Medium: gnome-shell

Issue Overview: In GNOME Shell through 45.7, a portal helper can be launched automatically without user confirmation based on network responses provided by an adversary e.g., an adversary who controls the local Wi-Fi network, and subsequently loads untrusted JavaScript code, which may lead to...

"Shonen Jump+" App for Android fails to restrict custom URL schemes properly

Overview "Shonen Jump+" App for Android provided by SHUEISHA INC. provides the function to access a requested URL using Custom URL Scheme. The App does not restrict access to the function properly CWE-939 which may be exploited to direct the App to access any sites. Toshiki Iwasaki of Mitsui Buss...

CVE-2023-41866

Missing Authorization vulnerability in Team Plugins360 Automatic YouTube Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Automatic YouTube Gallery: from n/a through 2.3.3...

WordPress plugin Automatic YouTube Gallery 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

Update now! Apple releases new security patches for vulnerabilities in iPhones, Macs, and more

Apple has released security patches for most of its operating systems, including iOS, Mac, iPadOS, Safari, and visionOS. To check if you’re using the latest software version, go to Settings or System Settings General Software Update. It’s also worth turning on Automatic Updates if you haven’t...

PT-2024-9661

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 131.0.6778.139 Chromium versions prior to 131.0.6778.139 Description A type confusion issue exists in the V8 JavaScript engine component of Google Chrome and Chromium. This issue could allow a remote attacker to...

Malicious code in auto-cancel-redundant-job (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 101f645ee53d82a1431bda0a23c718a688c58f23d0537c0da9ff38901d46a92c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

ROS-20241203-07

Nextcloud mail client vulnerability is related to incorrect automatic configuration. Exploitation of the vulnerability could allow an attacker acting remotely to impact the confidentiality Nextcloud mail client vulnerability is related to insufficient access control. Exploitation of the...

MAL-2024-11094 Malicious code in shopee-ui-automatic-import-loader (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6e30109d0ce569668c54f7d030ae4d33fd3858572a05996c3a53877d48629ef8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

WordPress plugin Auto internal links (100% automatic) SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

SUSE-SU-2024:4054-1 Security update for javapackages-tools, xmlgraphics-batik, xmlgraphics-commons, xmlgraphics-fop

This update for javapackages-tools, xmlgraphics-batik, xmlgraphics-commons, xmlgraphics-fop fixes the following issues: xmlgraphics-fop was updated from version 2.8 to 2.10: - Security issues fixed: CVE-2024-28168: Fixed improper restriction of XML External Entity XXE reference bsc1231428 -...

The vulnerability of the Automatic ConfigProvider component of the Apache Kafka messaging broker allows a hacker to disclose protected information.

The vulnerability of the Automatic ConfigProvider component in the Apache Kafka messaging broker is related to insufficient protection of operational data. Exploiting this vulnerability could allow a malicious actor, operating remotely, to disclose sensitive information that should be protected...

PT-2024-40311 · Surrealdb · Surrealdb

Name of the Vulnerable Software and Affected Versions: SurrealDB versions prior to 2.1.0 Description: The issue arises from the rand::time function in SurrealQL, which can potentially return None and cause a panic when unwrap is called, leading to a denial of service. An authorized client can mak...

Update now! Apple confirms vulnerabilities are already being exploited

Apple has released security patches for most of its operating systems, including iOS, Mac, iPadOS, Safari, and visionOS. The updates for iOS and Intel-based Mac systems are especially important, as they tackle vulnerabilities that are being actively exploited by cybercriminals. You should make su...

Fedora 37 : golang-github-docker-distribution (2022-21aa9bae12)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-21aa9bae12 advisory. Automatic update for golang-github-docker-distribution-2.8.1-2.20220821gitbc6b745.fc37. Changelog Sun Aug 21 2022 Robert-Andr Mauchin 2.8.1-2 - Upda...

Fedora 37 : golang-cloud-google (2022-6e5bcf2979)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-6e5bcf2979 advisory. Automatic update for golang-cloud-google-0.103.0-2.fc37. Changelog Wed Aug 3 2022 Robert-Andr Mauchin 0.103.0-2 - Fix tests on other arches Mon Aug ...

Fedora 38 : python3.6 (2022-3bc8e7f017)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-3bc8e7f017 advisory. Automatic update for python3.6-3.6.15-13.fc38. Changelog Wed Oct 5 2022 Victor Stinner - 3.6.15-13 - Prevent denial of service DoS by very large integers...

Fedora 37 : python3.9 (2022-68134abd68)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-68134abd68 advisory. Automatic update for python3.9-3.9.13-2.fc37. Changelog Thu Jun 9 2022 Charalampos Stratakis - 3.9.13-2 - Security fix for CVE-2015-20107 Resolves: rhbz20753...

Fedora 38 : pypy3.9 (2022-7936d4cf83)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-7936d4cf83 advisory. Automatic update for pypy3.9-7.3.9-4.3.9.fc38. Changelog Mon Oct 10 2022 Lumr Balhar - 7.3.9-4.3.9 - Backport fix for CVE-2021-28861 Resolves: rhbz2120789...

Fedora 37 : gopass (2022-dcb748c00d)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-dcb748c00d advisory. Automatic update for gopass-1.14.0-2.fc37. Changelog Wed Apr 20 2022 laiot 1.14.0-1 - Updated package version to 1.14.0 Sat Apr 16 2022 Fabio Alessandro Loca...