9185 matches found
CVE-2020-6489
Inappropriate implementation in developer tools in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had convinced the user to take certain actions in developer tools to obtain potentially sensitive information from disk via a crafted HTML page...
CVE-2020-6479
Inappropriate implementation in sharing in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted HTML page...
CVE-2020-6479
Inappropriate implementation in sharing in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted HTML page...
CVE-2020-6477
CVE-2020-6477 affects Google Chrome on macOS (OS X) before 83.0.4103.61. The issue is an inappropriate implementation in the installer that allows a local attacker to escalate privileges via a crafted file. Public references in the connected documents confirm the affected product and root cause, ...
CVE-2020-6475
CVE-2020-6475 concerns Google Chrome/Chromium: an incorrect implementation in full screen mode allowed a remote attacker to spoof the security UI via a crafted HTML page. Affected versions prior to the fix were Chrome/Chromium releases up to 83.0.4103.61. The issue is categorized under content sp...
CVE-2020-6479
Inappropriate implementation in sharing in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted HTML page...
CVE-2020-6478
Inappropriate implementation in full screen in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted HTML page...
Integrate Security Into DevOps and IaC
This article provides recommendations on implementing security into your CI/CD and infrastructure as code pipeline, and most importantly, how to enable both security and DevOps to start speaking each other’s languages...
[SECURITY] Fedora 31 Update: perl-Mojolicious-8.42-1.fc31
Back in the early days of the web there was this wonderful Perl library called CGI, many people only learned Perl because of it. It was simple enough to get started without knowing much about the language and powerful enough to keep you going, learning by doing was much fun. While most of the...
Stable Channel Update for Desktop
The Chrome team is delighted to announce the promotion of Chrome 83 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks. Chrome 83.0.4103.61 contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming...
apt input validation error vulnerability
apt is a command-line package manager from the Debian Project Collaboration that provides search, management, and querying of package information. An input validation error vulnerability exists in the ar/tar implementation in versions prior to apt 2.1.2, which can be exploited by an attacker to...
Lark Technologies: RPC Implementation allows unauthenticated remote calls
It was found that the RPC implementation via postMessage within Lark did not check origin, so an attacker could have potentially performed RPC calls on behalf of a user. We thank @mike12 for reporting this to our team and confirming the resolution...
Quantum Security Goes Live with Samsung Galaxy
Samsung and South Korean telecom giant SK Telecom have debuted the Galaxy A Quantum 5G smartphone, sporting a quantum random number generation RNG chipset. It’s the first commercialization of quantum technology for mobile phones, and it will serve as a significant bellwether for full quantum...
CVE-2020-1983
A use-after-free flaw was found in the SLiRP networking implementation of the QEMU emulator. Specifically, this flaw occurs in the ipreass routine while reassembling incoming IP fragments whose combined size is bigger than 65k. This flaw allows an attacker to crash the QEMU process on the host,...
Denial Of Service (DoS)
slp-validate is vulnerable to denial of service. A false-negative validation outcome for the MINT transaction operations due to an insecure implementation of the SLP wallet allows spending of affected tokens that would result in the destruction of a user's minting baton...
Denial Of Service (DoS)
slpjs is vulnerable to denial of service. A false-negative validation outcome for the MINT transaction operations due to an insecure implementation of the SLP wallet allows spending of affected tokens that would result in the desctruction of a user's minting baton...
Authentication Bypass
openssl is vulnerable to authentication bypass. The vulnerability exists through an implementation bug the PA-RISC CRYPTOmemcmp function is effectively reduced to only comparing the least significant bit of each byte. This allows an attacker to forge messages that would be considered as...
Zoom Beefs Up End-to-End Encryption to Thwart 'Zoombombers'
Video calling platform Zoom is boosting its security profile via the acquisition of a small startup called Keybase. The 25-person, New York-based company will provide more robust encryption for Zoom calls on paid subscriptions by implementing an end-to-end architecture. “Logged-in users will...
The vulnerability of the JavaScript script handler in Google Chrome’s V8 engine, related to the execution of operations beyond the buffer in memory, allows attackers to trigger a service failure.
The vulnerability of the JavaScript script handler in Google Chrome’s V8 engine is related to incorrect implementation of the engine. Exploiting this vulnerability can allow a malicious actor to cause service failures...
Open-Xchange: Pre-auth Denial-of-Service in Dovecot RPA implementation
Hi, Dovecot security team. I am Orange from DEVCORE security team. We just did a little security audit on the authentication mechanism of Dovecot, and found a buffer over-read in RPA implementation. In the mech-rpa.c, the function rpareadbuffer doesn't check that the length could be zero, and pas...