Lucene search
K

190 matches found

Node.js
Node.js
added 2019/05/06 2:16 p.m.16 views

Malicious Package

Overview All versions of reequest typosquatted a popular package of similar name and tracked users who had installed the incorrect package. The package uploaded information to a remote server including: name of the downloaded package, name of the intended package, the Node version and whether the...

6.6AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/05/06 2:12 p.m.15 views

Malicious Package

Overview All versions of requeest typosquatted a popular package of similar name and tracked users who had installed the incorrect package. The package uploaded information to a remote server including: name of the downloaded package, name of the intended package, the Node version and whether the...

6.6AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/05/06 2:7 p.m.13 views

Malicious Package

Overview All versions of aysnc typosquatted a popular package of similar name and tracked users who had installed the incorrect package. The package uploaded information to a remote server including: name of the downloaded package, name of the intended package, the Node version and whether the...

6.6AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/05/06 2:4 p.m.17 views

Malicious Package

Overview All versions of asyync typosquatted a popular package of similar name and tracked users who had installed the incorrect package. The package uploaded information to a remote server including: name of the downloaded package, name of the intended package, the Node version and whether the...

6.6AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/05/06 1:56 p.m.13 views

Malicious Package

Overview All versions of 4equest typosquatted a popular package of similar name and tracked users who had installed the incorrect package. The package uploaded information to a remote server including: name of the downloaded package, name of the intended package, the Node version and whether the...

6.6AI score
Exploits0Affected Software1
CNVD
CNVD
added 2019/03/28 12:0 a.m.2 views

Apple iOS Privacy Logic Flaw Vulnerability

Apple iOS is an operating system developed by Apple Inc. for mobile devices.Privacy is one of the privacy components. A security vulnerability exists in the Privacy component in Apple iOS versions prior to 12.2. The vulnerability can be exploited by an attacker to track users with the help of a...

3.3CVSS6.4AI score0.00334EPSS
Exploits0References1
NVD
NVD
added 2018/12/20 3:29 p.m.31 views

CVE-2018-1000815

Brave Software Inc. Brave version version 0.22.810 to 0.24.0 contains a Other/Unknown vulnerability in function ContentSettingsObserver::AllowScript in contentsettingsobserver.cc that can result in Websites can run inline JavaScript even if script is blocked, making attackers easier to track user...

4.3CVSS4.7AI score0.01123EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2018/09/03 5:6 p.m.100 views

Google Secretly Tracks What You Buy Offline Using Mastercard Data

Over a week after Google admitted the company tracks users' location even after they disable location history, it has now been revealed that the tech giant has signed a secret deal with Mastercard that allows it to track what users buy offline. Google has paid Mastercard millions of dollars in...

0.4AI score
Exploits0
The Hacker News
The Hacker News
added 2018/08/13 5:37 p.m.117 views

Google Tracks Android, iPhone Users Even With 'Location History' Turned Off

Google tracks you everywhere, even if you explicitly tell it not to. Every time a service like Google Maps wants to use your location, Google asks your permission to allow access to your location if you want to use it for navigating, but a new investigation shows that the company does track you...

6.5AI score
Exploits0
Prion
Prion
added 2018/06/07 2:29 a.m.11 views

Code injection

The module botbait is a tool to be used to track bot and automated tools usage with-in the npm ecosystem. botbait is known to record and track user information. The module tracks the following information. Source IP process.versions process.platform How the module was invoked test, require,...

5CVSS5.2AI score0.0088EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2018/06/04 12:0 a.m.5 views

Apple iOS and macOS High Sierra Security S-MIME Certificate Handling Vulnerability

Apple iOS and macOS High Sierra are products of Apple Inc. Apple iOS is an operating system for mobile devices; macOS High Sierra is a specialized operating system for Mac computers. security is an information security and privacy component. Security is an information security and privacy...

7.5CVSS7.5AI score0.01265EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2018/01/01 11:53 p.m.18 views

Flaw In Major Browsers Allows 3rd-Party Scripts to Steal Your Saved Passwords

Security researchers have uncovered how marketing companies have started exploiting an 11-year-old bug in browsers' built-in password managers, which allow them to secretly steal your email address for targeted advertising across different browsers and devices. The major concern is that the same...

6.6AI score
Exploits0
Securelist
Securelist
added 2017/10/24 9:0 a.m.129 views

Dangerous liaisons

It seems just about everyone has written about the dangers of online dating, from psychology magazines to crime chronicles. But there is one less obvious threat not related to hooking up with strangers – and that is the mobile apps used to facilitate the process. We're talking here about...

7AI score
Exploits0
NVD
NVD
added 2017/10/23 1:29 a.m.23 views

CVE-2017-7146

An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Security" component. It allows attackers to track users across installs via a crafted app that leverages Keychain data mishandling...

5.3CVSS4AI score0.00857EPSS
Exploits0References2
Cvelist
Cvelist
added 2017/10/23 1:0 a.m.25 views

CVE-2017-7146

An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Security" component. It allows attackers to track users across installs via a crafted app that leverages Keychain data mishandling...

4AI score0.00857EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2017/04/20 12:0 a.m.8 views

The vulnerability of the multimedia player iTunes, which allows a tracker to monitor users

The vulnerability of the APNs Server component in the iTunes multimedia player relates to the use of open-text client certificates and their transmission to the vulnerable component. Exploiting this vulnerability allows a malicious actor to track users by correlating them with the certificates...

3.5CVSS6.6AI score0.00444EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2016/10/10 10:59 a.m.16 views

Authentication flaw

The fingerprint login feature in Android 6.0.1 before 2016-10-01 and 7.0 before 2016-10-01 does not track the user account during the authentication process, which allows physically proximate attackers to authenticate as an arbitrary user by leveraging lockscreen access, aka internal bug 30744668...

7.2CVSS7.3AI score0.00189EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2016/08/04 12:0 a.m.3 views

Mozilla Firefox and Firefox ESR Information Disclosure Vulnerability

Mozilla Firefox is an open source web browser; Firefox ESR is an extended support version of Firefox. Mozilla Firefox and Firefox ESR programs retain network connections for icon resource retrieval after the browser window is closed, allowing remote attackers to exploit this vulnerability to trac...

4.3CVSS8.8AI score0.01459EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2016/08/03 8:6 a.m.9 views

Mozilla: Favicon network connection persists when page is closed (MFSA 2016-62)

Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 preserve the network connection used for favicon resource retrieval after the associated browser window is closed, which makes it easier for remote web servers to track users by observing network traffic from multiple IP addresses...

4.3CVSS7.4AI score0.01459EPSS
Exploits0References5
OSV
OSV
added 2016/08/03 12:0 a.m.4 views

UBUNTU-CVE-2016-2830

Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 preserve the network connection used for favicon resource retrieval after the associated browser window is closed, which makes it easier for remote web servers to track users by observing network traffic from multiple IP addresses...

4.3CVSS6.8AI score0.01459EPSS
Exploits0References5
Rows per page
Query Builder