9 matches found
VulnCheck KEV: CVE-2023-45311
fsevents before 1.2.11 depends on the https://fsevents-binaries.s3-us-west-2.amazonaws.com URL, which might allow an adversary to execute arbitrary code if any JavaScript project that depends on fsevents distributes code that was obtained from that URL at a time when it was controlled by an...
CVE-2024-10929 Spectre-BSE
In certain circumstances, an issue in Arm Cortex-A57, Cortex-A72 revisions before r1p0, Cortex-A73 and Cortex-A75 may allow an adversary to gain a weak form of control over the victim's branch history...
gnome-shell: code execution in portal helper
A vulnerability was found in GNOME Shell. A portal helper can be launched automatically without user confirmation based on the network responses provided by an adversary...
Cross-Site Scripting (XSS)
dash-core-components are vulnerable to Cross Site Scripting XSS. The vulnerability is caused due to improper handling of the href attribute of the tag when the href attribute is controlled by an adversary. This allows an attacker to steal data that is visible to another user who opens a view...
CVE-2024-21485
Versions of the package dash-core-components before 2.13.0; versions of the package dash-core-components before 2.0.0; versions of the package dash before 2.15.0; versions of the package dash-html-components before 2.0.0; versions of the package dash-html-components before 2.0.16 are vulnerable t...
GHSA-8R6J-V8PM-FQW3 Code injection in fsevents
fsevents before 1.2.11 depends on the https://fsevents-binaries.s3-us-west-2.amazonaws.com URL, which might allow an adversary to execute arbitrary code if any JavaScript project that depends on fsevents distributes code that was obtained from that URL at a time when it was controlled by an...
CVE-2023-45311
fsevents before 1.2.11 depends on the https://fsevents-binaries.s3-us-west-2.amazonaws.com URL, which might allow an adversary to execute arbitrary code if any JavaScript project that depends on fsevents distributes code that was obtained from that URL at a time when it was controlled by an...
GitHub Repojacking Bug Could've Allowed Attackers to Takeover Other Users' Repositories
Cloud-based repository hosting service GitHub has addressed a high-severity security flaw that could have been exploited to create malicious repositories and mount supply chain attacks. The RepoJacking technique, disclosed by Checkmarx, entails a bypass of a protection mechanism called popular...
Getting Better Together in Cybersecurity
As the wheels lift up on my latest flight I am left reflecting on another year in infosec. We are moving toward “something” and some days I can’t figure out if that something is disaster or safety. The tea leaves become hard to read with the cyber war that has been raging over into the mainstream...