EUVD-2023-32624

Malicious code in bioql PyPI...

GHSA-G9F5-X53J-H563 Prevent GitHub CLI and extensions from executing arbitrary commands from compromised GitHub Enterprise Server

Summary A security vulnerability has been identified in go-gh where an attacker-controlled GitHub Enterprise Server could result in executing arbitrary commands on a user's machine by replacing HTTP URLs provided by GitHub with local file paths for browsing. Details The GitHub CLI and CLI...

USN-5549-1: Django vulnerability

It was discovered that Django incorrectly handled certain FileResponse. An attacker could possibly use this issue to expose sensitive information or gain access over user machine...

USN-5549-1 python-django vulnerability

It was discovered that Django incorrectly handled certain FileResponse. An attacker could possibly use this issue to expose sensitive information or gain access over user machine...

CVE-2021-36334

Dell EMC CloudLink 7.1 and all prior versions contain a CSV formula Injection Vulnerability. A remote high privileged attacker, may potentially exploit this vulnerability, leading to arbitrary code execution on end user machine...

Information Disclosure

firefox is vulnerable to information disclosure. The vulnerability exists as internal network hosts, and services running on the user's local machine, could have been probed by a malicious webpage...

Mozilla: Internal network hosts could have been probed by a malicious webpage

The Mozilla Foundation Security Advisory describes this flaw as: Using techniques that built on the slipstream research, a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine...

UBUNTU-CVE-2019-11249

The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the container to create a tar archive, copies it over the network, and kubectl unpacks it on the user’s machine. If the tar binary in the container is...

CVE-2019-11249

The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the container to create a tar archive, copies it over the network, and kubectl unpacks it on the user’s machine. If the tar binary in the container is...

CVE-2019-11246

The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the container to create a tar archive, copies it over the network, and kubectl unpacks it on the user’s machine. If the tar binary in the container is...

LinkedIn IE工具栏IEContextMenu控件远程溢出漏洞

BUGTRAQ ID: 25032 LinkedIn是一个联网工具，帮助用户在线寻找各类工作或业务联系人。 LinkedIn的IEToolbar.IEContextMenu.1 ActiveX控件实现上存在缓冲区溢出漏洞，远程攻击者可能利用此漏洞控制用户机器。 LinkedIn工具栏的IEToolbar.IEContextMenu.1（LinkedInIEToolbar.dll）控件在处理Search方式时将VARIANT用作了varBrowser参数，如果用户受骗访问了恶意网页的话就可能触发缓冲区溢出，导致在用户浏览器会话中执行任意指令。 LinkedIn IE Toolbar...

Mozilla Firefox JavaScript窃取键盘动作漏洞

Mozilla Firefox是一款流行的开源WEB浏览器。 Firefox在处理用户文件上传时存在漏洞，远程恶意网站可能利用此漏洞非授权获取用户机器上的文件。 在所有现代的浏览器中用于向远程服务器上传用户指定文件的INPUT TYPE=FILE表单字段都受到了额外的保护，以防止脚本随意的选择将要发送的文件，或未经用户确认自动提交表单。例如，无法设置或更改.value参数，任何对.type的更改都会重置字段的内容。 但Firefox允许恶意脚本将精心选择的用户键盘动作重新定向到隐藏的文件上传字段，以构建特殊的文件名，然后提交表单。...

Microsoft Visual C++ (.RC)资源文件远程栈溢出漏洞

Microsoft Visual C++是基于Windows平台的C++编译器。 Microsoft Visual C++资源编译器RCDLL.DLL模块的MSDEV.EXE进程在处理.rc资源文件时存在栈溢出漏洞，远程攻击者可能利用此漏洞通过诱骗用户打开恶意资源文件来控制用户机器。 在处理类似于以下的文件名字段时： 1 TYPELIB MOVEABLE PURE "FilePath01"...

Apple Quicktime RTSP畸形URL处理缓冲区溢出漏洞

Apple QuickTime是一款流行的多媒体播放器，支持多种媒体格式。 Apple QuickTime在处理畸形的RTSP协议URL时存在缓冲区溢出漏洞，远程攻击者可能利用此漏洞在用户机器上执行任意指令。 Apple QuickTime在处理带超长“src”参数的RTSP协议的URL串时存在栈缓冲区溢出漏洞，远程攻击者可以通过构造类似“rtsp://any character:256 bytes”的URL串诱使用户点击，系统调用QuickTime处理时导致溢出发生，执行攻击者的任意指令。 Apple QuickTime Player 7.x 临时解决方法：...