Lucene search
K

9185 matches found

Cvelist
Cvelist
added 2020/05/21 3:46 a.m.14 views

CVE-2020-6489

Inappropriate implementation in developer tools in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had convinced the user to take certain actions in developer tools to obtain potentially sensitive information from disk via a crafted HTML page...

5.1AI score0.01633EPSS
Exploits1References9
Cvelist
Cvelist
added 2020/05/21 3:46 a.m.17 views

CVE-2020-6479

Inappropriate implementation in sharing in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted HTML page...

6.7AI score0.0157EPSS
Exploits0References8
Debian CVE
Debian CVE
added 2020/05/21 3:46 a.m.17 views

CVE-2020-6479

Inappropriate implementation in sharing in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted HTML page...

6.5CVSS7.2AI score0.0157EPSS
Exploits0
CVE
CVE
added 2020/05/21 3:46 a.m.252 views

CVE-2020-6477

CVE-2020-6477 affects Google Chrome on macOS (OS X) before 83.0.4103.61. The issue is an inappropriate implementation in the installer that allows a local attacker to escalate privileges via a crafted file. Public references in the connected documents confirm the affected product and root cause, ...

7.8CVSS7.6AI score0.00241EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2020/05/21 3:46 a.m.300 views

CVE-2020-6475

CVE-2020-6475 concerns Google Chrome/Chromium: an incorrect implementation in full screen mode allowed a remote attacker to spoof the security UI via a crafted HTML page. Affected versions prior to the fix were Chrome/Chromium releases up to 83.0.4103.61. The issue is categorized under content sp...

6.5CVSS6.5AI score0.01669EPSS
Exploits1References9Affected Software1
RedhatCVE
RedhatCVE
added 2020/05/20 8:55 a.m.29 views

CVE-2020-6479

Inappropriate implementation in sharing in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted HTML page...

4.3CVSS2.5AI score0.0157EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2020/05/20 8:25 a.m.23 views

CVE-2020-6478

Inappropriate implementation in full screen in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted HTML page...

4.3CVSS2AI score0.0157EPSS
Exploits0References4
Trend Micro Simply Security
Trend Micro Simply Security
added 2020/05/20 12:0 a.m.11 views

Integrate Security Into DevOps and IaC

This article provides recommendations on implementing security into your CI/CD and infrastructure as code pipeline, and most importantly, how to enable both security and DevOps to start speaking each other’s languages...

3AI score
Exploits0
Fedora
Fedora
added 2020/05/19 3:49 a.m.13 views

[SECURITY] Fedora 31 Update: perl-Mojolicious-8.42-1.fc31

Back in the early days of the web there was this wonderful Perl library called CGI, many people only learned Perl because of it. It was simple enough to get started without knowing much about the language and powerful enough to keep you going, learning by doing was much fun. While most of the...

1.1AI score
Exploits0
Google Chrome Security Advisories
Google Chrome Security Advisories
added 2020/05/19 12:0 a.m.31 views

Stable Channel Update for Desktop

The Chrome team is delighted to announce the promotion of Chrome 83 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks. Chrome 83.0.4103.61 contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming...

9.6CVSS7.3AI score0.06414EPSS
Exploits13Affected Software1
CNVD
CNVD
added 2020/05/18 12:0 a.m.3 views

apt input validation error vulnerability

apt is a command-line package manager from the Debian Project Collaboration that provides search, management, and querying of package information. An input validation error vulnerability exists in the ar/tar implementation in versions prior to apt 2.1.2, which can be exploited by an attacker to...

5.5CVSS7.8AI score0.01305EPSS
Exploits1References1
Hacker One
Hacker One
added 2020/05/16 1:2 p.m.20 views

Lark Technologies: RPC Implementation allows unauthenticated remote calls

It was found that the RPC implementation via postMessage within Lark did not check origin, so an attacker could have potentially performed RPC calls on behalf of a user. We thank @mike12 for reporting this to our team and confirming the resolution...

3.4AI score
Exploits0
ThreatPost
ThreatPost
added 2020/05/15 3:54 p.m.51 views

Quantum Security Goes Live with Samsung Galaxy

Samsung and South Korean telecom giant SK Telecom have debuted the Galaxy A Quantum 5G smartphone, sporting a quantum random number generation RNG chipset. It’s the first commercialization of quantum technology for mobile phones, and it will serve as a significant bellwether for full quantum...

9.3CVSS7.8AI score0.012EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2020/05/14 11:10 a.m.40 views

CVE-2020-1983

A use-after-free flaw was found in the SLiRP networking implementation of the QEMU emulator. Specifically, this flaw occurs in the ipreass routine while reassembling incoming IP fragments whose combined size is bigger than 65k. This flaw allows an attacker to crash the QEMU process on the host,...

7.5CVSS3.5AI score0.02293EPSS
Exploits1References3
Veracode
Veracode
added 2020/05/13 3:39 a.m.18 views

Denial Of Service (DoS)

slp-validate is vulnerable to denial of service. A false-negative validation outcome for the MINT transaction operations due to an insecure implementation of the SLP wallet allows spending of affected tokens that would result in the destruction of a user's minting baton...

8.6CVSS3.4AI score0.01036EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2020/05/13 1:23 a.m.22 views

Denial Of Service (DoS)

slpjs is vulnerable to denial of service. A false-negative validation outcome for the MINT transaction operations due to an insecure implementation of the SLP wallet allows spending of affected tokens that would result in the desctruction of a user's minting baton...

8.6CVSS3.1AI score0.00932EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2020/05/10 11:26 p.m.29 views

Authentication Bypass

openssl is vulnerable to authentication bypass. The vulnerability exists through an implementation bug the PA-RISC CRYPTOmemcmp function is effectively reduced to only comparing the least significant bit of each byte. This allows an attacker to forge messages that would be considered as...

5.9CVSS3AI score0.08606EPSS
Exploits0References15Affected Software1
ThreatPost
ThreatPost
added 2020/05/07 4:43 p.m.67 views

Zoom Beefs Up End-to-End Encryption to Thwart 'Zoombombers'

Video calling platform Zoom is boosting its security profile via the acquisition of a small startup called Keybase. The 25-person, New York-based company will provide more robust encryption for Zoom calls on paid subscriptions by implementing an end-to-end architecture. “Logged-in users will...

6.5AI score
Exploits0References13
BDU FSTEC
BDU FSTEC
added 2020/05/07 12:0 a.m.4 views

The vulnerability of the JavaScript script handler in Google Chrome’s V8 engine, related to the execution of operations beyond the buffer in memory, allows attackers to trigger a service failure.

The vulnerability of the JavaScript script handler in Google Chrome’s V8 engine is related to incorrect implementation of the engine. Exploiting this vulnerability can allow a malicious actor to cause service failures...

7.1CVSS7AI score0.02861EPSS
Exploits1References11Affected Software5
Hacker One
Hacker One
added 2020/05/05 4:45 p.m.45 views

Open-Xchange: Pre-auth Denial-of-Service in Dovecot RPA implementation

Hi, Dovecot security team. I am Orange from DEVCORE security team. We just did a little security audit on the authentication mechanism of Dovecot, and found a buffer over-read in RPA implementation. In the mech-rpa.c, the function rpareadbuffer doesn't check that the length could be zero, and pas...

5CVSS0.3AI score0.06187EPSS
Exploits1
Rows per page
Query Builder