EUVD-2022-49147

Malicious code in bioql PyPI...

[SECURITY] Fedora 40 Update: perl-Net-OAuth-0.30-1.fc40

Perl implementation of OAuth, an open protocol to allow secure API authentication in a simple and standard method from desktop and web applications. In practical terms, a mechanism for a Consumer to request protected resources from a Service Provider on behalf of a user...

Moderate: Red Hat Security Advisory: libreoffice security update

An update for libreoffice is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update ...

Moderate: Red Hat Security Advisory: libreoffice security update

An update for libreoffice is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

Moderate: Red Hat Security Advisory: libreoffice security update

An update for libreoffice is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

Important: Red Hat Security Advisory: flatpak security update

An update for flatpak is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as...

ALSA-2024:3959 Important: flatpak security update

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fixes: flatpak: sandbox escape via RequestBackground portal CVE-2024-32462 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other relat...

Rocky Linux 9 : flatpak (RLSA-2023:6518)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:6518 advisory. - Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Versions prior to 1.10.8, 1.12.8, 1.14.4, and...

CVE-2023-44402

CVE-2023-44402 concerns Electron where ASAR integrity checks can be bypassed when embeddedAsarIntegrityValidation and onlyLoadAppFromAsar fuses are enabled on macOS. The issue requires an attacker with write access to the app’s filesystem (e.g., the .app bundle) to exploit, potentially allowing l...

Oracle Linux 8 : flatpak (ELSA-2023-7038)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-7038 advisory. 1.10.8-1 - Rebase to 1.10.8 2222103 - Fix CVE-2023-28100 and CVE-2023-28101 2180311 Tenable has extracted the preceding description block directly from...

Electron_Shell - Developing A More Covert Remote Access Trojan (RAT) Tool By Leveraging Electron's Features For Command Injection And Combining It With Remote Control Methods

Electronshell Developing a more covert Remote Access Trojan RAT tool by leveraging Electron's features for command injection and combining it with remote control methods. Read More: AOH 024探索将Shell寄生于Electron程序的自动化实现 Features Supports almost all operating systems mac linux windows Supports almost...

CVE-2023-39956

Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Electron apps that are launched as command line executables are impacted. Specifically this issue can only be exploited if the following conditions are met: 1. The app is launched with...

CVE-2023-23623

Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. A Content-Security-Policy that disables eval, specifically setting a script-src directive and not providing unsafe-eval in that directive, is not respected in renderers that have sandb...

CVE-2023-23623

The CVE-2023-23623 issue is in Electron where a Content-Security-Policy that disables eval (script-src without unsafe-eval) is not respected in renderers with sandbox: false. Affected are Electron 22 and 23 series; the vulnerability can allow unintended use of eval() or new Function, expanding th...

CVE-2023-29198 Context isolation bypass via nested unserializable return value in Electron

Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Electron apps using contextIsolation and contextBridge are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach...

CVE-2023-29198 Context isolation bypass via nested unserializable return value in Electron

Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Electron apps using contextIsolation and contextBridge are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach...

CVE-2023-39956

CVE-2023-39956 affects Electron: out-of-package code execution when an Electron app is launched as a command-line executable with an attacker-controlled working directory and the ability to write files there. Impact is described as low risk by threat-models, but higher due to bypassing protection...

CVE-2023-39956 Electron: Out-of-package code execution when launched with arbitrary cwd

Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Electron apps that are launched as command line executables are impacted. Specifically this issue can only be exploited if the following conditions are met: 1. The app is launched with...

Electron Code Issues Vulnerabilities

Electron is a personal developer of a user to write cross-platform desktop application JavaScript framework. The framework is based on nodejs and Chromium and can be used to write cross-platform desktop applications using HTML, CSS. A code issue vulnerability exists in Electron. An attacker can...

Fedora: Security Advisory for flatpak (FEDORA-2023-9fbc701e0d)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...