#chrome

Debian Linux Security Advisory 5720-1 - Security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

5 months ago

Packet Storm

Open in Source

#linux #debian #dos #js #ssh #chrome

Automad 2.0.0-alpha.4 Cross Site Scripting

Automad version 2.0.0-alpha.4 suffers from a persistent cross site scripting vulnerability.

5 months ago

Packet Storm

Open in Source

#xss #csrf #vulnerability #web #windows #apple #linux #debian #js #git #java #php #nginx #auth #docker #chrome #webkit

'Snowblind' Tampering Technique May Drive Android Users Adrift

As cybersecurity's cat-and-mouse game starts to look more like Tom and Jerry, attackers develop a method for undermining Android app security with no obvious fix.

5 months ago

DARKReading

Open in Source

#android #apple #google #linux #git #kubernetes #auth #docker #chrome

New Medusa Android Trojan Targets Banking Users Across 7 Countries

Cybersecurity researchers have discovered an updated version of an Android banking trojan called Medusa that has been used to target users in Canada, France, Italy, Spain, Turkey, the U.K., and the U.S. The new fraud campaigns, observed in May 2024 and active since July 2023, manifested through five different botnets operated by various affiliates, cybersecurity firm Cleafy said in an analysis

5 months ago

The Hacker News

Open in Source

#web #android #git #intel #botnet #auth #chrome #The Hacker News

Student Attendance Management System 1.0 SQL Injection

Student Attendance Management System version 1.0 suffers from a remote SQL Injection vulnerability that allows for authentication bypass.

5 months ago

Packet Storm

Open in Source

#sql #vulnerability #web #windows #apple #apache #git #php #auth #chrome #webkit #ssl

GHSA-7gjr-hcc3-xfr4: Improper line feed handling in zenml

A denial of service (DoS) vulnerability exists in zenml-io/zenml version 0.56.3 due to improper handling of line feed (`\n`) characters in component names. When a low-privileged user adds a component through the API endpoint `api/v1/workspaces/default/components` with a name containing a `\n` character, it leads to uncontrolled resource consumption. This vulnerability results in the inability of users to add new components in certain categories (e.g., 'Image Builder') and to register new stacks through the UI, thereby degrading the user experience and potentially rendering the ZenML Dashboard unusable. The issue does not affect component addition through the Web UI, as `\n` characters are properly escaped in that context. The vulnerability was tested on ZenML running in Docker, and it was observed in both Firefox and Chrome browsers.

5 months ago

ghsa

Open in Source

#vulnerability #web #dos #git #perl #docker #chrome #firefox

Chinese Hackers Deploy SpiceRAT and SugarGh0st in Global Espionage Campaign

A previously undocumented Chinese-speaking threat actor codenamed SneakyChef has been linked to an espionage campaign primarily targeting government entities across Asia and EMEA (Europe, Middle East, and Africa) with SugarGh0st malware since at least August 2023. "SneakyChef uses lures that are scanned documents of government agencies, most of which are related to various countries' Ministries

5 months ago

The Hacker News

Open in Source

#mac #windows #cisco #git #intel #pdf #chrome #The Hacker News

Tag

#chrome