Google Chrome < 56.0.2924.76 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 56.0.2924.76. It is, therefore, affected by multiple vulnerabilities as referenced in the 201701stable-channel-update-for-desktop advisory. - A use after free in Google Chrome prior to 56.0.2924.76 for Linux, Windows and...

Siemens SIMATIC S7-1500 Missing Encryption of Sensitive Data (CVE-2022-46908)

SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE. This plugin only works with Tenable.ot. Please visit...

EUVD-2017-15311

Malware in sbrugna...

git: The sideband payload is passed unfiltered to the terminal in git

A flaw was found in Git. When cloning, fetching, or pushing from a server, informational or error messages are transported from the remote Git process to the client via a sideband channel. These messages are prefixed with "remote:" and printed directly to the standard error output. Typically, thi...

CVE-2024-52005

CVE-2024-52005 affects Git via ANSI escape sequence injections in the sideband channel. A PoC demonstrates exploitation; affected versions include pre-2.48.1, 2.47.3, 2.46.5, 2.45.4, and 2.44.3. Impacts include hiding/misrepresenting output, fake security prompts, social‑engineering payloads, and...

Microsoft Windows Untrusted Script Execution Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing o...

SUSE-SU-2023:2668-1 Security update for sqlite3

This update for sqlite3 fixes the following issues: - CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism, when relying on --safe for execution of an untrusted CLI script bsc1206337...

Microsoft Windows Untrusted Script Execution Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing o...

OESA-2022-2146 sqlite security update

Security Fixes: SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE.CVE-2022-46908...

SQLite through 3.40.0 when relying on --safe for execution of an untrusted CLI script does not properly implement the azProhibitedFunctions protection mechanism and instead allows UDF functions such as WRITEFILE.

...

CVE-2022-46908

SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE...

Microsoft Windows Untrusted Script Execution Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing o...

Cross-site Scripting (XSS) - Stored in jspark311/buriedunderthenoisefloor

Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into websites. An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execut...

Script Src Integrity Check

The remote host may be vulnerable to payment entry data exfiltration due to javascript included from potentially untrusted and unverified third parties script src. If the host is controlled by a 3rd party, ensure that the 3rd party is PCI DSS compliant. C Tenable Network Security, Inc...

Design/Logic Flaw

NVIDIA GeForce Experience contains a vulnerability in NVIDIA Web Helper.exe, where untrusted script execution may lead to violation of application execution policy and local code execution...

CVE-2017-6250

NVIDIA GeForce Experience contains a vulnerability in NVIDIA Web Helper.exe, where untrusted script execution may lead to violation of application execution policy and local code execution...

CVE-2017-6250

NVIDIA GeForce Experience contains a vulnerability in NVIDIA Web Helper.exe, where untrusted script execution may lead to violation of application execution policy and local code execution...

CVE-2017-6250

NVIDIA GeForce Experience contains a vulnerability in NVIDIA Web Helper.exe, where untrusted script execution may lead to violation of application execution policy and local code execution...

CVE-2017-6250

CVE-2017-6250 affects NVIDIA GeForce Experience, specifically the NVIDIA Web Helper.exe component. The issue permits local code execution through untrusted script execution, per the CVSS3 base metrics (High impact on confidentiality, integrity, and availability; local attack vector with low compl...

Security Bulletin: NVIDIA GeForce Experience contains a vulnerability in NVIDIA Web Helper.exe (repackaged Node.js)

Vulnerability Details The following section summarizes the vulnerability and CVSS risk assessment. CVE-2017-6250 NVIDIA GeForce Experience contains a vulnerability in NVIDIA Web Helper.exe, where untrusted script execution may lead to violation of application execution policy and local code...