Malicious code in jfrog-docker-desktop-extension (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2b2db670bc2926b7aa07755c4117f98356231c45c33e8855fdd90de133d0e2e2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Mozilla: Files with malicious extensions could have been downloaded unsafely on Linux

The Mozilla Foundation Security Advisory describes this flaw as: Firefox did not properly handle downloads of files ending in .desktop, which can be interpreted to run attacker-controlled commands. This bug only affects Firefox for Linux on certain Distributions. Other operating systems are...

SUSE CVE-2016-5605

Unspecified vulnerability in the Oracle VM VirtualBox component before 5.1.4 in Oracle Virtualization allows remote attackers to affect confidentiality and integrity via vectors related to VRDE...

Command injection

GNOME Nautilus before 3.23.90 allows attackers to spoof a file type by using the .desktop file extension, as demonstrated by an attack in which a .desktop file's Name field ends in .pdf but this file's Exec field launches a malicious "sh -c" command. In other words, Nautilus provides no UI...

CVE-2017-14604

GNOME Nautilus before 3.23.90 allows attackers to spoof a file type by using the .desktop file extension, as demonstrated by an attack in which a .desktop file's Name field ends in .pdf but this file's Exec field launches a malicious "sh -c" command. In other words, Nautilus provides no UI...

CVE-2017-14604

GNOME Nautilus before 3.23.90 is vulnerable to spoofing a file type via the .desktop extension, allowing a .desktop file (e.g., named as something.pdf) whose Exec launches a malicious command to be displayed as a safe document. The attack depends on the file having execute permissions, and Nautil...

GNOME Nautilus File Type Spoofing Vulnerability

GNOME Nautilus is a file manager for the GNOME desktop environment. A security vulnerability exists in GNOME Nautilus versions prior to 3.23.90. An attacker can exploit this vulnerability by spoofing file types using the .desktop file extension...

CVE-2016-5605

Unspecified vulnerability in the Oracle VM VirtualBox component before 5.1.4 in Oracle Virtualization allows remote attackers to affect confidentiality and integrity via vectors related to VRDE...

Oracle VirtualBox VRDE Privilege Escalation Vulnerability - Mac OS X

Oracle VirtualBox is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Oracle VirtualBox VRDE Privilege Escalation Vulnerability - Windows

Oracle VirtualBox is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Oracle VM VirtualBox 5.0.x < 5.0.28 / 5.1.x < 5.1.8 Multiple Vulnerabilities (October 2016 CPU)

The version of the Oracle VM VirtualBox application installed on the remote host is 5.0.x prior to 5.0.28 or 5.1.x prior to 5.1.8. It is, therefore, affected by multiple vulnerabilities : - Multiple unspecified flaws exist in the Core subcomponent that allow a local attacker to gain elevated...

[SECURITY] Fedora 10 Update: mugshot-1.2.2-11.fc10

Mugshot works with the server at mugshot.org to extend the panel, web browser, music player and other parts of the desktop with a "live social experience" and interoperation with online services you and your friends use. It's fun and easy...