155 matches found
CVE-2020-26210
In BookStack before version 0.30.4, a user with permissions to edit a page could add an attached link which would execute untrusted JavaScript code when clicked by a viewer of the page. Dangerous content may remain in the database after this update. If you think this could have been exploited the...
CLSA-2024-1735300286 gnome-shell: Fix of CVE-2024-36472
CVE-2024-36472: fix portal helper from launching automatically based on network responses to prevent loading untrusted JavaScript code...
Amazon Linux 2 : gnome-shell (ALAS-2024-2714)
The version of gnome-shell installed on the remote host is prior to 3.28.3-34. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2714 advisory. In GNOME Shell through 45.7, a portal helper can be launched automatically without user confirmation based on network respons...
Medium: gnome-shell
Issue Overview: In GNOME Shell through 45.7, a portal helper can be launched automatically without user confirmation based on network responses provided by an adversary e.g., an adversary who controls the local Wi-Fi network, and subsequently loads untrusted JavaScript code, which may lead to...
Medium: gnome-shell
Issue Overview: In GNOME Shell through 45.7, a portal helper can be launched automatically without user confirmation based on network responses provided by an adversary e.g., an adversary who controls the local Wi-Fi network, and subsequently loads untrusted JavaScript code, which may lead to...
MGASA-2024-0314 Updated gnome-shell packages fix security vulnerability
In GNOME Shell through 45.7, a portal helper can be launched automatically without user confirmation based on network responses provided by an adversary e.g., an adversary who controls the local Wi-Fi network, and subsequently loads untrusted JavaScript code, which may lead to resource consumptio...
openSUSE Security Advisory (SUSE-SU-2024:2272-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Updated python-js2py packages fix security vulnerability
CVE-2024-28397: Fixed a potential sandbox escape via untrusted JavaScript code...
MGASA-2024-0256 Updated python-js2py packages fix security vulnerability
CVE-2024-28397: Fixed a potential sandbox escape via untrusted JavaScript code...
SUSE-SU-2024:2272-1 Security update for python-Js2Py
This update for python-Js2Py fixes the following issues: - CVE-2024-28397: Fixed a potential sandbox escape via untrusted JavaScript code bsc1226660...
SUSE CVE-2024-36472
In GNOME Shell through 45.7, a portal helper can be launched automatically without user confirmation based on network responses provided by an adversary e.g., an adversary who controls the local Wi-Fi network, and subsequently loads untrusted JavaScript code, which may lead to resource consumptio...
CVE-2024-36472
In GNOME Shell through 45.7, a portal helper can be launched automatically without user confirmation based on network responses provided by an adversary e.g., an adversary who controls the local Wi-Fi network, and subsequently loads untrusted JavaScript code, which may lead to resource consumptio...
DEBIAN-CVE-2024-36472
In GNOME Shell through 45.7, a portal helper can be launched automatically without user confirmation based on network responses provided by an adversary e.g., an adversary who controls the local Wi-Fi network, and subsequently loads untrusted JavaScript code, which may lead to resource consumptio...
UBUNTU-CVE-2024-36472
In GNOME Shell through 45.7, a portal helper can be launched automatically without user confirmation based on network responses provided by an adversary e.g., an adversary who controls the local Wi-Fi network, and subsequently loads untrusted JavaScript code, which may lead to resource consumptio...
CVE-2024-36472
In GNOME Shell through 45.7, a portal helper can be launched automatically without user confirmation based on network responses provided by an adversary e.g., an adversary who controls the local Wi-Fi network, and subsequently loads untrusted JavaScript code, which may lead to resource consumptio...
CVE-2024-36472
In GNOME Shell through 45.7, a portal helper can be launched automatically without user confirmation based on network responses provided by an adversary e.g., an adversary who controls the local Wi-Fi network, and subsequently loads untrusted JavaScript code, which may lead to resource consumptio...
GNOME Shell 安全漏洞
GNOME Shell is a shell from the GNOME Project that provides core user interface functionality for the GNOME desktop such as switching windows, launching applications or viewing notifications. A security vulnerability exists in GNOME Shell 45.7 and earlier versions, which stems from allowing the...
Sandbox Escape
@hoppscotch/cli is vulnerable to Sandbox Escape. The vulnerability is due to the insecure usage of the Node.js vm module, which allows untrusted JavaScript code to break out of the sandbox. It allows to gain access to references of objects created outside of the vm context...
PT-2023-7724 · Adobe · Experience Manager
Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.18 and earlier Description: The issue exists due to inadequate protection of the web page structure. Exploitation may allow a remote attacker to execute arbitrary code. A low-privileged attacker can...
Type Confusion
hermes-engine is vulnerable to Type Confusion. A remote attacker is able to inject malicious content due to insufficient checks in TypeInference.cpp, which results in type confusion, leading arbitrary code execution via untrusted JavaScript...