EUVD-2022-44530

Malicious code in bioql PyPI...

[SECURITY] Fedora 42 Update: gotify-desktop-1.3.7-5.fc42

Small Gotify daemon to receive messages and forward them as desktop notificat ions. Read Gotify messages, and forward them as standard desktop notification . Forward message priority. Auto reconnect if server connection is lost and g et missed messages. Automatically download, cache, and show app...

[SECURITY] Fedora 40 Update: gotify-desktop-1.3.7-4.fc40

Small Gotify daemon to receive messages and forward them as desktop notificat ions. Read Gotify messages, and forward them as standard desktop notification . Forward message priority. Auto reconnect if server connection is lost and g et missed messages. Automatically download, cache, and show app...

[SECURITY] Fedora 41 Update: gotify-desktop-1.3.7-4.fc41

Small Gotify daemon to receive messages and forward them as desktop notificat ions. Read Gotify messages, and forward them as standard desktop notification . Forward message priority. Auto reconnect if server connection is lost and g et missed messages. Automatically download, cache, and show app...

CVE-2023-33244

Obsidian before 1.2.2 allows calls to unintended APIs for microphone access, camera access, and desktop notification via an embedded web page...

Design/Logic Flaw

Obsidian before 1.2.2 allows calls to unintended APIs for microphone access, camera access, and desktop notification via an embedded web page...

PT-2023-24240 · Obsidian · Obsidian

Name of the Vulnerable Software and Affected Versions: Obsidian versions prior to 1.2.2 Description: The issue allows calls to unintended APIs, including those for microphone access, camera access, and desktop notification, via an embedded web page. Recommendations: For versions prior to 1.2.2,...

CVE-2023-27035

An issue discovered in Obsidian Canvas 1.1.9 allows remote attackers to send desktop notifications, record user audio and other unspecified impacts via embedded website on the canvas page...

Code injection

An issue discovered in Obsidian Canvas 1.1.9 allows remote attackers to send desktop notifications, record user audio and other unspecified impacts via embedded website on the canvas page...

CVE-2023-27035

An issue discovered in Obsidian Canvas 1.1.9 allows remote attackers to send desktop notifications, record user audio and other unspecified impacts via embedded website on the canvas page...

CVE-2023-27035

An issue discovered in Obsidian Canvas 1.1.9 allows remote attackers to send desktop notifications, record user audio and other unspecified impacts via embedded website on the canvas page...

Obsidian 安全漏洞

Obsidian is a knowledge base for native Markdown files from the Obsidian community. A security vulnerability exists in Obsidian Canvas version 1.1.9 that originates from a vulnerability that allows remote attackers to send desktop notifications, record user audio, and other unspecified impacts vi...

CVE-2023-27035

CVE-2023-27035 affects Obsidian Canvas 1.1.9. The issue allows remote attackers to trigger sensitive Web APIs from embedded pages on the canvas, enabling actions such as sending desktop notifications and recording the user’s audio without explicit user permission. The root cause, as described in ...

PT-2023-20910 · Unknown · Obsidian Canvas

Name of the Vulnerable Software and Affected Versions: Obsidian Canvas version 1.1.9 Description: An issue in Obsidian Canvas allows remote attackers to send desktop notifications, record user audio, and potentially have other unspecified impacts. This can be achieved via an embedded website on t...

USN-5659-1: kitty vulnerabilities

Stephane Chauveau discovered that kitty incorrectly handled image filenames with special characters in error messages. A remote attacker could possibly use this to execute arbitrary commands. This issue only affected Ubuntu 20.04 LTS. CVE-2020-35605 Carter Sande discovered that kitty incorrectly...

CVE-2019-16908

An issue was discovered in the Infosysta "In-App & Desktop Notifications" app before 1.6.14J8 for Jira. It is possible to obtain a list of all Jira projects without authentication/authorization via the plugins/servlet/nfj/ProjectFilter?searchQuery= URI...

CVE-2019-16909

An issue was discovered in the Infosysta "In-App & Desktop Notifications" app before 1.6.14J8 for Jira. It is possible to obtain a list of all Jira projects with authentication as a Jira user, but without authorization for specific projects via the plugins/servlet/nfj/NotificationSettings URI...

Design/Logic Flaw

An issue was discovered in the Infosysta "In-App & Desktop Notifications" app before 1.6.14J8 for Jira. It is possible to obtain a list of all Jira projects with authentication as a Jira user, but without authorization for specific projects via the plugins/servlet/nfj/NotificationSettings URI...

CVE-2019-16909

CVE-2019-16909 affects Infosysta “In-App & Desktop Notifications” for Jira prior to 1.6.14_J8. An authenticated Jira user without project authorization can enumerate all Jira projects via the endpoint plugins/servlet/nfj/NotificationSettings, exposing information about projects. Root cause: insuf...

CVE-2019-16908

CVE-2019-16908 affects Infosysta In-App & Desktop Notifications for Jira (before 1.6.14_J8). The vulnerability allows an unauthenticated user to obtain a list of all Jira projects via plugins/servlet/nfj/ProjectFilter?searchQuery=, due to an authorization check bypass in the plugin. Impact is inf...