115 matches found
October 25, 2022—KB5018483 (OS Build 22000.1165) Preview
October 25, 2022—KB5018483 OS Build 22000.1165 Preview For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 11, version 21H2, see its update history page.Note Follow @WindowsUpdate to...
Security update for opera (important)
openSUSE Security Update: Security update for opera Announcement ID: openSUSE-SU-2022:10057-1 Rating: important References: Cross-References: CVE-2022-2007 CVE-2022-2008 CVE-2022-2010 CVE-2022-2011 CVE-2022-2294 Affected Products: openSUSE Leap 15.3:NonFree openSUSE Leap 15.4:NonFree An update th...
Malicious Package
Overview @xunlie/vue-context-menu is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...
Malicious code in @tinkoff-react-bui/context-menu (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2f239b4e149956ae7fcbe368e6040942fc96e8fd6a13a332a4c1e64cffb9747d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Google Android 权限许可和访问控制问题漏洞
Google Android is a Linux-based open-source operating system from the U.S. company Google Google. Google Android has an elevation of privilege vulnerability that originates in onCreateContextMenu in NetworkProviderSettings.java. Due to a lack of privilege checking, a non-owner user could change...
CVE-2021-43531
When a user loaded a Web Extensions context menu, the Web Extension could access the post-redirect URL of the element clicked. If the Web Extension lacked the WebRequest permission for the hosts involved in the redirect, this would be a same-origin-violation leaking data the Web Extension should...
CVE-2021-43531
When a user loaded a Web Extensions context menu, the Web Extension could access the post-redirect URL of the element clicked. If the Web Extension lacked the WebRequest permission for the hosts involved in the redirect, this would be a same-origin-violation leaking data the Web Extension should...
CVE-2021-43531
When a user loaded a Web Extensions context menu, the Web Extension could access the post-redirect URL of the element clicked. If the Web Extension lacked the WebRequest permission for the hosts involved in the redirect, this would be a same-origin-violation leaking data the Web Extension should...
UBUNTU-CVE-2021-43531
When a user loaded a Web Extensions context menu, the Web Extension could access the post-redirect URL of the element clicked. If the Web Extension lacked the WebRequest permission for the hosts involved in the redirect, this would be a same-origin-violation leaking data the Web Extension should...
Design/Logic Flaw
When a user loaded a Web Extensions context menu, the Web Extension could access the post-redirect URL of the element clicked. If the Web Extension lacked the WebRequest permission for the hosts involved in the redirect, this would be a same-origin-violation leaking data the Web Extension should...
UBUNTU-CVE-2021-43532
The 'Copy Image Link' context menu action would copy the final image URL after redirects. By embedding an image that triggered authentication flows - in conjunction with a Content Security Policy that stopped a redirection chain in the middle - the final image URL could be one that contained an...
CVE-2021-43532
The 'Copy Image Link' context menu action would copy the final image URL after redirects. By embedding an image that triggered authentication flows - in conjunction with a Content Security Policy that stopped a redirection chain in the middle - the final image URL could be one that contained an...
CVE-2021-43532
Summary: CVE-2021-43532 affects Firefox prior to 94 and relates to the Copy Image Link context menu. The bug allowed copying the final image URL after redirects, enabling token theft if a user pasted the URL back into a page and the URL leaked authentication tokens. The underlying issue involved ...
Mozilla Firefox Security Advisory (MFSA2015-49) - Linux
This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...
Content Copy Protection & Prevent Image Save <= 1.3 - CSRF to Stored Cross-Site Scripting (XSS)
The plugin does not check for CSRF when saving its settings, not perform any validation and sanitisation on them, allowing attackers to make a logged in administrator set arbitrary XSS payloads in them. -- PoC 1 | Authenticated Persistent XSS & XFS | Image saving disabled message text: ! POST...
ClearURLs - An Add-On Based On The New WebExtensions Technology And Will Automatically Remove Tracking Elements From URLs To Help Protect Your Privacy
ClearURLs is an add-on based on the new WebExtensions technology and is optimized for Firefox and Chrome based browsers. This extension will automatically remove tracking elements from URLs to help protect your privacy when browse through the Internet, which is regularly updated by us and can be...
openSUSE Security Update : opera (openSUSE-2020-1713)
This update for opera fixes the following issues : opera was updated to version 71.0.3770.228 - DNA-87466 Hide extensions icon is black in dark theme - DNA-88580 Implement searchintabs telemetry benchmark - DNA-88591 Allow to scroll down the Keyboards Shortcuts section with URL - DNA-88693 Random...
Malicious Package in ngx-context-menu
Version 0.0.26 of ngx-context-menu contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment. It's also...
GHSA-XWG3-GJXH-C8PM Malicious Package in ngx-context-menu
Version 0.0.26 of ngx-context-menu contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment. It's also...
Generator-Burp-Extension - Everything You Need About Burp Extension Generation
Everything You Need About Burp Extension Generation Installation First, install Yeoman and generator-burp-extension using npm we assume you have pre-installed node.js. npm install -g yo npm install -g generator-burp-extension Then generate your new project: yo burp-extension Burp Extension featur...