8 matches found
JLSEC-2026-100 Deno is vulnerable to race condition via interactive permission prompt spoofing
Impact Multi-threaded programs were able to spoof interactive permission prompt by rewriting the prompt to suggest that program is waiting on user confirmation to unrelated action. A malicious program could clear the terminal screen after permission prompt was shown and write a generic message li...
CVE-2025-64407
Apache OpenOffice documents can contain links. A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. Such links could also be used to transmit system information, such as environment variable...
CVE-2025-64405 Apache OpenOffice: Remote documents loaded without prompt via DDE function
Apache OpenOffice documents can contain links. A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of Apache OpenOffice, Calc spreadsheet containing DDE links to...
CVE-2024-40835
A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8, watchOS 10.6. A shortcut may be able to use sensitive data with certain actions without prompting the us...
Apple macOS Ventura 安全漏洞
Apple macOS Ventura is a desktop operating system from Apple Inc. in the United States. A security vulnerability exists in Apple macOS Ventura version 13.4, which stems from a shortcut command that may be able to use sensitive data for certain operations without prompting the user...
GHSA-MC52-JPM2-CQH6 Deno is vulnerable to race condition via interactive permission prompt spoofing
Impact Multi-threaded programs were able to spoof interactive permission prompt by rewriting the prompt to suggest that program is waiting on user confirmation to unrelated action. A malicious program could clear the terminal screen after permission prompt was shown and write a generic message li...
Code injection
Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Multi-threaded programs were able to spoof interactive permission prompt by rewriting the prompt to suggest that program is waiting on user confirmation to unrelated action. A malicious program could clear the...
CVE-1999-1474
CVE-1999-1474 concerns PowerPoint 95 and 97 where opening a document in a browser (e.g., Internet Explorer) could trigger an automatic execution of an application without user prompting. The available sources describe that remote attackers could cause an application to run automatically via the s...