

Linux is an open source operating system from the Linux Foundation in the United States. A security vulnerability exists in Linux PV devices that stems from a competitive condition and the lack of return code testing in Linux, where a malicious backend of a PV device front-end driver can access...

Linux 竞争条件问题漏洞

Linux is an open source operating system from the Linux Foundation in the United States. A security vulnerability exists in Linux PV devices that stems from a competitive condition and the lack of return code testing in Linux, where a malicious backend of a PV device front-end driver can access...

Security update for nodejs8 (important)

openSUSE Security Update: Security update for nodejs8 Announcement ID: openSUSE-SU-22022:20000-2 Rating: important References: 1038980 1191962 1191963 1192153 1192154 1192696 Cross-References: CVE-2017-8923 CVE-2021-23343 CVE-2021-32803 CVE-2021-32804 CVE-2021-3807 CVE-2021-3918 CVSS scores:...

TeaBot Trojan Haunts Google Play Store, Again

The TeaBot banking trojan – also known as “Anatsa” – has been spotted on the Google Play store, researchers from Cleafy have discovered. The malware – designed to intercept SMS messages and login credentials from unwitting users – affected users of “more than 400 banking and financial apps,...

CVE-2021-46387

ZyXEL ZyWALL 2 Plus Internet Security Appliance is affected by Cross Site Scripting XSS. Insecure URI handling leads to bypass security restriction to achieve Cross Site Scripting, which allows an attacker able to execute arbitrary JavaScript codes to perform multiple attacks such as clipboard...

Cross site scripting

ZyXEL ZyWALL 2 Plus Internet Security Appliance is affected by Cross Site Scripting XSS. Insecure URI handling leads to bypass security restriction to achieve Cross Site Scripting, which allows an attacker able to execute arbitrary JavaScript codes to perform multiple attacks such as clipboard...

CVE-2021-46387

ZyXEL ZyWALL 2 Plus Internet Security Appliance is affected by Cross Site Scripting XSS. Insecure URI handling leads to bypass security restriction to achieve Cross Site Scripting, which allows an attacker able to execute arbitrary JavaScript codes to perform multiple attacks such as clipboard...

WordPress All in One Invite Codes plugin <= 1.0.12 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress All in One Invite Codes plugin versions = 1.0.12. Solution Update the WordPress All in One Invite Codes plugin to the latest available version at least 1.0.13...

WordPress CodeKit – Custom Codes Editor plugin <= 2.2.9 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress CodeKit – Custom Codes Editor plugin versions = 2.2.9. Solution Update the WordPress CodeKit – Custom Codes Editor plugin to the latest available version at least 2.3...

WordPress CodeKit – Custom Codes Editor plugin <= 2.2.9 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress CodeKit – Custom Codes Editor plugin versions = 2.2.9. Solution Update the WordPress CodeKit – Custom Codes Editor plugin to the latest available version at least 2.3...

WordPress Pixel & tracking codes for Google Web stories (formerly AMP Stories) plugin <= 1.0.2 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Pixel & tracking codes for Google Web stories formerly AMP Stories plugin versions = 1.0.2. Solution Update the WordPress Pixel & tracking codes for Google Web stories formerly AMP Stories plugin to the latest available versio...

WordPress All in One Invite Codes plugin <= 1.0.12 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress All in One Invite Codes plugin versions = 1.0.12. Solution Update the WordPress All in One Invite Codes plugin to the latest available version at least 1.0.13...

WordPress Pixel & tracking codes for Google Web stories (formerly AMP Stories) plugin <= 1.0.2 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Pixel & tracking codes for Google Web stories formerly AMP Stories plugin versions = 1.0.2. Solution Update the WordPress Pixel & tracking codes for Google Web stories formerly AMP Stories plugin to th...

Stealing Bicycles by Swapping QR Codes

This is a clever hack against those bike-rental kiosks: Theyre stealing Citi Bikes by switching the QR scan codes on two bicycles near each other at a docking station, then waiting for an unsuspecting cyclist to try to unlock a bike with his or her smartphone app. The app doesnt work for the ride...

CVE-2021-44968

A Use after Free vulnerability exists in IOBit Advanced SystemCare 15 pro via requests sent in sequential order using the IOCTL driver codes, which could let a malicious user execute arbitrary code or a Denial of Service system crash. IOCTL list: iobitioctl = 0x8001e01c, 0x8001e020, 0x8001e024,...

CVE-2021-44968

A Use after Free vulnerability exists in IOBit Advanced SystemCare 15 pro via requests sent in sequential order using the IOCTL driver codes, which could let a malicious user execute arbitrary code or a Denial of Service system crash. IOCTL list: iobitioctl = 0x8001e01c, 0x8001e020, 0x8001e024,...

Remote Code Execution

@joplin/renderer is vulnerable to remote code execution. The vulnerability exists in stripHtml function of htmlUtils.ts because the html entities are not encoded which allows an attacker to inject and execute malicious codes...

AlmaLinux 8 : libX11 (ALSA-2021:4326)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2021:4326 advisory. - LookupCol.c in X.Org X through X11R7.7 and libX11 before 1.7.1 might allow remote attackers to execute arbitrary code. The libX11 XLookupColor request intended f...

Mozilla Firefox < 97.0

The version of Firefox installed on the remote Windows host is prior to 97.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-04 advisory. - Mozilla developers Paul Adenot and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 96 and Firef...