325 matches found
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel, which stems from a memory leak in the drm/lima module...
PyLoad 0.5.0 Remote Code Execution
Exploit Title: PyLoad 0.5.0 - Pre-auth Remote Code Execution RCE Date: 06-10-2023 Credits: bAu @bauh0lz Exploit Author: Gabriel Lima 0xGabe Vendor Homepage: https://pyload.net/ Software Link: https://github.com/pyload/pyload Version: 0.5.0 Tested on: Ubuntu 20.04.6 CVE: CVE-2023-0297 import...
File System Sandbox Breakout
github.com/lima-vm/lima is vulnerable to a File System Sandbox Breakout. The vulnerability exists due to differential disk images used as the base image, which allows an attacker to aread files off the host machine...
In Lima, a malicious disk image could read a single file on the host filesystem as a qcow2/vmdk backing file
Note The official templates of Lima, and the well-known third party products Colima, Rancher Desktop, and Finch are unlikely to be affected by this issue. Impact A virtual machine instance with a malicious disk image could read a single file on the host filesystem, even when no filesystem is...
GHSA-F7QW-JJ9C-RPQ9 In Lima, a malicious disk image could read a single file on the host filesystem as a qcow2/vmdk backing file
Note The official templates of Lima, and the well-known third party products Colima, Rancher Desktop, and Finch are unlikely to be affected by this issue. Impact A virtual machine instance with a malicious disk image could read a single file on the host filesystem, even when no filesystem is...
CVE-2023-32684
Lima launches Linux virtual machines, typically on macOS, for running containerd. Prior to version 0.16.0, a virtual machine instance with a malicious disk image could read a single file on the host filesystem, even when no filesystem is mounted from the host. The official templates of Lima and t...
Path traversal
Lima launches Linux virtual machines, typically on macOS, for running containerd. Prior to version 0.16.0, a virtual machine instance with a malicious disk image could read a single file on the host filesystem, even when no filesystem is mounted from the host. The official templates of Lima and t...
CVE-2023-32684 In Lima, a malicious disk image could read a single file on the host filesystem as a qcow2/vmdk backing file
Lima launches Linux virtual machines, typically on macOS, for running containerd. Prior to version 0.16.0, a virtual machine instance with a malicious disk image could read a single file on the host filesystem, even when no filesystem is mounted from the host. The official templates of Lima and t...
CVE-2023-32684
Lima (Linux VMs on macOS) prior to v0.16.0 allowed a malicious disk image to read a single host file via a qcow2/vmdk backing file path embedded in the image. It relies on the backing file path string from the instance directory, but Lima does not run as root, limiting full-disk access. The issue...
CVE-2023-32684 In Lima, a malicious disk image could read a single file on the host filesystem as a qcow2/vmdk backing file
Lima launches Linux virtual machines, typically on macOS, for running containerd. Prior to version 0.16.0, a virtual machine instance with a malicious disk image could read a single file on the host filesystem, even when no filesystem is mounted from the host. The official templates of Lima and t...
CVE-2023-32684 In Lima, a malicious disk image could read a single file on the host filesystem as a qcow2/vmdk backing file
Lima launches Linux virtual machines, typically on macOS, for running containerd. Prior to version 0.16.0, a virtual machine instance with a malicious disk image could read a single file on the host filesystem, even when no filesystem is mounted from the host. The official templates of Lima and t...
PT-2023-23959 · Lima · Lima
Name of the Vulnerable Software and Affected Versions: Lima versions prior to 0.16.0 Description: A virtual machine instance with a malicious disk image could read a single file on the host filesystem, even when no filesystem is mounted from the host. The attacker has to embed the target file pat...
Lima 安全漏洞
github lima is a software application. Linux virtual machine, on macOS aka "Linux-on-Mac", "macOS subsystem for Linux", "Mac containerd", unofficial. Mac containerd", unofficially A security vulnerability exists in versions prior to Lima 0.16.0 that stems from a virtual machine instance with a...
camarasantarosadelima.sc.gov.br Cross Site Scripting vulnerability OBB-3293760
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
skymater133.lima-city.de Cross Site Scripting vulnerability OBB-2120220
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
lima-airport.com XSS vulnerability
Open Bug Bounty ID: OBB-711458 Description| Value ---|--- Affected Website:| lima-airport.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| hidden until disclosure Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| hidden...
benziger.lima-city.de XSS vulnerability
Open Bug Bounty ID: OBB-697787 Description| Value ---|--- Affected Website:| benziger.lima-city.de Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| hidden until disclosure Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:|...
lima-airport.com XSS vulnerability
Open Bug Bounty ID: OBB-620626 Description| Value ---|--- Affected Website:| lima-airport.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Community Server - Stored Cross-Site Scripting in User's Signature
Community Server - Stored Cross-site Scripting in user's signature. - Product description: Community Server is a communities and collaboration web application developed by Telligent. It uses ASP.NET platform C and Microsoft SQL Server database. From it's 5.0 version, the software was renamed to...
Telligent Community Server 5.x Cross Site Scripting
Editor's note: 4 Advisories are grouped together here. ======================================================================= Community Server - Stored Cross-site Scripting in user's signature. - Product description: Community Server is a communities and collaboration web application developed b...