7815 matches found
flatpak: sandbox escape via spawn portal
A flaw was found in Flatpak. The Flatpak portal D-Bus service passes caller-specified environment variables to non-sandboxed processes on the host system, and in particular to the flatpak run command that is used to launch the new sandbox instance. A malicious or compromised Flatpak app could set...
Security update for MozillaThunderbird (important)
openSUSE Security Update: Security update for MozillaThunderbird Announcement ID: openSUSE-SU-2021:0209-1 Rating: important References: 1181414 Cross-References: CVE-2020-15685 CVE-2020-26976 CVE-2021-23953 CVE-2021-23954 CVE-2021-23960 CVE-2021-23964 Affected Products: openSUSE Leap 15.2 An upda...
CentOS 8 : virt:rhel (CESA-2019:3345)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2019:3345 advisory. - QEMU: qxl: null pointer dereference while releasing spice resources CVE-2019-12155 - ntfs-3g: heap-based buffer overflow leads to local root privileg...
Mozilla: Use-after-poison for incorrectly redeclared JavaScript variables during GC
The Mozilla Foundation Security Advisory describes this flaw as: Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable crash...
Mozilla: Use-after-poison for incorrectly redeclared JavaScript variables during GC
The Mozilla Foundation Security Advisory describes this flaw as: Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable crash...
Mozilla: Use-after-poison for incorrectly redeclared JavaScript variables during GC
The Mozilla Foundation Security Advisory describes this flaw as: Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable crash...
Mozilla: Use-after-poison for incorrectly redeclared JavaScript variables during GC
The Mozilla Foundation Security Advisory describes this flaw as: Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable crash...
Mozilla: Use-after-poison for incorrectly redeclared JavaScript variables during GC
The Mozilla Foundation Security Advisory describes this flaw as: Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable crash...
Denial Of Service (DoS)
firefox is vulnerable to Denial Of Service. Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable crash...
Mozilla: Use-after-poison for incorrectly redeclared JavaScript variables during GC
The Mozilla Foundation Security Advisory describes this flaw as: Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable crash...
Mozilla: Use-after-poison for incorrectly redeclared JavaScript variables during GC
The Mozilla Foundation Security Advisory describes this flaw as: Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable crash...
jenkins-2-plugins/kubernetes: Jenkins controller environment variables are accessible in Kubernetes Plugin
Jenkins Kubernetes Plugin 1.27.3 and earlier allows low-privilege users to access possibly sensitive Jenkins controller environment variables...
[ASA-202101-40] flatpak: sandbox escape
Arch Linux Security Advisory ASA-202101-40 ========================================== Severity: High Date : 2021-01-20 CVE-ID : CVE-2021-21261 Package : flatpak Type : sandbox escape Remote : No Link : https://security.archlinux.org/AVG-1454 Summary ======= The package flatpak before version...
EulerOS 2.0 SP3 : perl (EulerOS-SA-2021-1107)
According to the version of the perl packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in...
jenkins-2-plugins/kubernetes: Jenkins controller environment variables are accessible in Kubernetes Plugin
Jenkins Kubernetes Plugin 1.27.3 and earlier allows low-privilege users to access possibly sensitive Jenkins controller environment variables...
RHEL 7 / 8 : OpenShift Container Platform 4.6.12 (RHSA-2021:0038)
The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0038 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...
Debian DSA-4830-1 : flatpak - security update
Simon McVittie discovered a bug in the flatpak-portal service that can allow sandboxed applications to execute arbitrary code on the host system a sandbox escape. The Flatpak portal D-Bus service flatpak-portal, also known by its D-Bus service name org.freedesktop.portal.Flatpak allows apps in a...
DEBIAN-CVE-2021-21261
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. A bug was discovered in the flatpak-portal service that can allow sandboxed applications to execute arbitrary code on the host system a sandbox escape. This sandbox-escape bug is present in versio...
CVE-2021-21261
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. A bug was discovered in the flatpak-portal service that can allow sandboxed applications to execute arbitrary code on the host system a sandbox escape. This sandbox-escape bug is present in versio...
WordPress Custom Global Variables plugin <= 1.0.5 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability found by Swapnil Subhash Bodekar in WordPress Custom Global Variables plugin versions = 1.0.5. Solution Update the Custom Global Variables plugin to the latest available version at least 1.1.1...