MAL-2023-8698 Malicious code in css-hell (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware add41af1a627bb97a8a95ccab38f262f0d07cd937276bb7b10b01d01f4a4478d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in css-hell (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware add41af1a627bb97a8a95ccab38f262f0d07cd937276bb7b10b01d01f4a4478d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

@adobe/css-tools Improper Input Validation and Inefficient Regular Expression Complexity

Impact @adobe/css-tools version 4.3.1 and earlier are affected by an Improper Input Validation vulnerability that could result in a denial of service while attempting to parse CSS. Patches The issue has been resolved in 4.3.2. Workarounds None References N/A...

Google Chrome < 120.0.6099.110 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 120.0.6099.110. It is, therefore, affected by multiple vulnerabilities as referenced in the 202312stable-channel-update-for-desktop12 advisory. - Type confusion in V8 in Google Chrome prior to 120.0.6099.109 allowed a...

Adobe css-tools Input Validation Error Vulnerability

Adobe css-tools is a CSS parser/string generator for Node.js from Adobe USA. An input validation error vulnerability exists in adobe css-tools version 4.3.1 and earlier, which stems from being affected by incorrect input validation and may result in a denial of service when attempting to parse CS...

Fedora 39 : chromium (2023-1fe02ca797)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-1fe02ca797 advisory. update to 120.0.6099.109 - High CVE-2023-6702: Type Confusion in V8 - High CVE-2023-6703: Use after free in Blink - High CVE-2023-6704: Use after fr...

Google Chrome < 120.0.6099.109 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 120.0.6099.109. It is, therefore, affected by multiple vulnerabilities as referenced in the 202312stable-channel-update-for-desktop12 advisory. - Use after free in CSS in Google Chrome prior to 120.0.6099.109 allowed a...

FreeBSD : chromium -- multiple security fixes (502c9f72-99b3-11ee-86bb-a8a1599412c6)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 502c9f72-99b3-11ee-86bb-a8a1599412c6 advisory. - Type Confusion in V8. CVE-2023-6702 - Use after free in Blink. CVE-2023-6703 - Use after fre...

Google Chrome < 120.0.6099.109 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 120.0.6099.109. It is, therefore, affected by multiple vulnerabilities as referenced in the 202312stable-channel-update-for-desktop12 advisory. - Use after free in CSS in Google Chrome prior to 120.0.6099.109 allowed a...

chromium -- multiple security fixes

Chrome Releases reports: This update includes 9 security fixes: 1501326 High CVE-2023-6702: Type Confusion in V8. Reported by Zhiyi Zhang and Zhunki from Codesafe Team of Legendsec at Qi'anxin Group on 2023-11-10 1502102 High CVE-2023-6703: Use after free in Blink. Reported by Cassidy...

Cross site scripting

Electron is an open source framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. This only impacts apps that have the embeddedAsarIntegrityValidation and onlyLoadAppFromAsar fuses enabled. Apps without these fuses enabled are not impacted. This issue is specifi...

CVE-2023-44402

CVE-2023-44402 concerns Electron where ASAR integrity checks can be bypassed when embeddedAsarIntegrityValidation and onlyLoadAppFromAsar fuses are enabled on macOS. The issue requires an attacker with write access to the app’s filesystem (e.g., the .app bundle) to exploit, potentially allowing l...

Regular Expression Denial Of Service (ReDoS)

@adobe/css-tools is vulnerable to Denial Of Service. The vulnerability is due to exponential regex backtracking when parsing CSS in the parse method of src/parse/index.ts, which can result in Denial of Service...

The vulnerability of the CSS parser for Node.js’s css-tools arises from insufficient validation of input data, allowing attackers to trigger a service failure.

The vulnerability of the CSS parser for Node.js’s css-tools is related to insufficient validation of input data. Exploiting this vulnerability could allow a remote attacker to cause service failures...

@bitfoot/theme-ngx-globular (>=0.1.1 <=0.1.15), @dashkite/genie-pug (>=0.1.0 <=0.7.14) +43 more potentially affected by CVE-2023-48631 via @adobe/css-tools (>=4.2.0 <=4.3.1)

@adobe/css-tools NPM version =4.2.0, =0.1.1, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.0.3, =0.1.26, =3.2.0, =3.1.0, =0.1.0, =0.0.1, =0.0.3, =7.5.3, =0.1.0, =0.1.7 and more Source cves: CVE-2023-48631 Source advisory: OSV:GHSA-PRR3-C3M5-P7Q2...

@adobe/css-tools Improper Input Validation and Inefficient Regular Expression Complexity

Impact @adobe/css-tools version 4.3.1 and earlier are affected by an Improper Input Validation vulnerability that could result in a denial of service while attempting to parse CSS. Patches The issue has been resolved in 4.3.2. Workarounds None References N/A...

GHSA-PRR3-C3M5-P7Q2 @adobe/css-tools Improper Input Validation and Inefficient Regular Expression Complexity

Impact @adobe/css-tools version 4.3.1 and earlier are affected by an Improper Input Validation vulnerability that could result in a denial of service while attempting to parse CSS. Patches The issue has been resolved in 4.3.2. Workarounds None References N/A...

Apache Superset Information Disclosure Vulnerability (CNVD-2024-0681549)

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. An information disclosure vulnerability exists in Apache Superset versions prior to 2.1.2, which can be exploited by an authenticated attacker to read configured CSS templates and comments...

Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in PostCSS

Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of PostCSS. Vulnerability Details CVEID: CVE-2023-44270 DESCRIPTION: PostCSS could allow a remote attacker to bypass security restrictions, caused by improper input validaiton. By using a specially...

WordPress Export WP Page to Static HTML/CSS Plugin <= 2.1.9 is vulnerable to Broken Access Control

Software Export WP Page to Static HTML/CSS Type Plugin Vulnerable versions = 2.1.9 Fixed in 2.2.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-6369 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID fad061a3db6e Credits Alex Thomas...