Advisories

Summary: Product Obsidian Vendor Obsidian Severity High Affected Versions Obsidian < 1.2.8 Tested Versions Obsidian 1.1.16 CVE Identifier CVE-2023-2110 CVE Description Improper path handling in Obsidian desktop before 1.2.8 on Windows, Linux and macOS allows a crafted webpage to access local files and exfiltrate them to remote web servers via “app://local/<absolute-path>”. This vulnerability can be exploited if a user opens a malicious markdown file in Obsidian, or copies text from a malicious webpage and paste it into Obsidian....

Summary: Product Typora Vendor Typora Severity Medium Affected Versions Typora for Windows/Linux < 1.6.7 Tested Versions Typora for Windows 1.5.12, Typora for Linux 1.5.10 CVE Identifier CVE-2023-2316 CVE Description Improper path handling in Typora before 1.6.7 on Windows and Linux allows a crafted webpage to access local files and exfiltrate them to remote web servers via “typora://app/<absolute-path>”....

Summary: Product Typora Vendor Typora Severity High Affected Versions Typora for Windows/Linux < 1.6.7 Tested Versions Typora for Windows 1.5.12, Typora for Linux 1.5.10 CVE Identifier CVE-2023-2317 CVE Description DOM-based XSS in updater/update.html in Typora before 1.6.7 on Windows and Linux allows a crafted markdown file to run arbitrary JavaScript code in the context of Typora main window via loading “typora://app/typemark/updater/update....

Summary: Product MarkText Vendor MarkText Severity High Affected Versions MarkText <= 0.17.1 Tested Versions MarkText 0.17.1 CVE Identifier CVE-2023-2318 CVE Description DOM-based XSS in src/muya/lib/contentState/pasteCtrl.js in MarkText 0.17.1 and before on Windows, Linux and macOS allows arbitrary JavaScript code to run in the context of MarkText main window. This vulnerability can be exploited if a user copies text from a malicious webpage and paste it into MarkText....

Summary: Product Typora Vendor Typora Severity Medium Affected Versions Typora for Windows/Linux < 1.7.0-dev Tested Versions Typora for Windows 1.6.7, Typora for Linux 1.6.6 CVE Identifier CVE-2023-2971 CVE Description Improper path handling in Typora before 1.7.0-dev on Windows and Linux allows a crafted webpage to access local files and exfiltrate them to remote web servers via “typora://app/typemark/”....

Summary Product Razer CentralService Vendor Razer Severity High - Adversaries may exploit software vulnerabilities to obtain privilege escalation. Affected Versions Razer Central 7.11.0.558 and below Tested Versions Razer Central 7.8.0.381 to 7.11.0.558 CVE Identifier CVE-2023-3513 CVSS3.1 Scoring System Base Score: 7.8 (High) Vector String: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Metric Value Attack Vector (AV) Local Attack Complexity (AC) Low Privileges Required (PR) low User Interaction (UI) None Scope (S) Unchanged Confidentiality (C) High Integrity (I) High Availability (A) High Product Overview Razer Synapse 3 is a software suite developed by Razer, a leading gaming hardware manufacturer....

Summary Product Razer CentralService Vendor Razer Severity High - Adversaries may exploit software vulnerabilities to obtain privilege escalation. Affected Versions Razer Central 7.11.0.558 and below Tested Versions Razer Central 7.8.0.381 to 7.11.0.558 CVE Identifier CVE-2023-3514 CVSS3.1 Scoring System Base Score: 7.8 (High) Vector String: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Metric Value Attack Vector (AV) Local Attack Complexity (AC) Low Privileges Required (PR) low User Interaction (UI) None Scope (S) Unchanged Confidentiality (C) High Integrity (I) High Availability (A) High Product Overview Razer Synapse 3 is a software suite developed by Razer, a leading gaming hardware manufacturer....