215 matches found
Buffer Overflow
Overview electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Buffer Overflow in the Buffer API. An attacker can cause application crashes or trigger incorrect memory allocations by...
[SECURITY] Fedora 42 Update: flatpak-1.16.6-1.fc42
flatpak is a system for building, distributing and running sandboxed desktop applications on Linux. See https://wiki.gnome.org/Projects/SandboxedApps for more information...
EUVD-2011-2581
Malware in sbrugna...
EUVD-2024-41413
Malicious code in bioql PyPI...
EUVD-2022-49147
Malicious code in bioql PyPI...
CVE-2024-46992 Electron ASAR Integrity bypass by just modifying the content
Electron is an open source framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. From versions 30.0.0-alpha.1 to before 30.0.5 and 31.0.0-alpha.1 to before 31.0.0-beta.1, Electron is vulnerable to an ASAR Integrity bypass. This only impacts apps that have the...
Important: Red Hat Security Advisory: libreoffice security update
An update for libreoffice is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...
Important: Red Hat Security Advisory: libreoffice security update
An update for libreoffice is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...
[SECURITY] Fedora 40 Update: perl-Net-OAuth-0.30-1.fc40
Perl implementation of OAuth, an open protocol to allow secure API authentication in a simple and standard method from desktop and web applications. In practical terms, a mechanism for a Consumer to request protected resources from a Service Provider on behalf of a user...
Security update for gtk3
This update for gtk3 fixes the following issues: CVE-2024-6655: Fixed library injection from current working directory bsc1228120. Other fixes: - Updated to version 3.24.43 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or...
Security update for libgsf
This update for libgsf fixes the following issues: CVE-2024-42415, CVE-2024-36474: Fixed integer overflows affecting memory allocation bsc1231282, bsc1231283. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
Moderate: Red Hat Security Advisory: libreoffice security update
An update for libreoffice is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update ...
Moderate: Red Hat Security Advisory: libreoffice security update
An update for libreoffice is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...
Moderate: Red Hat Security Advisory: libreoffice security update
An update for libreoffice is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...
Important: Red Hat Security Advisory: flatpak security update
An update for flatpak is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as...
ALSA-2024:3959 Important: flatpak security update
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fixes: flatpak: sandbox escape via RequestBackground portal CVE-2024-32462 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other relat...
Rocky Linux 9 : flatpak (RLSA-2023:6518)
The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:6518 advisory. - Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Versions prior to 1.10.8, 1.12.8, 1.14.4, and...
CentOS 9 : flatpak-1.12.8-1.el9
The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the flatpak-1.12.8-1.el9 build changelog. - Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Versions prior to 1.10.8, 1.12.8,...
CVE-2023-44402 ASAR Integrity bypass via filetype confusion in electron
Electron is an open source framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. This only impacts apps that have the embeddedAsarIntegrityValidation and onlyLoadAppFromAsar fuses enabled. Apps without these fuses enabled are not impacted. This issue is specifi...
CVE-2023-44402
CVE-2023-44402 concerns Electron where ASAR integrity checks can be bypassed when embeddedAsarIntegrityValidation and onlyLoadAppFromAsar fuses are enabled on macOS. The issue requires an attacker with write access to the app’s filesystem (e.g., the .app bundle) to exploit, potentially allowing l...