Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via the ACP permission resolution process. An attacker can bypass security prompting by providing conflicting tool identity hints in rawInput and metadata, which c...

EUVD-2016-7611

Malware in sbrugna...

Mozilla Thunderbird < 115.14

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 115.14. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-38 advisory. - Unexpected marking work at the start of sweeping could have led to a use-after-free. CVE-2024-7527 -...

Security Vulnerabilities fixed in Firefox ESR 128.1 — Mozilla

Select options could obscure the fullscreen notification dialog. This could be used by a malicious site to perform a spoofing attack. Insufficient checks when processing graphics shared memory could have led to memory corruption. This could be leveraged by an attacker to perform a sandbox escape....

Security Vulnerabilities fixed in Thunderbird 115.14 — Mozilla

Insufficient checks when processing graphics shared memory could have led to memory corruption. This could be leveraged by an attacker to perform a sandbox escape. Incomplete WebAssembly exception handing could have led to a use-after-free. Editor code failed to check an attribute value. This cou...

CVE-2024-40834

This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. A shortcut may be able to bypass sensitive Shortcuts app settings...

CVE-2024-27792

This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Sonoma 14.4. An app may be able to access user-sensitive data...

CVE-2024-3098

A vulnerability was identified in the executils class of the llamaindex package, specifically within the safeeval function, allowing for prompt injection leading to arbitrary code execution. This issue arises due to insufficient validation of input, which can be exploited to bypass method...

SUSE CVE-2010-4579

Opera before 11.00 does not properly constrain dialogs to appear on top of rendered documents, which makes it easier for remote attackers to trick users into interacting with a crafted web site that spoofs the 1 security information dialog or 2 download dialog...

Threat Actors Eyeing IQY Files To Peddle Malspam

More threat actors are pushing weaponized Excel web query IQY files to deliver malicious code – as seen in recent campaigns by several major malspam distributors. Researchers at IBM X-Force this week disclosed that both the Necurs Botnet, as well as DarkHydrus and the threat actor behind the Mara...

CVE-2016-6708

An elevation of privilege in the System UI in Android 7.0 before 2016-11-01 could enable a local malicious user to bypass the security prompt of your work profile in Multi-Window mode. This issue is rated as High because it is a local bypass of user interaction requirements for any developer or...

CVE-2016-6708

An elevation of privilege in the System UI in Android 7.0 before 2016-11-01 could enable a local malicious user to bypass the security prompt of your work profile in Multi-Window mode. This issue is rated as High because it is a local bypass of user interaction requirements for any developer or...

Privilege escalation

An elevation of privilege in the System UI in Android 7.0 before 2016-11-01 could enable a local malicious user to bypass the security prompt of your work profile in Multi-Window mode. This issue is rated as High because it is a local bypass of user interaction requirements for any developer or...

UBUNTU-CVE-2016-6708

An elevation of privilege in the System UI in Android 7.0 before 2016-11-01 could enable a local malicious user to bypass the security prompt of your work profile in Multi-Window mode. This issue is rated as High because it is a local bypass of user interaction requirements for any developer or...

CVE-2016-6708

An elevation of privilege in the System UI in Android 7.0 before 2016-11-01 could enable a local malicious user to bypass the security prompt of your work profile in Multi-Window mode. This issue is rated as High because it is a local bypass of user interaction requirements for any developer or...

CVE-2016-6708

An elevation of privilege in the System UI in Android 7.0 before 2016-11-01 could enable a local malicious user to bypass the security prompt of your work profile in Multi-Window mode. This issue is rated as High because it is a local bypass of user interaction requirements for any developer or...

Microsoft IE未初始化内存远程代码执行漏洞（MS10-035）

BUGTRAQ ID: 40410 CVE ID: CVE-2010-1259 Internet Explorer是Windows操作系统中默认捆绑的web浏览器。 Internet Explorer访问尚未正确初始化对象的方式中存在一个远程执行代码漏洞。攻击者可以通过构建特制的网页来利用该漏洞，当用户查看网页时，该漏洞可能允许远程执行代码。成功利用此漏洞的攻击者可以获得与登录用户相同的用户权限。如果用户使用管理用户权限登录，成功利用此漏洞的攻击者便可完全控制受影响的系统。 Microsoft Internet Explorer 8.0 Microsoft Internet Explor...

Windows Telnet credential reflection

Added: 08/12/2009 CVE: CVE-2009-1930 BID: 35993 OSVDB: 56904 Background Microsoft Windows operating systems come with a telnet service. This service prompts a user to provide a login name and password. Following successful authentication, the server displays a shell prompt, allowing the user to r...

RHEL 2.1 / 3 / 4 / 5 : lynx (RHSA-2008:0965)

An updated lynx package that corrects two security issues is now available for Red Hat Enterprise Linux 2.1, 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Lynx is a text-based Web browser. An arbitrary command execution flaw was...

Tencent QQ QQzone WebCtrl Activex空指针引用漏洞

QQ是由Tencent公司开发的一个IM软件，在中国有着非常广泛的用户。幻影旅团的axis发现了一个QQZone的activex漏洞。在使用WebCtrl 方法时，将引用一个空指针，造成ie崩溃。由于该activex没有标记为safe，故会出现安全提示。 在\Tencent\QQ\QZone\TWebCtrl.dll中，使用Navigate方法时，将造成一个空指针引用 051024C0 8B4424 04 MOV EAX,DWORD PTR SS:ESP+4 051024C4 8B5424 08 MOV EDX,DWORD PTR SS:ESP+8 051024C8 6A 00 PUSH...