OMGF | Host Google Fonts Locally Security Vulnerabilities

vte2.91 vulnerability

Siddharth Dushantha discovered that VTE incorrectly handled large window resize escape sequences. An attacker could possibly use this issue to consume resources, leading to a denial of...

Operation Celestial Force employs mobile and desktop malware to target Indian entities

By Gi7w0rm, Asheer Malhotra and Vitor Ventura. Cisco Talos is disclosing a new malware campaign called "Operation Celestial Force" running since at least 2018. It is still active today, employing the use of GravityRAT, an Android-based malware, along with a Windows-based malware loader we track...

Cinterion EHS5 3G UMTS/HSPA Module Research

Modems play an important role in enabling connectivity for a wide range of devices. This includes not only traditional mobile devices and household appliances, but also telecommunication systems in vehicles, ATMs and Automated Process Control Systems (APCS). When integrating the modem, many...

Magento Open Source affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that.....

Exploit for Insufficiently Protected Credentials in Jetbrains Aqua

CVE-2024-37051 Analysis Overview CVE-2024-37051 is a...

CVE-2024-1565

The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the PDF Widget URL in all versions up to, and including, 3.9.10 due to insufficient input sanitization....

CVE-2024-1565

The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the PDF Widget URL in all versions up to, and including, 3.9.10 due to insufficient input sanitization....

virtuoso-opensource vulnerabilities

Jingzhou Fu discovered that Virtuoso Open-Source Edition incorrectly handled certain crafted SQL statements. An attacker could possibly use this issue to crash the program, resulting in a denial of service. (CVE-2023-31607, CVE-2023-31608, CVE-2023-31609, CVE-2023-31610, CVE-2023-31611,...

CVE-2024-1565 EmbedPress <= 3.9.10 - Authenticated(Contributor+) Stored Cross-Site Scripting via PDF Widget URL

The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the PDF Widget URL in all versions up to, and including, 3.9.10 due to insufficient input sanitization....

CVE-2024-1565 EmbedPress <= 3.9.10 - Authenticated(Contributor+) Stored Cross-Site Scripting via PDF Widget URL

The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the PDF Widget URL in all versions up to, and including, 3.9.10 due to insufficient input sanitization....

Google Warns of Pixel Firmware Security Flaw Exploited as Zero-Day

Google has warned that a security flaw impacting Pixel Firmware has been exploited in the wild as a zero-day. The high-severity vulnerability, tagged as CVE-2024-32896, has been described as an elevation of privilege issue in Pixel Firmware. The company did not share any additional details related....

Chromium: CVE-2024-5834 Inappropriate implementation in Dawn

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more...

Chromium: CVE-2024-5838 Type Confusion in V8

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more...

Chromium: CVE-2024-5847 Use after free in PDFium

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more...

Chromium: CVE-2024-5831 Use after free in Dawn

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more...

Chromium: CVE-2024-5840 Policy Bypass in CORS

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more...

Chromium: CVE-2024-5846 Use after free in PDFium

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more...

Chromium: CVE-2024-5841 Use after free in V8

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more...

Chromium: CVE-2024-5833 Type Confusion in V8

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more...

Chromium: CVE-2024-5835 Heap buffer overflow in Tab Groups

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more...

Chromium: CVE-2024-5845 Use after free in Audio

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more...

Chromium: CVE-2024-5843 Inappropriate implementation in Downloads

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more...

Chromium: CVE-2024-5830 Type Confusion in V8

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more...

Chromium: CVE-2024-5837 Type Confusion in V8

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more...

Chromium: CVE-2024-5832 Use after free in Dawn

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more...

Chromium: CVE-2024-5842 Use after free in Browser UI

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more...

Chromium: CVE-2024-5836 Inappropriate Implementation in DevTools

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more...

Chromium: CVE-2024-5839 Inappropriate Implementation in Memory Allocator

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more...

Chromium: CVE-2024-5844 Heap buffer overflow in Tab Strip

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more...

Malicious code in elasticsearch-client-specification (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (135b81ee4c5cd6816ab6d993d70f307d56438812d60a3364b38638cc80b4ce68) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in djangosnippets.org (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (c166a453b773becdea05dfd92ed988141528a96f6dc77e8435f871c68c0d3f1b) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-5661

An issue has been identified in both XenServer 8 and Citrix Hypervisor 8.2 CU1 LTSR which may allow a malicious administrator of a guest VM to cause the host to become slow and/or...

CVE-2024-5661

An issue has been identified in both XenServer 8 and Citrix Hypervisor 8.2 CU1 LTSR which may allow a malicious administrator of a guest VM to cause the host to become slow and/or...

CVE-2024-5661 Potential Denial of Service affecting XenServer and Citrix Hypervisor

An issue has been identified in both XenServer 8 and Citrix Hypervisor 8.2 CU1 LTSR which may allow a malicious administrator of a guest VM to cause the host to become slow and/or...

CVE-2024-5661 Potential Denial of Service affecting XenServer and Citrix Hypervisor

An issue has been identified in both XenServer 8 and Citrix Hypervisor 8.2 CU1 LTSR which may allow a malicious administrator of a guest VM to cause the host to become slow and/or...

Malicious code in legacyreact-aws-s3-typescript (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (60942b87c6d2334d09d059276cc2d838002e2e0f5093e53fc6819e1972e02282) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CGA-r83q-r39w-2m73

Bulletin has no...

CGA-58mr-f472-9h7j

Bulletin has no...

CGA-35qq-v4x7-g8hr

Bulletin has no...

Malicious code in dependences (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (01937c3da9bea8e85a1f2b11953989f03d30855db63d1feaca17c660227a83c5) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @yashorg/frontend-logger (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (ff07f4f96c73a58bf8e1069d844465549fbe1c2a9dd169ef994b1124c5a143e3) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Heap-buffer-overflow in ArduinoJson::V704HB22::detail::MsgPackDeserializer<ArduinoJson::V704HB22::detail

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69497 Crash type: Heap-buffer-overflow WRITE 1 Crash state: ArduinoJson::V704HB22::detail::MsgPackDeserializer&lt;ArduinoJson::V704HB22::detail ArduinoJson::V704HB22::DeserializationError::Code ArduinoJson::V704HB22::detail:...

Mozilla Thunderbird < 115.12

The version of Thunderbird installed on the remote Windows host is prior to 115.12. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-28 advisory. Memory corruption in the networking stack could have led to a potentially exploitable crash. (CVE-2024-5702) ...

Debian dla-3826 : cups - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3826 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3826-1 [email protected] ...

RHEL 8 : dnsmasq (RHSA-2024:3929)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3929 advisory. The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol)...

Ubuntu: Security Advisory (USN-6819-3)

The remote host is missing an update for...

Mageia: Security Advisory (MGASA-2024-0216)

The remote host is missing an update for...

Oracle Linux 9 : gvisor-tap-vsock (ELSA-2024-3830)

The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2024-3830 advisory. - rebuild for CVE-2023-45290 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not...

Adobe ColdFusion < 2021.x < 2021u14 / 2023.x < 2023u8 Multiple Vulnerabilities (APSB24-41)

The version of Adobe ColdFusion installed on the remote Windows host is prior to 2021.x update 14 or 2023.x update 8. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB24-41 advisory. Improper Access Control (CWE-284) potentially leading to Arbitrary file system...

CentOS 7 : 389-ds-base (RHSA-2024:3591)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3591 advisory. A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while...