Security
Headlines
HeadlinesLatestCVEs

Tag

#chrome

CVE-2023-30945: Palantir | Trust and Security Portal

Multiple Services such as VHS(Video History Server) and VCD(Video Clip Distributor) and Clips2 were discovered to be vulnerable to an unauthenticated arbitrary file read/write vulnerability due to missing input validation on filenames. A malicious attacker could read sensitive files from the filesystem or write/delete arbitrary files on the filesystem as well.

CVE
Open in Source
#xss#vulnerability#web#dos#git#perl#auth#chrome#ssl
CVE-2023-3421: Stable Channel Update for Desktop

Use after free in Media in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2023-3422

Use after free in Guest View in Google Chrome prior to 114.0.5735.198 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2023-3420

Type Confusion in V8 in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Fake Super Mario 3 Installers Drop Crypto Miner, Data Stealer

By Deeba Ahmed Cyble Research and Intelligence Lab's cybersecurity researchers have disclosed how threat actors exploit gamers by delivering malware-loaded installers of popular games. This is a post from HackRead.com Read the original post: Fake Super Mario 3 Installers Drop Crypto Miner, Data Stealer

Vulnerability Spotlight: Use-after-free condition in Google Chrome WebGL

TALOS-2023-1724 (CVE-2023-1531) occurs if the user opens a specially crafted web page in Chrome.

CVE-2023-33580: Student Study Center Management System | online Student Study Center Management Project in PHP

Phpgurukul Student Study Center Management System V1.0 is vulnerable to Cross Site Scripting (XSS) in the "Admin Name" field on Admin Profile page.

9 basic security tips for seniors

Categories: News Categories: Personal Tags: seniors Tags: basic secuirty tips Tags: personal information Tags: too good to be true Tags: infected computer Tags: system optimizers Tags: web push notifications Tags: green padlock Tags: password manager Help the people around you that are less computer literate with some basic security tips and settings. (Read more...) The post 9 basic security tips for seniors appeared first on Malwarebytes Labs.

Microsoft Patch Tuesday June 2023: Edge type confusion, Git RCE, OneNote Spoofing, PGM RCE, Exchange RCE, SharePoint EoP

Hello everyone! This episode will be about Microsoft Patch Tuesday for June 2023, including vulnerabilities that were added between May and June Patch Tuesdays. As usual, I use my open source Vulristics project to analyse and prioritize vulnerabilities. I took the comments about the vulnerabilities from the Qualys, Tenable, Rapid7, ZDI Patch Tuesday reviews. This time there […]

CVE-2023-35932: jcvi/jcvi/apps/base.py at cede6c65c8e7603cb266bc3395ac8f915ea9eac7 · tanghaibao/jcvi

jcvi is a Python library to facilitate genome assembly, annotation, and comparative genomics. A configuration injection happens when user input is considered by the application in an unsanitized format and can reach the configuration file. A malicious user may craft a special payload that may lead to a command injection. The impact of a configuration injection may vary. Under some conditions, it may lead to command injection if there is for instance shell code execution from the configuration file values. This vulnerability does not currently have a fix.