Astra Linux - уязвимость в flatpak

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.4 and 1.12.0, Flatpak applications that had direct access to AFUNIX sockets—such as those used by Wayland, Pipewire, or pipewire-pulse—could trick portals and other host-...

WWBN AVideo 代码问题漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 26.0 contained code vulnerabilities. These vulnerabilities stemmed from the isSSRFSafeURL function, which allowed bypassing IPv6 addresses using IPv4 mapping. This could lead to...

CVE-2025-24354 imgproxy is vulnerable to SSRF against 0.0.0.0

imgproxy is server for resizing, processing, and converting images. Imgproxy does not block the 0.0.0.0 address, even with IMGPROXYALLOWLOOPBACKSOURCEADDRESSES set to false. This can expose services on the local host. This vulnerability is fixed in 3.27.2...

OESA-2024-1466 docker security update

Docker is an open source project to build, ship and run any application as a lightweight container. Security Fixes: Moby is an open source container framework that is a key component of Docker Engine, Docker Desktop, and other distributions of container tooling or runtimes. Moby's networking...

openSUSE: Security Advisory for virtualbox (openSUSE-SU-2023:0351-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

flatpak: Sandbox bypass via recent VFS-manipulating syscalls

A flaw was found in the flatpak package. It is susceptible to a software flaw that can deceive portals and other host-OS services into treating the flatpak app as an ordinary, non-sandboxed host-OS process. This flaw allows the escalation of privileges that the corresponding services presume the...

Security update for virtualbox (important)

openSUSE Security Update: Security update for virtualbox Announcement ID: openSUSE-SU-2021:1403-1 Rating: important References: 1191104 1191526 1191869 Cross-References: CVE-2021-2475 CVE-2021-35538 CVE-2021-35540 CVE-2021-35542 CVE-2021-35545 CVSS scores: CVE-2021-2475 NVD : 4.4...

Siemens Teamcenter Active Workspace Path Traversal Vulnerability

Siemens Teamcenter Active Workspace is a web application for accessing the Teamcenter system, providing the same and seamless experience on any computer or smart device. A path traversal vulnerability exists in Siemens Teamcenter Active Workspace. An attacker could exploit the vulnerability to...

CVE-2021-40357

A vulnerability has been identified in Teamcenter Active Workspace V4.3 All versions V4.3.10, Teamcenter Active Workspace V5.0 All versions V5.0.8, Teamcenter Active Workspace V5.1 All versions V5.1.5, Teamcenter Active Workspace V5.2 All versions V5.2.1. A path traversal vulnerability in the...

Siemens Teamcenter Active Workspace 路径遍历漏洞

Siemens Teamcenter Active Workspace is a web application for accessing the Teamcenter system, providing the same and seamless experience on any computer or smart device. A path traversal vulnerability exists in Siemens Teamcenter Active Workspace. An attacker could exploit the vulnerability to...

CVE-2018-6082

Including port 22 in the list of allowed FTP ports in Networking in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially enumerate internal host services via a crafted HTML page...

Hardcoded credentials

Including port 22 in the list of allowed FTP ports in Networking in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially enumerate internal host services via a crafted HTML page...

CVE-2018-6082

Including port 22 in the list of allowed FTP ports in Networking in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially enumerate internal host services via a crafted HTML page...

CVE-2018-6082

Including port 22 in the list of allowed FTP ports in Networking in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially enumerate internal host services via a crafted HTML page...

Gitmails - An Information Gathering Tool To Colect Git Commit Emails In Version Control Host Services

An information gathering tool to colect git commit emails in version control host services. Overview Gitmails explores that git commits contains a name and an email configured by the author and that version control host services are being used to store a lot of projects. What Gitmails does is:...

Symantec Endpoint Encryption Denial of Service Vulnerability (CNVD-2017-36539)

Symantec Endpoint Encryption SEE is a suite of software from Symantec Corporation that provides advanced encryption and management capabilities for desktops, laptops, and removable storage devices. A security vulnerability exists in Symantec Endpoint Encryption in versions prior to SEE 11.1.3MP1...

Symantec pcAnywhere Host Services Login Remote Code Execution (CVE-2011-3478)

A buffer overflow vulnerability has been reported in Symantec pcAnywhere Host Services...