10 matches found
CVE-2026-10037
A sandbox escape vulnerability exists in the OpenJDK packages provided in Ubuntu. The .jar MIME handlers installed by these packages execute files marked as executable when the mailcap package is installed. A compromised or malicious sandboxed application with access to the OpenURI portal via...
CVE-2026-10037
CVE-2026-10037 describes a sandbox escape in Ubuntu’s OpenJDK packages. The issue arises from .jar MIME handlers installed by these packages executing files marked as executable when the mailcap package is present. A compromised sandboxed application with access to the OpenURI portal via xdg-desk...
SUSE CVE-2026-13601
A flaw was found in Yelp due to an overly permissive Content Security Policy CSP implementation provided by yelp-xsl. A malicious Flatpak application can open crafted help content through the OpenURI portal. By embedding an untrusted CSS stylesheet within a structured SVG document,...
UBUNTU-CVE-2026-13601
A flaw was found in Yelp due to an overly permissive Content Security Policy CSP implementation provided by yelp-xsl. A malicious Flatpak application can open crafted help content through the OpenURI portal. By embedding an untrusted CSS stylesheet within a structured SVG document,...
CVE-2026-13601
CVE-2026-13601 involves Yelp’s yelp-xsl CSP implementation. A malicious Flatpak can exploit an overly permissive CSP in Yelp by loading crafted help content via OpenURI, embedding an untrusted CSS stylesheet inside a structured SVG. This enables attacker-controlled content to bypass the Flatpak s...
CVE-2026-13601
A flaw was found in Yelp due to an overly permissive Content Security Policy CSP implementation provided by yelp-xsl. A malicious Flatpak application can open crafted help content through the OpenURI portal. By embedding an untrusted CSS stylesheet within a structured SVG document,...
GHSA-V222-6MR4-QJ29 Command Injection vulnerability in asciidoctor-include-ext
Impact Applications using Asciidoctor Ruby with asciidoctor-include-ext prior to version 0.4.0, which render user-supplied input in AsciiDoc markup, may allow an attacker to execute arbitrary system commands on the host operating system. This attack is possible even when allow-uri-read is disable...
openSUSE Security Update : flatpak / libostree / xdg-desktop-portal / etc (openSUSE-2021-520)
This update for flatpak, libostree, xdg-desktop-portal, xdg-desktop-portal-gtk fixes the following issues : libostree : Update to version 2020.8 - Enable LTO. bsc1133120 - This update contains scalability improvements and bugfixes. - Caching-related HTTP headers are now supported on summaries and...
Security update for flatpak, libostree, xdg-desktop-portal, xdg-desktop-portal-gtk (important)
openSUSE Security Update: Security update for flatpak, libostree, xdg-desktop-portal, xdg-desktop-portal-gtk Announcement ID: openSUSE-SU-2021:0520-1 Rating: important References: 1133120 1133124 1175899 1180996 Cross-References: CVE-2021-21261 CVSS scores: CVE-2021-21261 NVD : 8.8...
SUSE SLED15 / SLES15 Security Update : flatpak, libostree, xdg-desktop-portal, xdg-desktop-portal-gtk (SUSE-SU-2021:1094-1)
This update for flatpak, libostree, xdg-desktop-portal, xdg-desktop-portal-gtk fixes the following issues : libostree : Update to version 2020.8 Enable LTO. bsc1133120 This update contains scalability improvements and bugfixes. Caching-related HTTP headers are now supported on summaries and...