CVE-2022-43983

CVE-2022-43983 affects Browsershot v3.57.2. The flaw arises because HTML content passed to Browsershot::html is not validated for file:// URLs, enabling an external attacker to remotely obtain arbitrary local files. Documented impact includes high severity (CVSS 3.1: AV:N/AC:L/PR:N/UI:R/S:C/C:H/I...

USN-5730-1: WebKitGTK vulnerabilities

Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and...

USN-5642-1: WebKitGTK vulnerabilities

Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and...

Denial Of Service (DoS)

webkit2gtk is vulnerable to denial of service. The vulnerability allows a remote attacker could exploit a variety of issues related to web browser security...

CVE-2022-1868

The CVE-2022-1868 case concerns Google Chrome’s Extensions API where an improper implementation allowed bypassing navigation restrictions when a user is convinced to install a crafted malicious extension. Affected software is Google Chrome prior to 102.0.5005.61; a fix is reflected in Chrome/chro...

USN-5394-1: WebKitGTK vulnerabilities

A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service...

Vulnerabilities that aren’t. Cross Site Tracing / XST

This is the first of my posts that explain why some common security vulnerabilities are most likely not real threats. They should be treated as security enhancements rather than vulnerabilities. Bearing in mind the number of scanning tools that rate such vulnerabilities as "high" its no wonder...

firefox security update

An update is available for firefox. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Mozilla Firefox is an open-source web browser, designed for standards...

Ubuntu: Security Advisory (USN-5213-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-5127-1: WebKitGTK vulnerabilities

A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service...

USN-5087-1 webkit2gtk vulnerabilities

A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service...

CVE-2021-20829

GROWI (WESEEK) has an XSS vulnerability (CVE-2021-20829) caused by inadequate tag sanitization in versions up to v4.2.19. An attacker can trigger a script in a user’s browser by loading a specially crafted page. The issue is documented across multiple sources (including Red Hat and NVD entries) a...

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser from Google, Inc. A code execution vulnerability exists in Google Chrome Base internals. A remote attacker could use this vulnerability to execute arbitrary code on the system or cause a denial of service condition...

USN-5024-1 webkit2gtk vulnerabilities

A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service...

JVN#63066062: WordPress Plugin "WordPress Popular Posts" vulnerable to cross-site scripting

WordPress Plugin "WordPress Popular Posts" provided by Hector Cabrera contains a cross-site scripting vulnerability CWE-79. Impact A user with the administrative privilege may unintentionally execute a script on his/her web browser. Solution Update the plugin Update the plugin according to the...

CVE-2021-27485

ZOLL Defibrillator Dashboard, v prior to 2.2,The application allows users to store their passwords in a recoverable format, which could allow an attacker to retrieve the credentials from the web browser...

Google Chrome < 91.0.4472.101 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 91.0.4472.101. It is, therefore, affected by multiple vulnerabilities as referenced in the 202106stable-channel-update-for-desktop advisory. - Use after free in Network service in Google Chrome prior to 91.0.4472.101...

Security Bulletin: Vulnerabilities affect multiple IBM Rational products based on IBM Jazz technology (CVE-2015-7484, CVE-2015-7474, CVE-2015-7485, CVE-2015-7486, CVE-2016-0219)

Summary Vulnerabilities in the IBM Jazz Foundation affects the following IBM Jazz Team Server based Applications: Collaborative Lifecycle Management CLM, Rational Requirements Composer RRC, Rational DOORS Next Generation RDNG, Rational Engineering Lifecycle Manager RELM, Rational Team Concert RTC...

USN-4894-1: WebKitGTK vulnerabilities

A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service...

USN-4894-1 webkit2gtk vulnerabilities

A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service...