NATS-Server 安全漏洞

Nats-Server is a high-performance server open-sourced by Nats for Nats.io, cloud and edge native messaging systems. A security vulnerability exists in NATS-Server versions prior to 2.2.0 through 2.10.27 and prior to 2.11.1, which stems from a lack of access control for JS API requests and could...

TX Text Control .NET Server For ASP.NET Arbitrary File Read / Write

Hej, Let's keep it short ... ===== Intro ===== A "sudo make me a sandwich" security issue has been identified in the TX Text Control .NET Server for ASP.NET1. According to the vendor2, "the most powerful, MS Word compatible document editor that runs in all browsers". Likely all versions are...

TX Text Control .NET Server For ASP.NET Arbitrary File Read / Write

Hej, Let's keep it short ... ===== Intro ===== A "sudo make me a sandwich" security issue has been identified in the TX Text Control .NET Server for ASP.NET1. According to the vendor2, "the most powerful, MS Word compatible document editor that runs in all browsers". Likely all versions are...

Adobe Acrobat < 11.0.17 / 15.006.30198 / 15.017.20050 Multiple Vulnerabilities (APSB16-26) (macOS)

The version of Adobe Acrobat installed on the remote macOS host is a version prior to 11.0.17, 15.006.30198, or 15.017.20050. It is, therefore, affected by multiple vulnerabilities. - Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic...

Adobe Reader < 15.006.30198 / 15.017.20050 Multiple Vulnerabilities (APSB16-26) (macOS)

The version of Adobe Reader installed on the remote macOS host is a version prior to 15.006.30198 or 15.017.20050. It is, therefore, affected by multiple vulnerabilities. - Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before...

BIT-MATTERMOST-2024-39772

Mattermost Desktop App versions =5.8.0 fail to safeguard screen capture functionality which allows an attacker to silently capture high-quality screenshots via JavaScript APIs...

Mattermost Desktop App 安全漏洞

Mattermost Desktop App is a messaging desktop application from Mattermost USA. A security vulnerability exists in Mattermost Desktop App version 5.8.0 and prior versions, which stems from a failure to protect the screen capture functionality. An attacker can exploit the vulnerability to silently...

CVE-2024-29894 Cacti Cross-site Scripting vulnerability when using JavaScript based messaging API

Cacti provides an operational monitoring and fault management framework. Versions of Cacti prior to 1.2.27 contain a residual cross-site scripting vulnerability caused by an incomplete fix for CVE-2023-50250. raisemessagejavascript from lib/functions.php now uses purify.js to fix CVE-2023-50250...

Foxit PDF Editor < 11.2.8 Multiple Vulnerabilities

According to its version, the Foxit PDF Editor application previously named Foxit PhantomPDF installed on the remote Windows host is prior to 11.2.8. It is, therefore affected by multiple vulnerabilities: - A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15356 handles 3D...

XWiki 6.3 < 14.10.15, 15.x < 15.5.1 Information Disclosure Vulnerability (GHSA-7fqr-97j7-jgf4)

Xwiki is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki";...

CVE-2023-42581

Improper URL validation from InstantPlay deeplink in Galaxy Store prior to version 4.5.64.4 allows attackers to execute JavaScript API to access data...

CVE-2023-42581

Improper URL validation from InstantPlay deeplink in Galaxy Store prior to version 4.5.64.4 allows attackers to execute JavaScript API to access data...

CVE-2023-42580

Improper URL validation from MCSLaunch deeplink in Galaxy Store prior to version 4.5.64.4 allows attackers to execute JavaScript API to install APK from Galaxy Store...

Input validation

Improper URL validation from InstantPlay deeplink in Galaxy Store prior to version 4.5.64.4 allows attackers to execute JavaScript API to access data...

Input validation

Improper URL validation from MCSLaunch deeplink in Galaxy Store prior to version 4.5.64.4 allows attackers to execute JavaScript API to install APK from Galaxy Store...

CVE-2023-42581

Improper URL validation from InstantPlay deeplink in Galaxy Store prior to version 4.5.64.4 allows attackers to execute JavaScript API to access data...

CVE-2023-42581

CVE-2023-42581 affects Samsung Galaxy Store’s InstantPlay deeplink. The issue is improper URL validation in the deeplink handling, enabling a JavaScript API to access data and potentially execute code. Public docs point to vulnerable versions prior to 4.5.64.4. ZDI notes remote code execution wit...

CVE-2023-42581

Improper URL validation from InstantPlay deeplink in Galaxy Store prior to version 4.5.64.4 allows attackers to execute JavaScript API to access data...

CVE-2023-42580

Improper URL validation from MCSLaunch deeplink in Galaxy Store prior to version 4.5.64.4 allows attackers to execute JavaScript API to install APK from Galaxy Store...

CVE-2023-42580

CVE-2023-42580 describes improper URL validation in Samsung Galaxy Store’s MCSLaunch deeplink, allowing a JavaScript API to install APKs from Galaxy Store. Affected: Galaxy Store versions before 4.5.64.4. Root cause: URL validation flaw in the deeplink handling. Impact: potential remote code/inst...