227 matches found
gnome-shell: code execution in portal helper
A vulnerability was found in GNOME Shell. A portal helper can be launched automatically without user confirmation based on the network responses provided by an adversary...
PT-2024-33413 · Infomaniak · Vod Infomaniak
Name of the Vulnerable Software and Affected Versions: VOD Infomaniak versions 1.5.7 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability, which allows an attacker to perform unauthorized actions on the affected system. This problem affects VOD Infomaniak, allowin...
CVE-2024-8383
Firefox normally asks for confirmation before asking the operating system to find an application to handle a scheme that the browser does not support. It did not ask before doing so for the Usenet-related schemes news: and snews:. Since most operating systems don't have a trusted newsreader...
gnome-shell: code execution in portal helper
A vulnerability was found in GNOME Shell. A portal helper can be launched automatically without user confirmation based on the network responses provided by an adversary...
SUSE-SU-2024:2618-1 Security update for gnome-shell
This update for gnome-shell fixes the following issues: - CVE-2024-36472: Fixed portal helper automatically launched without user confirmation bsc1225567...
CVE-2024-36676
Incorrect access control in BookStack before v24.05.1 allows attackers to confirm existing system users and perform targeted notification email DoS via public facing forms...
CVE-2024-36676
Incorrect access control in BookStack before v24.05.1 allows attackers to confirm existing system users and perform targeted notification email DoS via public facing forms...
CVE-2024-36676
The CVE-2024-36676 entry concerns BookStack prior to v24.05.1, where an incorrect access control flaw allows an attacker to confirm existing system users and trigger a targeted notification email DoS via public-facing forms. The vulnerability is documented in multiple sources (e.g., BookStack rel...
GLSA-202402-20 : Thunar: Arbitrary Code Execution
The remote host is affected by the vulnerability described in GLSA-202402-20 Thunar: Arbitrary Code Execution - An issue was discovered in Thunar before 4.16.7 and 4.17.x before 4.17.2. When called with a regular file as a command-line argument, it delegates to a different program based on the fi...
Mozilla Firefox Input Validation Error Vulnerability
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from an input validation error vulnerability that stems from the fact that QR Code Scanner does not display a user-confirmed URL before opening a website, potentially directing...
Default configuration
Tuta is an encrypted email service. In versions prior to 119.10, an attacker can attach an image in a html mail which is loaded from external resource in the default setting, which should prevent loading of external resources. When displaying emails containing external content, they should be...
CVE-2024-23330 Tuta loads images from external resources
Tuta is an encrypted email service. In versions prior to 119.10, an attacker can attach an image in a html mail which is loaded from external resource in the default setting, which should prevent loading of external resources. When displaying emails containing external content, they should be...
CVE-2024-23330 Tuta loads images from external resources
Tuta is an encrypted email service. In versions prior to 119.10, an attacker can attach an image in a html mail which is loaded from external resource in the default setting, which should prevent loading of external resources. When displaying emails containing external content, they should be...
PT-2024-1122
Name of the Vulnerable Software and Affected Versions: Microsoft Bluetooth Driver affected versions not specified Description: The issue is related to errors in the representation of information by the user interface in the Microsoft Bluetooth Driver. It allows a remote attacker to conduct spoofi...
CVE-2023-21387
In User Backup Manager, there is a possible way to leak a token to bypass user confirmation for backup due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation...
Information disclosure
In User Backup Manager, there is a possible way to leak a token to bypass user confirmation for backup due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation...
CVE-2023-21387
In User Backup Manager, there is a possible way to leak a token to bypass user confirmation for backup due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation...
CVE-2023-21260
In notification access permission dialog box, malicious application can embedded a very long service label that overflow the original user prompt and possibly contains mis-leading information to be appeared as a system message for user confirmation...
CVE-2023-21260
In notification access permission dialog box, malicious application can embedded a very long service label that overflow the original user prompt and possibly contains mis-leading information to be appeared as a system message for user confirmation...
CVE-2023-25749
Android applications with unpatched vulnerabilities can be launched from a browser using Intents, exposing users to these vulnerabilities. Firefox will now confirm with users that they want to launch an external application before doing so. This bug only affects Firefox for Android. Other version...