CVE-2023-4581

Excel .xll add-in files did not have a blocklist entry in Firefox's executable blocklist which allowed them to be downloaded without any warning of their potential harm. This vulnerability affects Firefox 117, Firefox ESR 102.15, Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2...

Exploit for Code Injection in Apache Commons_Text

Quickstart bash sudo apt install golang To run like...

Mozilla: XLL file extensions were downloadable without warnings

The Mozilla Foundation Security Advisory describes this flaw as: Excel .xll add-in files did not have a blocklist entry in Firefox's executable blocklist which allowed them to be downloaded without any warning of their potential harm...

Oracle Linux 6 : glibc (ELSA-2011-1526)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2011-1526 advisory. - Report write error in addmnt even for cached streams 688980, CVE-2011-1089 Tenable has extracted the preceding description block directly from the...

PT-2023-25852 · Atera · Atera

Name of the Vulnerable Software and Affected Versions: Atera affected versions not specified Description: The issue arises from the C:WindowsTempAgent.Package.AvailabilityAgent.Package.Availability.exe file being automatically launched as SYSTEM when the system reboots. Since the...

CVE-2023-32162

Wacom Drivers for Windows Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Wacom Drivers for Windows. An attacker must first obtain the ability to execute low-privileged code on...

Multiple vulnerabilities in CGIs of PMailServer and PMailServer2

Overview CGIs included with PMailServer and PMailServer2 provided by A.K.I Software contain multiple vulnerabilities listed below. Stored cross-site scripting vulnerability CWE-79 - CVE-2023-39223 Insufficient verification vulnerability in Broadcast Mail CGI pmc.exe CWE-434 - CVE-2023-39933...

Mozilla: XLL file extensions were downloadable without warnings

The Mozilla Foundation Security Advisory describes this flaw as: Excel .xll add-in files did not have a blocklist entry in Firefox's executable blocklist which allowed them to be downloaded without any warning of their potential harm...

Mozilla: XLL file extensions were downloadable without warnings

The Mozilla Foundation Security Advisory describes this flaw as: Excel .xll add-in files did not have a blocklist entry in Firefox's executable blocklist which allowed them to be downloaded without any warning of their potential harm...

Mozilla: XLL file extensions were downloadable without warnings

The Mozilla Foundation Security Advisory describes this flaw as: Excel .xll add-in files did not have a blocklist entry in Firefox's executable blocklist which allowed them to be downloaded without any warning of their potential harm...

Mozilla: XLL file extensions were downloadable without warnings

The Mozilla Foundation Security Advisory describes this flaw as: Excel .xll add-in files did not have a blocklist entry in Firefox's executable blocklist which allowed them to be downloaded without any warning of their potential harm...

Mozilla: XLL file extensions were downloadable without warnings

The Mozilla Foundation Security Advisory describes this flaw as: Excel .xll add-in files did not have a blocklist entry in Firefox's executable blocklist which allowed them to be downloaded without any warning of their potential harm...

Mozilla: XLL file extensions were downloadable without warnings

The Mozilla Foundation Security Advisory describes this flaw as: Excel .xll add-in files did not have a blocklist entry in Firefox's executable blocklist which allowed them to be downloaded without any warning of their potential harm...

CVE-2023-31169

An Improper Handling of Unicode Encoding vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated...

GHSA-95RP-6GQP-6622 Command Injection Vulnerability in find-exec

Older versions of the package are vulnerable to Command Injection as an attacker controlled parameter. As a result, attackers may run malicious commands. For example: const find = require"find-exec"; find"mplayer; touch hacked" This creates a file named "hacked" on the filesystem. You should neve...

GitPython untrusted search path on Windows systems leading to arbitrary code execution

Summary When resolving a program, Python/Windows look for the current working directory, and after that the PATH environment see big warning in https://docs.python.org/3/library/subprocess.htmlpopen-constructor. GitPython defaults to use the git command, if a user runs GitPython from a repo has a...

GHSA-WFM5-V35H-VWF4 GitPython untrusted search path on Windows systems leading to arbitrary code execution

Summary When resolving a program, Python/Windows look for the current working directory, and after that the PATH environment see big warning in https://docs.python.org/3/library/subprocess.htmlpopen-constructor. GitPython defaults to use the git command, if a user runs GitPython from a repo has a...

CVE-2023-40590

A flaw was found in Python/Windows. When resolving a program, it looks for the current working directory followed by the PATH environment. GitPython defaults to use the git command if a user runs GitPython from a repo, has a git.exe, or git executable, that program will run instead of the one in...

Security Vulnerabilities fixed in Firefox 117 — Mozilla

When receiving rendering data over IPC mStream could have been destroyed when initialized, which could have led to a use-after-free causing a potentially exploitable crash. When creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been create...

CVE-2023-40590

GitPython is a python library used to interact with Git repositories. When resolving a program, Python/Windows look for the current working directory, and after that the PATH environment. GitPython defaults to use the git command, if a user runs GitPython from a repo has a git.exe or git...