CVE-2026-11003

CVE-2026-11003 describes a use-after-free in WebRTC of Google Chrome prior to 149.0.7827.53, enabling a remote attacker to execute arbitrary code inside the browser sandbox via a crafted HTML page. Affected software is Google Chrome (WebRTC component); the root cause is use-after-free in WebRTC h...

CLSA-2024-1734028058 Fix CVE(s): CVE-2024-11003, CVE-2024-48990, CVE-2024-48991, CVE-2024-48992

SECURITY UPDATE: Prevent running the Python interpreter with an attacker-controlled PYTHONPATH environment variable - debian/patches/CVE-2024-48990-CVE-2024-48991.patch: do not set PYTHONPATH environment variable to prevent a LPE and prevent race condition on /proc/$PID/exec evaluation -...

Ubuntu: Security Advisory (USN-7117-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 39 : needrestart (2024-6015ee69f0)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-6015ee69f0 advisory. Rebase to fix CVEs Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested...

Fedora 41 : needrestart (2024-a9cf3dad4f)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-a9cf3dad4f advisory. Rebase to fix CVEs Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested...

Fedora: Security Advisory (FEDORA-2024-d2124788a8)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

needrestart Local Privilege Escalation Vulnerability

LPEs in needrestart CVE-2024-48990, CVE-2024-48991, CVE-2024-48992, CVE-2024-10224, and CVE-2024-11003 ======================================================================== Contents ======================================================================== Summary Background CVE-2024-48990 and...

needrestart Local Privilege Escalation

Qualys Security Advisory LPEs in needrestart CVE-2024-48990, CVE-2024-48991, CVE-2024-48992, CVE-2024-10224, and CVE-2024-11003 ======================================================================== Contents ======================================================================== Summary...

CVE-2024-11003

creationtimestamp| type| source ---|---|--- 2024-11-21 13:05:05+00:00| seen| https://t.me/truesecator/6456 2024-11-23 01:55:46+00:00| seen| https://t.me/itsecnews/4798 2024-11-24 19:00:01+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/9164 2024-11-24 22:11:52+00:00|...

Ubuntu: Security Advisory (USN-7117-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 3957-1] needrestart security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3957-1 [email protected] https://www.debian.org/lts/security/ Salvatore Bonaccorso November 19, 2024 https://wiki.debian.org/LTS -...

[SECURITY] [DSA 5815-1] needrestart security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5815-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 19, 2024 https://www.debian.org/security/faq -...

CVE-2024-11003

Qualys discovered that needrestart, before version 3.8, passes unsanitized data to a library Modules::ScanDeps which expects safe input. This could allow a local attacker to execute arbitrary shell commands. Please see the related CVE-2024-10224 in Modules::ScanDeps...

CVE-2020-17403

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Design/Logic Flaw

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2020-17403

Summary: CVE-2020-17403 affects Foxit Studio Photo (notably versions prior to 3.6.6.928, with references to 3.6.6.922 in some records). The issue is a PSD file handling vulnerability caused by insufficient validation, resulting in an out-of-bounds write that can execute code in the process contex...

CVE-2020-11003

The CVE-2020-11003 entry concerns the Oasis open-source application. Affected software is Oasis before version 2.15.0, where a DNS rebinding and CSRF vulnerability exists that can allow an attacker to read/write to vulnerable applications when a user is tricked into visiting a malicious site. The...

CVE-2016-11003

The Bloom plugin for WordPress (Elegant Themes) is affected prior to version 1.1.1, with a privilege escalation vulnerability disclosed across multiple sources (NVD/Red Hat/WPVulnDB/PT Security). Impact described as privilege escalation for registered users, with remediation to upgrade to version...

5x5_uploader (>=1.0.0 <=1.2.2), @3t-transform/threeteeui (>=0.0.1 <=0.0.6) +251 more potentially affected by CVE-2019-11003 via materialize-css (>=0.100.2 <=1.0.0)

materialize-css NPM version =0.100.2, =1.0.0, =0.0.1, =1.0.1, =1.0.3, =1.0.0, =6.1.3, =45.4.6, =0.0.3, =1.0.2, =0.0.4, =0.0.6, =1.0.0, =0.5.0, =0.7.0 and more Source cves: CVE-2019-11003 Source advisory: OSV:GHSA-7752-F4GF-94GC...

CVE-2019-11003

In Materialize through 1.0.0, XSS is possible via the Autocomplete feature...