Open redirect

Elvish is a programming language and interactive shell, combined into one package. In versions prior to 0.14.0 Elvish's web UI backend started by elvish -web hosts an endpoint that allows executing the code sent from the web UI. The backend does not check the origin of requests correctly. As a...

UBUNTU-CVE-2021-41088

Elvish is a programming language and interactive shell, combined into one package. In versions prior to 0.14.0 Elvish's web UI backend started by elvish -web hosts an endpoint that allows executing the code sent from the web UI. The backend does not check the origin of requests correctly. As a...

UBUNTU-CVE-2021-25737

A security issue was discovered in Kubernetes where a user may be able to redirect pod traffic to private networks on a Node. Kubernetes already prevents creation of Endpoint IPs in the localhost or link-local range, but the same validation was not performed on EndpointSlice IPs...

CVE-2021-25737 Holes in EndpointSlice Validation Enable Host Network Hijack

A security issue was discovered in Kubernetes where a user may be able to redirect pod traffic to private networks on a Node. Kubernetes already prevents creation of Endpoint IPs in the localhost or link-local range, but the same validation was not performed on EndpointSlice IPs...

Bugs-feed - A Local Hosted Portal Where You Can Search For The Latest News, Videos, CVEs, Vulnerabilities...

Bug's feed is a local hosted portal where you can search for the latest news, videos, CVEs, vulnerabilities... It's implemented as a PWA application so you can get rid of the explorer and use it as a desktop application. Navigate through different tabs and take a look to the latest bugs or search...

Open Redirection

kunerbetes is vulnerable to open redirection. An authorized user is able to redirect traffic to private networks on a Node. An untrusted user could exploit this by creating or modifying EndpointSlices to point to localhost or link-local addresses...

Understanding Network Access in Windows AppContainers

Posted by James Forshaw, Project Zero Recently I've been delving into the inner workings of the Windows Firewall. This is interesting to me as it's used to enforce various restrictions such as whether AppContainer sandboxed applications can access the network. Being able to bypass network...

Cross-Site Request Forgery (CSRF) in sergix44/xbackbone

✍️ Description following endpoint vulnerable to CSRF: /omeka/upload/1/unpublish Also there is not any different that you run The application in localhost or some real hosts, this is enough to login with a browser that used the browser for online web surfacing too. 🕵️‍♂️ Proof of Concept // PoC.html...

kubernetes: Holes in EndpointSlice Validation Enable Host Network Hijack

A security issue was discovered in Kubernetes where an authorized user may be able to redirect traffic to private networks on a Node. An untrusted user could exploit this by creating or modifying EndpointSlices to point to localhost or link-local addresses...

Server-Side Request Forgery (SSRF) in gogs/gogs

✍️ Description In 2018, this issue was created to address a SSRF vulnerability in gogs wherein an attacker could have gogs send requests to network-internal hosts - a patch for this was released see diff and no queries about the SSRF issue seem to have been raised again since from what I can tell...

OPENSUSE-SU-2021:2136-1 Security update for cryptctl

This update for cryptctl fixes the following issues: Update to version 2.4: - CVE-2019-18906: Client side password hashing was equivalent to clear text password storage bsc1186226 - First step to use plain text password instead of hashed password. - Move repository into the SUSE github organizati...

openSUSE: Security Advisory for cryptctl (openSUSE-SU-2021:0907-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE-SU-2021:2137-1 Security update for cryptctl

This update for cryptctl fixes the following issues: Update to version 2.4: - CVE-2019-18906: Client side password hashing was equivalent to clear text password storage bsc1186226 - First step to use plain text password instead of hashed password. - Move repository into the SUSE github organizati...

Polkit 0.105-26 0.117-2 Privilege Escalation

Exploit Title: Polkit 0.105-26 0.117-2 - Local Privilege Escalation Date: 06/11/2021 Exploit Author: J Smith CadmusofThebes Vendor Homepage: https://www.freedesktop.org/ Software Link: https://www.freedesktop.org/software/polkit/docs/latest/polkitd.8.html Version: polkit 0.105-26 Ubuntu, polkit...

Newly Discovered Bugs in VSCode Extensions Could Lead to Supply Chain Attacks

Severe security flaws uncovered in popular Visual Studio Code extensions could enable attackers to compromise local machines as well as build and deployment systems through a developer's integrated development environment IDE. The vulnerable extensions could be exploited to run arbitrary code on ...

NiceHash Miner Excavator 1.6.7c Cross Site Request Forgery Vulnerability

NiceHash Miner Excavator versions 1.6.7c and below suffer from a cross site request forgery vulnerability. The issue enables any external web site to send commands to the local miner instance, and to redirect the mined coins to an arbitrary mining address. NiceHash Miner Excavator API Cross-Site...

GHSA-GRH6-Q6M2-RH72 Podman Origin Validation Error

Rootless containers run with Podman, receive all traffic with a source IP address of 127.0.0.1 including from remote hosts. This impacts containerized applications that trust localhost 127.0.01 connections by default and do not require authentication. This issue affects Podman versions from 1.8.0...

podman: Remote traffic to rootless containers is seen as orginating from localhost

A flaw was found in podman. Rootless containers receive all traffic with a source IP address of 127.0.0.1 including from remote hosts which impact containerized applications that trust localhost 127.0.01 connections by default and do not require authentication. The highest threat from this...

CVE-2020-7858

There is a directory traversing vulnerability in the download page url of AquaNPlayer 2.0.0.92. The IP of the download page url is localhost and an attacker can traverse directories using "dot dot" sequences../../ to view host file on the system. This vulnerability can cause information leakage...

CVE-2020-7858

There is a directory traversing vulnerability in the download page url of AquaNPlayer 2.0.0.92. The IP of the download page url is localhost and an attacker can traverse directories using "dot dot" sequences../../ to view host file on the system. This vulnerability can cause information leakage...