Lucene search
K

2002 matches found

Github Security Blog
Github Security Blog
added 2026/05/28 7:55 p.m.13 views

nono: Sandbox escape on Linux via D-Bus: `systemd-run --user`

Summary The nono Landlock/seccomp policies allow access to local Unix domain sockets concrete and abstract. This allows an easy sandbox escape by talking to the per-user systemd dbus socket. Threat scenario: Running Aider, Claude Code, OpenCode or similar tools with "allow bash" policy so that it...

6AI score0.00012EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.12 views

PT-2026-44549

Summary The nono Landlock/seccomp policies allow access to local Unix domain sockets concrete and abstract. This allows an easy sandbox escape by talking to the per-user systemd dbus socket. Threat scenario: Running Aider, Claude Code, OpenCode or similar tools with "allow bash" policy so that it...

6.1CVSS6AI score0.00012EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.25 views

PT-2026-44372

Name of the Vulnerable Software and Affected Versions qSnapper versions prior to 1.3.3 Description A time-to-check-time-of-use TOCTOU issue in the polkit authentication of qSnapper allows a local attacker to bypass the authentication mechanism. This can enable the attacker to perform operations...

8.1CVSS5.9AI score0.00136EPSS
Exploits0References7
Ubuntu
Ubuntu
added 2026/05/27 5:43 p.m.17 views

USN-8326-1: Foomuuri vulnerabilities

Matthias Gerstner discovered that Foomuuri's D-Bus service did not properly enforce authorization. An unprivileged local attacker could possibly use this issue to manipulate the firewall configuration, contrary to expectations. CVE-2025-67603 Matthias Gerstner discovered that Foomuuri's D-Bus...

7CVSS5.8AI score0.00171EPSS
Exploits0
OSV
OSV
added 2026/05/26 6:25 p.m.10 views

USN-8167-2 xdg-dbus-proxy vulnerability

USN-8167-1 fixed a vulnerability in xdg-dbus-proxy. This update provides the corresponding update for Ubuntu 20.04 LTS. Original advisory details: It was discovered that xdg-dbus-proxy incorrectly handled eavesdropping in policy rules. A local attacker could possibly use this issue to intercept...

6.8CVSS5.8AI score0.00175EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2026/05/26 6:25 p.m.18 views

USN-8167-2: xdg-dbus-proxy vulnerability

USN-8167-1 fixed a vulnerability in xdg-dbus-proxy. This update provides the corresponding update for Ubuntu 20.04 LTS. Original advisory details: It was discovered that xdg-dbus-proxy incorrectly handled eavesdropping in policy rules. A local attacker could possibly use this issue to intercept...

6.8CVSS5.8AI score0.00175EPSS
Exploits0
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.14 views

PCManFM-Qt 安全漏洞

PCManFM-Qt is an open-source file manager based on Qt, developed by LXQt. Versions of PCManFM-Qt 1.1.0 and later contain security vulnerabilities. These vulnerabilities arise when regular file paths are passed as URIs to the org.freedesktop.FileManager1.ShowFolders D-Bus method call. In such case...

9.3CVSS5.8AI score0.00181EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Flatpak

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.4 and 1.12.0, Flatpak applications that had direct access to AFUNIX sockets—such as those used by Wayland, Pipewire, or pipewire-pulse—could trick portals and other host-...

8.8CVSS6.7AI score0.00406EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/05/20 2:20 a.m.121 views

Exploit for CVE-2026-46333

ptracemaydream CVE-2026-46333 Local privilege escalation e...

5.5CVSS5.8AI score0.0138EPSS
Exploits6
OSV
OSV
added 2026/05/15 1:59 p.m.10 views

OESA-2026-2287 xdg-dbus-proxy security update

xdg-dbus-proxy is a filtering proxy for D-Bus connections. It was originally part of the flatpak project, but it has been broken out as a standalone module to facilitate using it in other contexts. Security Fixes: xdg-dbus-proxy is a filtering proxy for D-Bus connections. Prior to 0.1.7, a policy...

