Thai Officials Targeted in Yokai Backdoor Campaign Using DLL Side-Loading Techniques

Thai government officials have emerged as the target of a new campaign that leverages a technique called DLL side-loading to deliver a previously undocumented backdoor dubbed Yokai. "The target of the threat actors were Thailand officials based on the nature of the lures," Nikhil Hegde, senior...

Vulnerabilities fixed in Qlik Sense Enterprise for Windows

Qlik has fixed vulnerabilities in Qlik Sense Enterprise for Windows for versions before November 2024 IR. The vulnerabilities are in the way Qlik Sense Enterprise handles network access for non-privileged users. These users can create connection objects that can execute arbitrary EXE files, leadi...

firefox: thunderbird: Improper Keypress Handling in Executable File Confirmation Dialog

A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the following issue: When handling keypress events, an attacker may have been able to trick a user into bypassing the "Open Executable File?" confirmation dialog. This could have led to malicious code execution...

firefox: thunderbird: Improper Keypress Handling in Executable File Confirmation Dialog

A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the following issue: When handling keypress events, an attacker may have been able to trick a user into bypassing the "Open Executable File?" confirmation dialog. This could have led to malicious code execution...

Qlik Sense 安全漏洞

Qlik Sense is an application from Qlik, Inc. that allows users to create visualizations, charts, interactive dashboards, and analytical applications for local and offline use. A security vulnerability exists in Qlik Sense Enterprise for Windows prior to November 2024 IR, which stems from the fact...

firefox: thunderbird: Improper Keypress Handling in Executable File Confirmation Dialog

A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the following issue: When handling keypress events, an attacker may have been able to trick a user into bypassing the "Open Executable File?" confirmation dialog. This could have led to malicious code execution...

firefox: thunderbird: Improper Keypress Handling in Executable File Confirmation Dialog

A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the following issue: When handling keypress events, an attacker may have been able to trick a user into bypassing the "Open Executable File?" confirmation dialog. This could have led to malicious code execution...

firefox: thunderbird: Improper Keypress Handling in Executable File Confirmation Dialog

A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the following issue: When handling keypress events, an attacker may have been able to trick a user into bypassing the "Open Executable File?" confirmation dialog. This could have led to malicious code execution...

SUSE-SU-2024:4165-1 Security update for python

This update for python fixes the following issues: - CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses bsc1233307 Other fixes: - Add ipaddress module from https://github.com/phihag/ipaddress - Remove -IVendor/ from python-config bsc1231795 - Stop using %%defattr, it seems ...

Security update for python

This update for python fixes the following issues: CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses bsc1233307 Other fixes: - Add ipaddress module from https://github.com/phihag/ipaddress - Remove -IVendor/ from python-config bsc1231795 - Stop using %%defattr, it seems...

CVE-2024-25020

IBM Cognos Controller 11.0.0 and 11.0.1 is vulnerable to malicious file upload by allowing unrestricted filetype attachments in the Journal entry page. Attackers can make use of this weakness and upload malicious executable files into the system and can be sent to victims for performing further...

CVE-2024-40691

IBM Cognos Controller 11.0.0 and 11.0.1 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing...

CVE-2024-25019

IBM Cognos Controller 11.0.0 and 11.0.1 could be vulnerable to malicious file upload by not validating the type of file uploaded to Journal entry attachments. Attackers can make use of this weakness and upload malicious executable files into the system that can be sent to victims for performing...

CVE-2024-25019

IBM Cognos Controller 11.0.0 and 11.0.1 could be vulnerable to malicious file upload by not validating the type of file uploaded to Journal entry attachments. Attackers can make use of this weakness and upload malicious executable files into the system that can be sent to victims for performing...

CVE-2024-25020 IBM Cognos Controller file upload

IBM Cognos Controller 11.0.0 and 11.0.1 is vulnerable to malicious file upload by allowing unrestricted filetype attachments in the Journal entry page. Attackers can make use of this weakness and upload malicious executable files into the system and can be sent to victims for performing further...

CVE-2024-25020

CVE-2024-25020 affects IBM Cognos Controller 11.0.0 and 11.0.1, where uploading attachments on the Journal entry page allows unrestricted filetypes, enabling attackers to upload malicious executables that could be used against victims. The issue is documented across multiple sources linked to the...

CVE-2024-25020 IBM Cognos Controller file upload

IBM Cognos Controller 11.0.0 and 11.0.1 is vulnerable to malicious file upload by allowing unrestricted filetype attachments in the Journal entry page. Attackers can make use of this weakness and upload malicious executable files into the system and can be sent to victims for performing further...

CVE-2024-40691 IBM Cognos Controller file upload

IBM Cognos Controller 11.0.0 and 11.0.1 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing...

CVE-2024-40691

CVE-2024-40691 affects IBM Cognos Controller 11.0.0–11.0.1. The issue is a file-upload vulnerability where the web interface does not validate uploaded content, enabling attackers to upload malicious executable files that could be sent to victims for further attacks. The IBM security bulletin rec...

CVE-2024-40691 IBM Cognos Controller file upload

IBM Cognos Controller 11.0.0 and 11.0.1 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing...