9185 matches found
SUSE CVE-2015-6774
Use-after-free vulnerability in the GetLoadTimes function in renderer/loadtimesextensionbindings.cc in the Extensions implementation in Google Chrome before 47.0.2526.73 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that...
SUSE CVE-2016-1973
Race condition in the GetStaticInstance function in the WebRTC implementation in Mozilla Firefox before 45.0 might allow remote attackers to execute arbitrary code or cause a denial of service use-after-free via unspecified vectors...
SUSE CVE-2016-5733
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 a crafted table name that is mishandled during privilege checking in...
SUSE CVE-2016-5739
The Transformation implementation in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not use the no-referrer Content Security Policy CSP protection mechanism, which makes it easier for remote attackers to conduct CSRF attacks by reading an authentication toke...
SUSE CVE-2018-12585
An XXE vulnerability in the OPC UA Java and .NET Legacy Stack can allow remote attackers to trigger a denial of service...
SUSE CVE-2019-5822
Inappropriate implementation in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass same origin policy via a crafted HTML page...
SUSE CVE-2019-9836
Secure Encrypted Virtualization SEV on Advanced Micro Devices AMD Platform Security Processor PSP; aka AMD Secure Processor or AMD-SP 0.17 build 11 and earlier has an insecure cryptographic implementation...
SUSE CVE-2019-11840
An issue was discovered in the supplementary Go cryptography library, golang.org/x/crypto, before v0.0.0-20190320223903-b7391e95e576. A flaw was found in the amd64 implementation of the golang.org/x/crypto/salsa20 and golang.org/x/crypto/salsa20/salsa packages. If more than 256 GiB of keystream i...
SUSE CVE-2020-6440
Inappropriate implementation in extensions in Google Chrome prior to 81.0.4044.92 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information via a crafted Chrome Extension...
SUSE CVE-2020-9391
An issue was discovered in the Linux kernel 5.4 and 5.5 through 5.5.6 on the AArch64 architecture. It ignores the top byte in the address passed to the brk system call, potentially moving the memory break downwards when the application expects it to move upwards, aka CID-dcde237319e6. This has be...
SUSE CVE-2021-21239
PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. Users of pysaml2 that use the default CryptoBackendXmlSec1 backend and need to verify signed SAML documents are impacted. PySAML2 does no...
SUSE CVE-2021-28876
In the standard library in Rust before 1.52.0, the Zip implementation has a panic safety issue. It calls iteratorgetunchecked more than once for the same index when the underlying iterator panics in certain conditions. This bug could lead to a memory safety violation due to an unmet safety...
SUSE CVE-2022-0109
Inappropriate implementation in Autofill in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to obtain potentially sensitive information via a crafted HTML page...
SUSE CVE-2022-25235
xmltokimpl.c in Expat aka libexpat before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context...
TrickBot gang members sanctioned after pandemic ransomware attacks
In a collaborative partnership, officials in the United States and the United Kingdom unmasked and imposed financial sanctions against seven members of the notorious Russian gang TrickBot alias "TrickLoader", a mainstream banking Trojan turned malware-as-a-service MaaS platform for other criminal...
SA43667 - 2018-03 Out-of-Cycle Advisory: SAML allow authentication bypass via incorrect XML canonicalization
Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Multiple Pulse Secure products utilizing SAML implementation could allow an attacker with an authenticated access to a SAML Identity Provider IdP to bypass authentication for a differen...
SA43903 - Response to SegmentSmack (CVE-2018-5390) and FragmentSmack (CVE-2018-5391)
Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. SegmentSmack CVE-2018-5390 and FragmentSmack CVE-2018-5391 are described as a TCP implementation denial of service vulnerability. A remote attacker can send crafted sequences of TCP/IP...
Malwarebytes recognized as endpoint security leader by G2
G2 has released their Winter 2023 reports, ranking Malwarebytes as the leader across a number of endpoint protection categories. Based on verified customer reviews, Malwarebytes has been ranked 1 over top EDR vendors for endpoint malware and antivirus protection, detection and remediation of...
Fedora 36 : chromium (2023-4e6353c6f7)
The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-4e6353c6f7 advisory. Update to 110.0.5481.77. Fixes the following security issues: CVE-2023-0696 CVE-2023-0697 CVE-2023-0698 CVE-2023-0699 CVE-2023-0700 CVE-2023-0701...
Ubuntu: Security Advisory (USN-5854-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...