Lucene search
K

222 matches found

RedHat Linux
RedHat Linux
added 2023/09/04 3:52 p.m.10 views

Mozilla: XLL file extensions were downloadable without warnings

The Mozilla Foundation Security Advisory describes this flaw as: Excel .xll add-in files did not have a blocklist entry in Firefox's executable blocklist which allowed them to be downloaded without any warning of their potential harm...

4.3CVSS7.1AI score0.00495EPSS
Exploits0References5
Prion
Prion
added 2023/08/10 2:15 a.m.22 views

Authorization

Improper Authorization vulnerability in Samsung Internet prior to version 22.0.0.35 allows physical attacker access downloaded files in Secret Mode without user authentication...

2.1CVSS4.6AI score0.00204EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/08/10 12:0 a.m.3 views

SAMSUNG Internet Security Breach

SAMSUNG Internet is a cell phone application from Samsung South Korea. It provides a browser function. A security vulnerability exists in SAMSUNG Internet version 22.0.0.35, which stems from an improper authorization vulnerability that allows a physical attacker to access downloaded files in a...

4.6CVSS6.4AI score0.00204EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2023/07/25 12:0 a.m.6 views

The vulnerability of Mozilla Firefox’s full-screen notifications allows attackers to perform spoofing attacks.

The vulnerability of Mozilla Firefox’s full-screen notifications is related to the absence of warnings about dangerous actions when loading pop-up windows for downloaded files. Exploiting this vulnerability can allow a remote attacker to carry out spoofing attacks...

7.8CVSS6.8AI score0.00515EPSS
Exploits0References9Affected Software13
OSV
OSV
added 2023/07/24 2:15 p.m.6 views

CVE-2022-28864

An issue was discovered in Nokia NetAct 22 through the Administration of Measurements website section. A malicious user can edit or add the templateName parameter in order to include malicious code, which is then downloaded as a .csv or .xlsx file and executed on a victim machine. Here, the...

8.8CVSS5.8AI score0.00859EPSS
Exploits1References2
OSV
OSV
added 2023/06/02 5:15 p.m.4 views

DEBIAN-CVE-2023-25729

Permission prompts for opening external schemes were only shown for ContentPrincipals resulting in extensions being able to open them without user interaction via ExpandedPrincipals. This could lead to further malicious actions such as downloading files or interacting with software already...

8.8CVSS7.9AI score0.00681EPSS
Exploits0References1
OSV
OSV
added 2023/05/08 8:15 p.m.3 views

CVE-2023-27943

This issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4. Files downloaded from the internet may not have the quarantine flag applied...

5.5CVSS6.7AI score0.00277EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2023/04/14 1:50 p.m.4 views

Mozilla: Files with malicious extensions could have been downloaded unsafely on Linux

The Mozilla Foundation Security Advisory describes this flaw as: Firefox did not properly handle downloads of files ending in .desktop, which can be interpreted to run attacker-controlled commands. This bug only affects Firefox for Linux on certain Distributions. Other operating systems are...

8.8CVSS7.3AI score0.00737EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/04/14 1:44 p.m.4 views

Mozilla: Files with malicious extensions could have been downloaded unsafely on Linux

The Mozilla Foundation Security Advisory describes this flaw as: Firefox did not properly handle downloads of files ending in .desktop, which can be interpreted to run attacker-controlled commands. This bug only affects Firefox for Linux on certain Distributions. Other operating systems are...

8.8CVSS7.3AI score0.00737EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/04/14 1:42 p.m.4 views

Mozilla: Files with malicious extensions could have been downloaded unsafely on Linux

The Mozilla Foundation Security Advisory describes this flaw as: Firefox did not properly handle downloads of files ending in .desktop, which can be interpreted to run attacker-controlled commands. This bug only affects Firefox for Linux on certain Distributions. Other operating systems are...

8.8CVSS7.3AI score0.00737EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2023/04/03 12:0 a.m.7 views

The vulnerability in the full-screen notification mode of the Mozilla Firefox browser on Android operating systems allows a hacker to perform spoofing attacks.

The vulnerability in the full-screen notification mode of the Mozilla Firefox browser on Android operating systems relates to the absence of warnings about dangerous actions when loading pop-up windows for downloaded files. Exploiting this vulnerability allows a remote attacker to carry out...

7.6CVSS6.5AI score0.00348EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2023/03/29 7:15 p.m.20 views

Design/Logic Flaw

This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R6700v3 1.0.4.12010.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files...

5.8CVSS8.6AI score0.00339EPSS
Exploits1References2Affected Software24
CNNVD
CNNVD
added 2023/03/27 12:0 a.m.4 views

Apple iOS 和 iPadOS 安全漏洞

Apple iOS and Apple iPadOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices, and Apple iPadOS is an operating system for the iPad tablet computer. A security vulnerability exists in Apple iOS and iPadOS, which arises from the possibility that files download...

5.5CVSS6.6AI score0.00277EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2023/03/27 12:0 a.m.6 views

The vulnerability in the implementation of Google Chrome’s browser extension programming interface allows a perpetrator to circumvent security restrictions.

The vulnerability of Google Chrome’s application programming interface extensions is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to bypass security restrictions by downloading specially created extensions...

5CVSS5.8AI score0.00332EPSS
Exploits0References11Affected Software5
RedHat Linux
RedHat Linux
added 2023/02/20 12:15 p.m.3 views

Mozilla: Extensions could have opened external schemes without user knowledge

The Mozilla Foundation Security Advisory describes this flaw as: Permission prompts for opening external schemes were only shown for ContentPrincipals resulting in extensions being able to open them without user interaction via ExpandedPrincipals. This could lead to further malicious actions such...

8.8CVSS7.3AI score0.00681EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2023/02/20 8:35 a.m.3 views

Mozilla: Extensions could have opened external schemes without user knowledge

The Mozilla Foundation Security Advisory describes this flaw as: Permission prompts for opening external schemes were only shown for ContentPrincipals resulting in extensions being able to open them without user interaction via ExpandedPrincipals. This could lead to further malicious actions such...

8.8CVSS7.3AI score0.00681EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 6:16 a.m.4 views

SUSE CVE-2005-3895

Open Ticket Request System OTRS 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3, when AttachmentDownloadType is set to inline, renders text/html e-mail attachments as HTML in the browser when the queue moderator attempts to download the attachment, which allows remote attackers to execute arbitrary w...

5.8CVSS6.6AI score0.0205EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:31 a.m.2 views

SUSE CVE-2014-1480

The file-download implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 does not properly restrict the timing of button selections, which allows remote attackers to conduct clickjacking attacks, and trigger unintended launching of a downloaded file, via a crafted web site...

4.3CVSS8.4AI score0.02683EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2023/02/15 4:17 a.m.3 views

SUSE CVE-2019-5774

Omission of the .desktop filetype from the Safe Browsing checklist in SafeBrowsing in Google Chrome on Linux prior to 72.0.3626.81 allowed an attacker who convinced a user to download a .desktop file to execute arbitrary code via a downloaded .desktop file...

8.8CVSS9AI score0.01511EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2023/02/15 3:38 a.m.3 views

SUSE CVE-2021-38510

The executable file warning was not presented when downloading .inetloc files, which, due to a flaw in Mac OS, can run commands on a user's computer.Note: This issue only affected Mac OS operating systems. Other operating systems are unaffected.. This vulnerability affects Firefox 94, Thunderbird...

6.1CVSS8.6AI score0.00999EPSS
Exploits0References11
Rows per page
Query Builder