Arbitrary JavaScript execution due to using outdated libraries

Summary gradio-pdf projects with dependencies on the pdf.js library are vulnerable to CVE-2024-4367, which allows arbitrary JavaScript execution. PoC 1. Generate a pdf file with a malicious script in the fontmatrix. This will run alert‘XSS’. poc.pdf 2. Run the app. In this PoC, I've used the demo...

[SECURITY] Fedora 40 Update: kf5-kwayland-5.115.0-3.fc40

KDE Frameworks 5 library that wraps Client and Server Wayland libraries...

[SECURITY] Fedora 40 Update: dwayland-5.25.0-6.fc40

Qt-style Client and Server library wrapper for the Wayland libraries...

RHEL 6 : glibc (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - glibc: Incorrect handling of RPATH in elf/dl-load.c can be used to execute code loaded from arbitrary...

[SECURITY] Fedora 39 Update: plasma-workspace-5.27.11.1-1.fc39

Plasma 5 libraries and runtime components...

[SECURITY] Fedora 39 Update: rust-bindgen-cli-0.69.4-2.fc39

Automatically generates Rust FFI bindings to C and C++ libraries...

[SECURITY] Fedora 40 Update: plasma-workspace-6.0.5.1-1.fc40

Plasma 6 libraries and runtime components...

[SECURITY] Fedora 40 Update: qt6-qt5compat-6.7.1-1.fc40

Qt6 - Qt 5 Compatibility Libraries...

Fedora 40 : glycin-loaders / gnome-tour / helix / helvum / libipuz / loupe / etc (2024-ce2936b568)

The remote Fedora 40 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-ce2936b568 advisory. This update contains builds from a mini-mass-rebuild for Rust applications and some C-style libraries. Rebuilding with the Rust 1.78 toolchain should fix...

RHEL 9 : glibc (RHSA-2024:3411)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3411 advisory. The glibc packages provide the standard C libraries libc, POSIX thread libraries libpthread, standard math libraries libm, and the name...

RHEL 9 : glibc (RHSA-2024:3423)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3423 advisory. The glibc packages provide the standard C libraries libc, POSIX thread libraries libpthread, standard math libraries libm, and the name...

CVE-2024-35219

OpenAPI Generator allows generation of API client libraries SDK generation, server stubs, documentation and configuration automatically given an OpenAPI Spec. Prior to version 7.6.0, attackers can exploit a path traversal vulnerability to read and delete files and folders from an arbitrary,...

CVE-2024-35219 OpenAPI Generator Online - Arbitrary File Read/Delete

OpenAPI Generator allows generation of API client libraries SDK generation, server stubs, documentation and configuration automatically given an OpenAPI Spec. Prior to version 7.6.0, attackers can exploit a path traversal vulnerability to read and delete files and folders from an arbitrary,...

CVE-2024-35219

OpenAPI Generator (OpenAPI Tools) before version 7.6.0 is vulnerable to path traversal via the outputFolder option, allowing an attacker to read and delete files in arbitrary writable directories. The known impacted range is

CVE-2024-35219 OpenAPI Generator Online - Arbitrary File Read/Delete

OpenAPI Generator allows generation of API client libraries SDK generation, server stubs, documentation and configuration automatically given an OpenAPI Spec. Prior to version 7.6.0, attackers can exploit a path traversal vulnerability to read and delete files and folders from an arbitrary,...

Fedora: Security Advisory (FEDORA-2024-eafbf519ec)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2024-8f4d69d2ec)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2024-9be1b94714)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for glibc (FEDORA-2024-f7ae5df88d)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: rust-bindgen-cli-0.69.4-2.fc40

Automatically generates Rust FFI bindings to C and C++ libraries...