[SECURITY] Fedora 43 Update: rust-oo7-cli-0.4.3-5.fc43

System keyring access from the terminal...

Cross-site Scripting (XSS)

Overview @jupyterlab/apputils-extension is a JupyterLab - Application Utilities Extension Affected versions of this package are vulnerable to Cross-site Scripting XSS via the handling of data-commandlinker-command and data-commandlinker-args attributes in HTML content. An attacker can execute...

GHSA-RCH3-82JR-F9W9 Jupyter Notebook Vulnerable to Authentication Token Theft via CommandLinker XSS

Impact A stored Cross-Site Scripting XSS vulnerability in Jupyter Notebook allows attackers to steal authentication tokens from users who open malicious notebook files and interact with elements that the attacker can make look indistinguishable from legitimate controls single click interaction. T...

Missing Authentication For Critical Function

marimo is vulnerable to Missing Authentication For Critical Function. The vulnerability is due to missing authentication validation in the /terminal/ws WebSocket endpoint, which allows an attacker to establish a shell and execute arbitrary system commands without authentication...

[SECURITY] Fedora 43 Update: rust-oo7-cli-0.4.3-4.fc43

System keyring access from the terminal...

USN-7978-1: GNU Screen vulnerabilities

It was discovered that GNU Screen incorrectly handled signals when setuid or setgid privileges were being used, which is not the default in Ubuntu. A local attacker could use this issue to send privileged signals, possibly leading to a denial of service. This issue only affected Ubuntu 22.04 LTS...

CVE-2010-0537

DesktopServices in Apple Mac OS X 10.6 before 10.6.3 does not properly resolve pathnames in certain circumstances involving an application's save panel, which allows user-assisted remote attackers to trigger unintended remote file copying via a crafted share name...

CVE-2025-36131

IBM Db2 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows includes Db2 Connect Server clpplus command exposes user credentials to the terminal which could be obtained by a third party with physical access to the system...

CVE-2025-36131 IBM Db2 information disclosure

IBM Db2 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows includes Db2 Connect Server clpplus command exposes user credentials to the terminal which could be obtained by a third party with physical access to the system...

EUVD-2005-3256

Malware in sbrugna...

EUVD-2014-2962

Malware in sbrugna...

EUVD-2005-2512

Malware in sbrugna...

EUVD-2013-6963

Malware in sbrugna...

EUVD-2024-2418

Malicious code in bioql PyPI...

EUVD-2024-52303

Malicious code in bioql PyPI...

EUVD-2025-30813

Malicious code in bioql PyPI...

Cisco IOS and IOS XE Software TACACS+ Authentication Bypass Vulnerability

A vulnerability in the implementation of the TACACS+ protocol in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to view sensitive data or bypass authentication. This vulnerability exists because the system does not properly check whether the required...

📄 Remote for Mac 2025.6 Remote Code Execution

This Metasploit module exploits an unauthenticated remote code execution vulnerability in Remote for Mac 2025.6. When the "Allow unknown devices" setting is enabled, it is possible to simulate keyboard input via UDP packets without authentication. By sending a sequence of key presses, an attacker...

EulerOS 2.0 SP13 : screen (EulerOS-SA-2025-1999)

According to the versions of the screen package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Screen version 5.0.0 and older version 4 releases have a TOCTOU race potentially allowing to send SIGHUP, SIGCONT to privileged processes when...

EulerOS 2.0 SP11 : screen (EulerOS-SA-2025-1968)

According to the versions of the screen package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : For a short time they PTY is set to mode 666, allowing any user on the system to connect to the screen session.CVE-2025-46802 A minor information...