46 matches found
AppImage Vim loads libc.so.6 from pwd
Description The appimage distribution of vim loads libc.so.6 from the current directory of the user. An attacker with control of files in a directory where the user uses vim could execute arbritrary code. Proof of Concept Proof of concept will use a malicious libc.so.6 generated with below patch ...
Kraken - A Multi-Platform Distributed Brute-Force Password Cracking System
Kraken is an online distributed brute force password cracking tool. It allows you to parallelize dictionaries and crunch word generator based cracking across multiple machines both as a web app in a web browser and as a standalone electron based client. Kraken aims to be easy to use, fault tolera...
Security update for firejail (important)
openSUSE Security Update: Security update for firejail Announcement ID: openSUSE-SU-2022:0037-1 Rating: important References: 1195880 Affected Products: openSUSE Backports SLE-15-SP3 An update that contains security fixes can now be installed. Description: This update for firejail fixes the...
Unpatched Linux Marketplace Bugs Allow Wormable Attacks, Drive-By RCE
An unpatched stored cross-site-scripting XSS security vulnerability affecting Linux marketplaces could allow unchecked, wormable supply-chain attacks, researchers have found. The bug was found to affect Pling-based markets by researchers at Positive Security, including AppImage Hub, Gnome-Look, K...
CVE-2020-25266
AppImage appimaged before 1.0.3 does not properly check whether a downloaded file is a valid appimage. For example, it will accept a crafted mp3 file that contains an appimage, and install it...
CVE-2020-25266
AppImage appimaged before 1.0.3 does not properly check whether a downloaded file is a valid appimage. For example, it will accept a crafted mp3 file that contains an appimage, and install it...
DEBIAN-CVE-2020-25265
AppImage libappimage before 1.0.3 allows attackers to trigger an overwrite of a system-installed .desktop file by providing a .desktop file that contains Name= with path components...
CVE-2020-25265
AppImage libappimage before 1.0.3 allows attackers to trigger an overwrite of a system-installed .desktop file by providing a .desktop file that contains Name= with path components...
CVE-2020-25265
AppImage libappimage before 1.0.3 allows attackers to trigger an overwrite of a system-installed .desktop file by providing a .desktop file that contains Name= with path components...
CVE-2020-25265
AppImage libappimage before 1.0.3 allows attackers to trigger an overwrite of a system-installed .desktop file by providing a .desktop file that contains Name= with path components...
Design/Logic Flaw
AppImage appimaged before 1.0.3 does not properly check whether a downloaded file is a valid appimage. For example, it will accept a crafted mp3 file that contains an appimage, and install it...
CVE-2020-25266
AppImage appimaged before 1.0.3 does not properly check whether a downloaded file is a valid appimage. For example, it will accept a crafted mp3 file that contains an appimage, and install it...
Path traversal
AppImage libappimage before 1.0.3 allows attackers to trigger an overwrite of a system-installed .desktop file by providing a .desktop file that contains Name= with path components...
UBUNTU-CVE-2020-25266
AppImage appimaged before 1.0.3 does not properly check whether a downloaded file is a valid appimage. For example, it will accept a crafted mp3 file that contains an appimage, and install it...
UBUNTU-CVE-2020-25265
AppImage libappimage before 1.0.3 allows attackers to trigger an overwrite of a system-installed .desktop file by providing a .desktop file that contains Name= with path components...
CVE-2020-25266
Summary (CVE-2020-25266) : The vulnerability affects AppImage: libappimage? actually AppImage’s appimaged before version 1.0.3. The issue is that appimaged does not reliably validate that a downloaded file is a genuine AppImage; specifically, it can accept a crafted mp3 file that contains an AppI...
CVE-2020-25266
AppImage appimaged before 1.0.3 does not properly check whether a downloaded file is a valid appimage. For example, it will accept a crafted mp3 file that contains an appimage, and install it...
CVE-2020-25265
AppImage libappimage before 1.0.3 allows attackers to trigger an overwrite of a system-installed .desktop file by providing a .desktop file that contains Name= with path components...
CVE-2020-25265
The CVE-2020-25265 entry concerns AppImage libappimage prior to 1.0.3. It describes a bug where an attacker can cause an overwrite of a system-installed .desktop file by supplying a crafted .desktop file that contains Name= with path components. The impact is described as enabling file overwrite,...
CVE-2020-25265
AppImage libappimage before 1.0.3 allows attackers to trigger an overwrite of a system-installed .desktop file by providing a .desktop file that contains Name= with path components...