Moderate: Red Hat Security Advisory: rh-mariadb103-mariadb security and bug fix update

An update for rh-mariadb103-mariadb and rh-mariadb103-galera is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Moderate: Red Hat Security Advisory: rh-mariadb105-mariadb security and bug fix update

An update for rh-mariadb105-mariadb and rh-mariadb105-galera is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Microsoft Win32k 权限许可和访问控制问题漏洞

Microsoft Win32k is a system file for Windows multi-user management from Microsoft USA. Microsoft Win32k has an elevation of privilege vulnerability, and no details of the vulnerability are currently available...

Zooming in on Zero-click Exploits

Posted by Natalie Silvanovich, Project Zero Zoom is a video conferencing platform that has gained popularity throughout the pandemic. Unlike other video conferencing systems that I have investigated, where one user initiates a call that other users must immediately accept or reject, Zoom calls ar...

Improper Privilege Management in shelljs

Impact Output from the synchronous version of shell.exec may be visible to other users on the same system. You may be affected if you execute shell.exec in multi-user Mac, Linux, or WSL environments, or if you execute shell.exec as the root user. Other shelljs functions including the asynchronous...

GHSA-64G7-MVW6-V9QJ Improper Privilege Management in shelljs

Impact Output from the synchronous version of shell.exec may be visible to other users on the same system. You may be affected if you execute shell.exec in multi-user Mac, Linux, or WSL environments, or if you execute shell.exec as the root user. Other shelljs functions including the asynchronous...

Cross site scripting

Convos is an open source multi-user chat that runs in a web browser. Characters starting with "https://" in the chat window create an tag. Stored XSS vulnerability using onfocus and autofocus occurs because escaping exists for "" but escaping for double quotes does not exist. Through this...

CVE-2022-21649

Convos (open source multi-user web chat) is affected by a Stored XSS in chat messages. The vulnerability arises because escaping exists for but not for double quotes, enabling attacker-controlled scripts via the chat window (e.g., injected by https:// links that become tags). The root cause is ...

CVE-2022-21649 Stored XSS via attribute in convos

Convos is an open source multi-user chat that runs in a web browser. Characters starting with "https://" in the chat window create an tag. Stored XSS vulnerability using onfocus and autofocus occurs because escaping exists for "" but escaping for double quotes does not exist. Through this...

Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat

Description livehelperchat is vulnerable to stored XSS in users profile setting where username, password, repeat password, nickname, name, surname, job title fields are vulnerable to stored XSS. Proof of Concept this.constructor.constructor'alert"foo"' Enter the given payload in the above-mention...

Huawei HarmonyOS multi-user settings issue vulnerability

Huawei HarmonyOS is an operating system from Huawei, China. Huawei HarmonyOS is vulnerable to a multi-user setup issue. An attacker could exploit this vulnerability to compromise confidentiality...

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from Huawei, China. Huawei HarmonyOS is vulnerable to a multi-user setup issue. An attacker could exploit this vulnerability to compromise confidentiality...

[SECURITY] Fedora 35 Update: community-mysql-8.0.27-1.fc35

MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon mysqld and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files...

[SECURITY] Fedora 33 Update: community-mysql-8.0.27-1.fc33

MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon mysqld and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files...

PHP Event Calendar Lite Edition is vulnerable to SQL injection

PHP Event Calendar is an open source AJAX-based multi-user modern event calendar. It is easy to integrate and fully customizable.PHP Event Calendar Lite Edition is vulnerable to SQL injection, which can be exploited by attackers to execute illegal SQL commands to obtain sensitive database data...

CVE-2021-41247

JupyterHub is an open source multi-user server for Jupyter notebooks. In affected versions users who have multiple JupyterLab tabs open in the same browser session, may see incomplete logout from the single-user server, as fresh credentials for the single-user server only, not the Hub reinstated...

CVE-2021-41247

JupyterHub is an open source multi-user server for Jupyter notebooks. In affected versions users who have multiple JupyterLab tabs open in the same browser session, may see incomplete logout from the single-user server, as fresh credentials for the single-user server only, not the Hub reinstated...

PYSEC-2021-386

JupyterHub is an open source multi-user server for Jupyter notebooks. In affected versions users who have multiple JupyterLab tabs open in the same browser session, may see incomplete logout from the single-user server, as fresh credentials for the single-user server only, not the Hub reinstated...

CVE-2021-41247

CVE-2021-41247 affects JupyterHub, where users with multiple JupyterLab tabs in a single browser session may experience incomplete logout from the single-user server, as fresh credentials are reinstated if another active JupyterLab session remains open during logout. The issue is mitigated by upg...

CVE-2021-41247

JupyterHub is an open source multi-user server for Jupyter notebooks. In affected versions users who have multiple JupyterLab tabs open in the same browser session, may see incomplete logout from the single-user server, as fresh credentials for the single-user server only, not the Hub reinstated...