Lucene search
+L

227 matches found

RedHat Linux
RedHat Linux
added 2024/11/12 9:8 a.m.6 views

gnome-shell: code execution in portal helper

A vulnerability was found in GNOME Shell. A portal helper can be launched automatically without user confirmation based on the network responses provided by an adversary...

6.5CVSS5.7AI score0.00299EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/10/20 12:0 a.m.6 views

PT-2024-33413 · Infomaniak · Vod Infomaniak

Name of the Vulnerable Software and Affected Versions: VOD Infomaniak versions 1.5.7 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability, which allows an attacker to perform unauthorized actions on the affected system. This problem affects VOD Infomaniak, allowin...

8.8CVSS7.2AI score0.00186EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2024/09/03 12:32 p.m.18 views

CVE-2024-8383

Firefox normally asks for confirmation before asking the operating system to find an application to handle a scheme that the browser does not support. It did not ask before doing so for the Usenet-related schemes news: and snews:. Since most operating systems don't have a trusted newsreader...

7.7AI score0.00637EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/08/13 3:31 p.m.5 views

gnome-shell: code execution in portal helper

A vulnerability was found in GNOME Shell. A portal helper can be launched automatically without user confirmation based on the network responses provided by an adversary...

6.5CVSS5.7AI score0.00299EPSS
Exploits0References5
OSV
OSV
added 2024/07/30 12:7 a.m.12 views

SUSE-SU-2024:2618-1 Security update for gnome-shell

This update for gnome-shell fixes the following issues: - CVE-2024-36472: Fixed portal helper automatically launched without user confirmation bsc1225567...

6.5CVSS6.5AI score0.00299EPSS
Exploits0References3
NVD
NVD
added 2024/07/09 10:15 p.m.45 views

CVE-2024-36676

Incorrect access control in BookStack before v24.05.1 allows attackers to confirm existing system users and perform targeted notification email DoS via public facing forms...

7.5CVSS0.00646EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/07/09 12:0 a.m.14 views

CVE-2024-36676

Incorrect access control in BookStack before v24.05.1 allows attackers to confirm existing system users and perform targeted notification email DoS via public facing forms...

6.9AI score0.00646EPSS
Exploits0References3
CVE
CVE
added 2024/07/09 12:0 a.m.232 views

CVE-2024-36676

The CVE-2024-36676 entry concerns BookStack prior to v24.05.1, where an incorrect access control flaw allows an attacker to confirm existing system users and trigger a targeted notification email DoS via public-facing forms. The vulnerability is documented in multiple sources (e.g., BookStack rel...

7.5CVSS7AI score0.00646EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/02/18 12:0 a.m.24 views

GLSA-202402-20 : Thunar: Arbitrary Code Execution

The remote host is affected by the vulnerability described in GLSA-202402-20 Thunar: Arbitrary Code Execution - An issue was discovered in Thunar before 4.16.7 and 4.17.x before 4.17.2. When called with a regular file as a command-line argument, it delegates to a different program based on the fi...

9.8CVSS8.5AI score0.03101EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/02/05 12:0 a.m.10 views

Mozilla Firefox Input Validation Error Vulnerability

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from an input validation error vulnerability that stems from the fact that QR Code Scanner does not display a user-confirmed URL before opening a website, potentially directing...

6.1CVSS6.6AI score0.00305EPSS
Exploits1References3
Prion
Prion
added 2024/01/23 6:15 p.m.16 views

Default configuration

Tuta is an encrypted email service. In versions prior to 119.10, an attacker can attach an image in a html mail which is loaded from external resource in the default setting, which should prevent loading of external resources. When displaying emails containing external content, they should be...

5CVSS7AI score0.00474EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2024/01/23 5:22 p.m.37 views

CVE-2024-23330 Tuta loads images from external resources

Tuta is an encrypted email service. In versions prior to 119.10, an attacker can attach an image in a html mail which is loaded from external resource in the default setting, which should prevent loading of external resources. When displaying emails containing external content, they should be...

5.3CVSS5.4AI score0.00474EPSS
Exploits1References1
OSV
OSV
added 2024/01/23 5:22 p.m.6 views

CVE-2024-23330 Tuta loads images from external resources

Tuta is an encrypted email service. In versions prior to 119.10, an attacker can attach an image in a html mail which is loaded from external resource in the default setting, which should prevent loading of external resources. When displaying emails containing external content, they should be...

5.3CVSS6.7AI score0.00474EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2024/01/09 12:0 a.m.7 views

PT-2024-1122

Name of the Vulnerable Software and Affected Versions: Microsoft Bluetooth Driver affected versions not specified Description: The issue is related to errors in the representation of information by the user interface in the Microsoft Bluetooth Driver. It allows a remote attacker to conduct spoofi...

6.1CVSS7.1AI score0.0583EPSS
Exploits3References20
NVD
NVD
added 2023/10/30 6:15 p.m.34 views

CVE-2023-21387

In User Backup Manager, there is a possible way to leak a token to bypass user confirmation for backup due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation...

4.4CVSS4.2AI score0.00102EPSS
Exploits0References1
Prion
Prion
added 2023/10/30 6:15 p.m.22 views

Information disclosure

In User Backup Manager, there is a possible way to leak a token to bypass user confirmation for backup due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation...

1.4CVSS4.8AI score0.00102EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/10/30 5:1 p.m.17 views

CVE-2023-21387

In User Backup Manager, there is a possible way to leak a token to bypass user confirmation for backup due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation...

6.3AI score0.00102EPSS
Exploits0References1
NVD
NVD
added 2023/07/13 1:15 a.m.26 views

CVE-2023-21260

In notification access permission dialog box, malicious application can embedded a very long service label that overflow the original user prompt and possibly contains mis-leading information to be appeared as a system message for user confirmation...

5.5CVSS0.00074EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/07/13 12:1 a.m.29 views

CVE-2023-21260

In notification access permission dialog box, malicious application can embedded a very long service label that overflow the original user prompt and possibly contains mis-leading information to be appeared as a system message for user confirmation...

5.8AI score0.00074EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2023/06/02 5:15 p.m.2 views

CVE-2023-25749

Android applications with unpatched vulnerabilities can be launched from a browser using Intents, exposing users to these vulnerabilities. Firefox will now confirm with users that they want to launch an external application before doing so. This bug only affects Firefox for Android. Other version...

4.3CVSS5.9AI score0.00384EPSS
Exploits0References3
Rows per page
Query Builder