Lucene search
K

10 matches found

NVD
NVD
added yesterday6 views

CVE-2026-10037

A sandbox escape vulnerability exists in the OpenJDK packages provided in Ubuntu. The .jar MIME handlers installed by these packages execute files marked as executable when the mailcap package is installed. A compromised or malicious sandboxed application with access to the OpenURI portal via...

8.8CVSS
Exploits0References1
CVE
CVE
added yesterday8 views

CVE-2026-10037

CVE-2026-10037 describes a sandbox escape in Ubuntu’s OpenJDK packages. The issue arises from .jar MIME handlers installed by these packages executing files marked as executable when the mailcap package is present. A compromised sandboxed application with access to the OpenURI portal via xdg-desk...

8.8CVSS6.3AI score
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/07/01 3:35 a.m.5 views

SUSE CVE-2026-13601

A flaw was found in Yelp due to an overly permissive Content Security Policy CSP implementation provided by yelp-xsl. A malicious Flatpak application can open crafted help content through the OpenURI portal. By embedding an untrusted CSS stylesheet within a structured SVG document,...

7.1CVSS5.9AI score0.0012EPSS
Exploits0References3
OSV
OSV
added 2026/06/29 10:16 a.m.3 views

UBUNTU-CVE-2026-13601

A flaw was found in Yelp due to an overly permissive Content Security Policy CSP implementation provided by yelp-xsl. A malicious Flatpak application can open crafted help content through the OpenURI portal. By embedding an untrusted CSS stylesheet within a structured SVG document,...

7.1CVSS5.9AI score0.0012EPSS
Exploits0References6
CVE
CVE
added 2026/06/29 9:20 a.m.21 views

CVE-2026-13601

CVE-2026-13601 involves Yelp’s yelp-xsl CSP implementation. A malicious Flatpak can exploit an overly permissive CSP in Yelp by loading crafted help content via OpenURI, embedding an untrusted CSS stylesheet inside a structured SVG. This enables attacker-controlled content to bypass the Flatpak s...

7.1CVSS5.9AI score0.0012EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/29 9:20 a.m.7 views

CVE-2026-13601

A flaw was found in Yelp due to an overly permissive Content Security Policy CSP implementation provided by yelp-xsl. A malicious Flatpak application can open crafted help content through the OpenURI portal. By embedding an untrusted CSS stylesheet within a structured SVG document,...

7.1CVSS5.9AI score0.0012EPSS
Exploits0References6
OSV
OSV
added 2022/03/31 11:27 p.m.20 views

GHSA-V222-6MR4-QJ29 Command Injection vulnerability in asciidoctor-include-ext

Impact Applications using Asciidoctor Ruby with asciidoctor-include-ext prior to version 0.4.0, which render user-supplied input in AsciiDoc markup, may allow an attacker to execute arbitrary system commands on the host operating system. This attack is possible even when allow-uri-read is disable...

10CVSS9.6AI score0.02719EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2021/04/09 12:0 a.m.66 views

openSUSE Security Update : flatpak / libostree / xdg-desktop-portal / etc (openSUSE-2021-520)

This update for flatpak, libostree, xdg-desktop-portal, xdg-desktop-portal-gtk fixes the following issues : libostree : Update to version 2020.8 - Enable LTO. bsc1133120 - This update contains scalability improvements and bugfixes. - Caching-related HTTP headers are now supported on summaries and...

8.8CVSS8.1AI score0.0057EPSS
Exploits0References6
OPENSUSE Linux
OPENSUSE Linux
added 2021/04/09 12:0 a.m.38 views

Security update for flatpak, libostree, xdg-desktop-portal, xdg-desktop-portal-gtk (important)

openSUSE Security Update: Security update for flatpak, libostree, xdg-desktop-portal, xdg-desktop-portal-gtk Announcement ID: openSUSE-SU-2021:0520-1 Rating: important References: 1133120 1133124 1175899 1180996 Cross-References: CVE-2021-21261 CVSS scores: CVE-2021-21261 NVD : 8.8...

7.3CVSS7.3AI score0.0057EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2021/04/08 12:0 a.m.36 views

SUSE SLED15 / SLES15 Security Update : flatpak, libostree, xdg-desktop-portal, xdg-desktop-portal-gtk (SUSE-SU-2021:1094-1)

This update for flatpak, libostree, xdg-desktop-portal, xdg-desktop-portal-gtk fixes the following issues : libostree : Update to version 2020.8 Enable LTO. bsc1133120 This update contains scalability improvements and bugfixes. Caching-related HTTP headers are now supported on summaries and...

8.8CVSS8.1AI score0.0057EPSS
Exploits0References8
Rows per page
Query Builder