790 matches found
KLA78978 Multiple vulnerabilities in Microsoft Developer Tools
Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, obtain sensitive information, bypass security restrictions. Below is a complete list of vulnerabilities: 1. A remote code execution...
[SECURITY] Fedora 40 Update: python3.9-3.9.21-1.fc40
Python 3.9 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.9, see other distributions that support it, such as CentOS or RHEL or older Fedo...
KLA78026 ACE vulnerability in Microsoft Developer Tools
A remote code vulnerability was found in Microsoft Developer Tools. Malicious users can exploit this vulnerability to execute arbitrary code. Original advisories CVE-2024-49063 Related products Microsoft-Dynamics-365 CVE list CVE-2024-49063 high Solution Install necessary updates from the KB...
KLA77107 Multiple vulnerabilities in Microsoft Developer Tools
Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, gain privileges. Below is a complete list of vulnerabilities: 1. A remote code execution vulnerability in .NET and Visual Studio...
Supply Chain Attacks Can Exploit Entry Points in Python, npm, and Open-Source Ecosystems
Cybersecurity researchers have found that entry points could be abused across multiple programming ecosystems like PyPI, npm, Ruby Gems, NuGet, Dart Pub, and Rust Crates to stage software supply chain attacks. "Attackers can leverage these entry points to execute malicious code when specific...
Cybercriminals Use Unicode to Hide Mongolian Skimmer in E-Commerce Platforms
Cybersecurity researchers have shed light on a new digital skimmer campaign that leverages Unicode obfuscation techniques to conceal a skimmer dubbed Mongolian Skimmer. "At first glance, the thing that stood out was the script's obfuscation, which seemed a bit bizarre because of all the accented...
KLA73906 Multiple vulnerabilities in Microsoft Developer Tools
Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: 1. An elevation of privilege vulnerability in Visual C++...
CVE-2024-7259 Ovirt-engine: potential exposure of cleartext provider passwords via web ui
A flaw was found in oVirt. A user with administrator privileges, including users with the ReadOnlyAdmin permission, may be able to use browser developer tools to view Provider passwords in cleartext...
CVE-2024-7259
The CVE-2024-7259 entry covers a vulnerability in oVirt-engine where an administrator (including ReadOnlyAdmin) can view provider credentials in cleartext via browser developer tools. Affected product: oVirt-engine (as described in CVE context); root cause: exposure of provider passwords via the ...
PT-2024-38216 · Ovirt · Ovirt
Name of the Vulnerable Software and Affected Versions: oVirt affected versions not specified Description: A flaw was found in oVirt, allowing a user with administrator privileges, including those with the ReadOnlyAdmin permission, to potentially view Provider passwords in cleartext using browser...
oVirt Node 安全漏洞
oVirt Node is an open source virtualization management platform. A security vulnerability exists in oVirt Node that stems from the fact that a user with administrator privileges may be able to view provider passwords in plaintext using browser developer tools...
RHSA-2023:1064 Red Hat Security Advisory: OpenShift Developer Tools and Services for OCP 4.12 security update
Bulletin has no description...
mozilla: Internal event interfaces were exposed to web content when browser EventHandler listener callbacks ran
The Mozilla Foundation's Security Advisory: Internal browser event interfaces were exposed to web content when privileged EventHandler listener callbacks ran for those events. Web content that tried to use those interfaces would not be able to use them with elevated privileges, but their presence...
mozilla: Internal event interfaces were exposed to web content when browser EventHandler listener callbacks ran
The Mozilla Foundation's Security Advisory: Internal browser event interfaces were exposed to web content when privileged EventHandler listener callbacks ran for those events. Web content that tried to use those interfaces would not be able to use them with elevated privileges, but their presence...
mozilla: Internal event interfaces were exposed to web content when browser EventHandler listener callbacks ran
The Mozilla Foundation's Security Advisory: Internal browser event interfaces were exposed to web content when privileged EventHandler listener callbacks ran for those events. Web content that tried to use those interfaces would not be able to use them with elevated privileges, but their presence...
KLA71478 Multiple vulnerabilities in Microsoft Developer Tools
Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, obtain sensitive information. Below is a complete list of vulnerabilities: 1. A denial of service vulnerability in .NET and Visua...
CVE-2024-6612
CSP violations generated links in the console tab of the developer tools, pointing to the violating resource. This caused a DNS prefetch which leaked that a CSP violation happened. This vulnerability affects Firefox 128 and Thunderbird 128...
CVE-2024-6612
CSP violations generated links in the console tab of the developer tools, pointing to the violating resource. This caused a DNS prefetch which leaked that a CSP violation happened. This vulnerability affects Firefox 128 and Thunderbird 128...
CVE-2024-6612
CSP violations generated links in the console tab of the developer tools, pointing to the violating resource. This caused a DNS prefetch which leaked that a CSP violation happened. This vulnerability affects Firefox 128 and Thunderbird 128...
CVE-2024-6612
CVE-2024-6612 describes a CSP violation leakage in devtools that caused DNS prefetching to reveal the CSP violation. Credible sources in the provided connected documents show impact on Mozilla Firefox and Thunderbird when running versions older than 128. The vulnerability is an information disclo...