ROS-20220304-01

Vulnerability in snapd's snap packet management daemon, related to insufficient validation of interface snapd content and layout paths. Exploitation of the vulnerability could allow an attacker to enforce arbitrary AppArmor policy rules through a corrupted content interface and layout declaration...

Chromium: CVE-2022-0795 Type Confusion in Blink Layout

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Google launches Chrome 99, fixes 28 vulnerabilities

The Chrome team announced the promotion of Chrome 99 to the stable channel for Windows, Mac and Linux on March 1, 2022. This will roll out over the coming days/weeks. In the desktop version, a total of 28 vulnerabilities were closed. Of these, 11 were classified as high, 15 as medium and two as...

Stable Channel Update for Desktop

The Chrome team is delighted to announce the promotion of Chrome 99 to the stable channel for Windows, Mac and Linux.This will roll out over the coming days/weeks. Chrome 99.0.4844.51 for Windows,Mac and Linux contains a number of fixes and improvements -- a list of changes is available in the lo...

Access Restriction Bypass

Overview Affected versions of this package are vulnerable to Access Restriction Bypass due to failure to perform sufficient validation of snap content interface and layout paths, resulting in the ability for snaps to inject arbitrary AppArmor policy rules via malformed content interface and layou...

Access Restriction Bypass

Overview github.com/snapcore/snapd/interfaces/builtin is a tool enabling systems to work with .snap files Affected versions of this package are vulnerable to Access Restriction Bypass due to failure to perform sufficient validation of snap content interface and layout paths, resulting in the...

Access Restriction Bypass

Overview Affected versions of this package are vulnerable to Access Restriction Bypass due to failure to perform sufficient validation of snap content interface and layout paths, resulting in the ability for snaps to inject arbitrary AppArmor policy rules via malformed content interface and layou...

CVE-2021-4120

snapd 2.54.2 fails to perform sufficient validation of snap content interface and layout paths, resulting in the ability for snaps to inject arbitrary AppArmor policy rules via malformed content interface and layout declarations and hence escape strict snap confinement. Fixed in snapd versions...

DEBIAN-CVE-2021-4120

snapd 2.54.2 fails to perform sufficient validation of snap content interface and layout paths, resulting in the ability for snaps to inject arbitrary AppArmor policy rules via malformed content interface and layout declarations and hence escape strict snap confinement. Fixed in snapd versions...

Design/Logic Flaw

snapd 2.54.2 fails to perform sufficient validation of snap content interface and layout paths, resulting in the ability for snaps to inject arbitrary AppArmor policy rules via malformed content interface and layout declarations and hence escape strict snap confinement. Fixed in snapd versions...

CVE-2021-4120

CVE-2021-4120 affects snapd 2.54.2, where insufficient validation of snap content interface and layout paths allows a snap to inject arbitrary AppArmor policy rules and escape strict snap confinement. The underlying issue is in the content interface and layout declarations, enabling bypass of con...

CVE-2021-4120 snapd could be made to bypass intended access restrictions through snap content interfaces and layout paths

snapd 2.54.2 fails to perform sufficient validation of snap content interface and layout paths, resulting in the ability for snaps to inject arbitrary AppArmor policy rules via malformed content interface and layout declarations and hence escape strict snap confinement. Fixed in snapd versions...

CVE-2021-4120

snapd 2.54.2 fails to perform sufficient validation of snap content interface and layout paths, resulting in the ability for snaps to inject arbitrary AppArmor policy rules via malformed content interface and layout declarations and hence escape strict snap confinement. Fixed in snapd versions...

UBUNTU-CVE-2021-4120

snapd 2.54.2 fails to perform sufficient validation of snap content interface and layout paths, resulting in the ability for snaps to inject arbitrary AppArmor policy rules via malformed content interface and layout declarations and hence escape strict snap confinement. Fixed in snapd versions...

CVE-2022-23191

Adobe Illustrator versions 25.4.3 and earlier and 26.0.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user...

WordPress CMP plugin authorization issue vulnerability

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress CMP plugin version 4.0.19 prior to the authorization problem vulnerability, the vulnerability stems from the...

CVE-2022-0188

The CMP WordPress plugin before 4.0.19 allows any user, even not logged in, to arbitrarily change the coming soon page layout...

CVE-2022-0188

CVE-2022-0188 affects the CMP WordPress plugin, specifically versions before 4.0.19. The vulnerability is an unauthenticated access control flaw that lets any user, including unauthenticated visitors, arbitrarily change the coming soon page layout (CSS/HTML) due to insufficient access control. Th...

GHSA-FR76-2WP8-FP92 Insecure template handling in Express-handlebars

Express-handlebars is a Handlebars view engine for Express. Express-handlebars mixes pure template data with engine configuration options through the Express render API. More specifically, the layout parameter may trigger file disclosure vulnerabilities in downstream applications. This potential...

The vulnerability of Adobe InDesign’s computer layout automation tool, related to writing beyond the buffer in memory, allows a hacker to execute arbitrary code.

The vulnerability of Adobe InDesign’s computer layout automation tool is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created file...