6.8CVSS5.8AI score0.00175EPSS
Exploits0References2
OSV
OSV
added 2026/05/15 1:59 p.m.8 views

OESA-2026-2286 xdg-dbus-proxy security update

xdg-dbus-proxy is a filtering proxy for D-Bus connections. It was originally part of the flatpak project, but it has been broken out as a standalone module to facilitate using it in other contexts. Security Fixes: xdg-dbus-proxy is a filtering proxy for D-Bus connections. Prior to 0.1.7, a policy...

6.8CVSS5.8AI score0.00175EPSS
Exploits0References2
OSV
OSV
added 2026/05/09 12:30 p.m.11 views

OESA-2026-2214 xdg-dbus-proxy security update

xdg-dbus-proxy is a filtering proxy for D-Bus connections. It was originally part of the flatpak project, but it has been broken out as a standalone module to facilitate using it in other contexts. Security Fixes: xdg-dbus-proxy is a filtering proxy for D-Bus connections. Prior to 0.1.7, a policy...

6.8CVSS5.8AI score0.00175EPSS
Exploits0References2
OSV
OSV
added 2026/05/09 12:30 p.m.9 views

OESA-2026-2213 xdg-dbus-proxy security update

xdg-dbus-proxy is a filtering proxy for D-Bus connections. It was originally part of the flatpak project, but it has been broken out as a standalone module to facilitate using it in other contexts. Security Fixes: xdg-dbus-proxy is a filtering proxy for D-Bus connections. Prior to 0.1.7, a policy...

6.8CVSS5.8AI score0.00175EPSS
Exploits0References2
OSV
OSV
added 2026/05/09 12:30 p.m.11 views

OESA-2026-2212 xdg-dbus-proxy security update

xdg-dbus-proxy is a filtering proxy for D-Bus connections. It was originally part of the flatpak project, but it has been broken out as a standalone module to facilitate using it in other contexts. Security Fixes: xdg-dbus-proxy is a filtering proxy for D-Bus connections. Prior to 0.1.7, a policy...

6.8CVSS5.8AI score0.00175EPSS
Exploits0References2
Fedora
Fedora
added 2026/04/30 1:30 a.m.6 views

[SECURITY] Fedora 42 Update: xdg-dbus-proxy-0.1.7-1.fc42

xdg-dbus-proxy is a filtering proxy for D-Bus connections. It was originally part of the flatpak project, but it has been broken out as a standalone module to facilitate using it in other contexts...

6.8CVSS5.2AI score0.00175EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/04/30 12:0 a.m.7 views

Fedora 42 : xdg-dbus-proxy (2026-adc66b374a)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-adc66b374a advisory. Update the package, including fix for CVE-2026-34080. See also: upstream security advisory Tenable has extracted the preceding description block directly fro...

6.8CVSS5.4AI score0.00175EPSS
Exploits0References2
Fedora
Fedora
added 2026/04/28 1:0 a.m.8 views

[SECURITY] Fedora 43 Update: PackageKit-1.3.4-3.fc43

PackageKit is a D-Bus abstraction layer that allows the session user to manage packages in a secure way using a cross-distro, cross-architecture API...

5.3AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/04/28 12:0 a.m.13 views

RHEL 10 : yggdrasil (RHSA-2026:11375)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:11375 advisory. yggdrasil is a system daemon that subscribes to topics on an MQTT broker and routes any data received on the topics to an appropriate child worker...

7.5CVSS7.9AI score0.00728EPSS
Exploits0References4
OSV
OSV
added 2026/04/26 12:0 a.m.8 views

OPENSUSE-SU-2026:10625-1 xdg-dbus-proxy-0.1.7-1.1 on GA media

These are all security issues fixed in the xdg-dbus-proxy-0.1.7-1.1 package on the GA media of openSUSE Tumbleweed...

6.8CVSS5.3AI score0.00175EPSS
Exploits0References1
Fedora
Fedora
added 2026/04/25 1:57 a.m.9 views

[SECURITY] Fedora 44 Update: xdg-dbus-proxy-0.1.7-1.fc44

xdg-dbus-proxy is a filtering proxy for D-Bus connections. It was originally part of the flatpak project, but it has been broken out as a standalone module to facilitate using it in other contexts...

6.8CVSS5.2AI score0.00175EPSS
Exploits0
Rows per page
Query Builder