CVE-2021-3626

The Windows version of Multipass before 1.7.0 allowed any local process to connect to the localhost TCP control socket to perform mounts from the operating system to a guest, allowing for privilege escalation...

CVE-2021-3626 Windows version of Multipass unauthenticated localhost tcp control socket can perform mounts

The Windows version of Multipass before 1.7.0 allowed any local process to connect to the localhost TCP control socket to perform mounts from the operating system to a guest, allowing for privilege escalation...

PT-2021-21192 · Canonical · Multipass

Name of the Vulnerable Software and Affected Versions: Multipass versions prior to 1.7.0 Description: The issue allows any local process to connect to the localhost TCP control socket, enabling mounts from the operating system to a guest. This can lead to privilege escalation. Recommendations: Fo...

DEBIAN-CVE-2021-41088

Elvish is a programming language and interactive shell, combined into one package. In versions prior to 0.14.0 Elvish's web UI backend started by elvish -web hosts an endpoint that allows executing the code sent from the web UI. The backend does not check the origin of requests correctly. As a...

CVE-2021-41088

Elvish is a programming language and interactive shell, combined into one package. In versions prior to 0.14.0 Elvish's web UI backend started by elvish -web hosts an endpoint that allows executing the code sent from the web UI. The backend does not check the origin of requests correctly. As a...

UBUNTU-CVE-2021-41088

Elvish is a programming language and interactive shell, combined into one package. In versions prior to 0.14.0 Elvish's web UI backend started by elvish -web hosts an endpoint that allows executing the code sent from the web UI. The backend does not check the origin of requests correctly. As a...

Open redirect

Elvish is a programming language and interactive shell, combined into one package. In versions prior to 0.14.0 Elvish's web UI backend started by elvish -web hosts an endpoint that allows executing the code sent from the web UI. The backend does not check the origin of requests correctly. As a...

UBUNTU-CVE-2021-25737

A security issue was discovered in Kubernetes where a user may be able to redirect pod traffic to private networks on a Node. Kubernetes already prevents creation of Endpoint IPs in the localhost or link-local range, but the same validation was not performed on EndpointSlice IPs...

CVE-2021-25737 Holes in EndpointSlice Validation Enable Host Network Hijack

A security issue was discovered in Kubernetes where a user may be able to redirect pod traffic to private networks on a Node. Kubernetes already prevents creation of Endpoint IPs in the localhost or link-local range, but the same validation was not performed on EndpointSlice IPs...

Bugs-feed - A Local Hosted Portal Where You Can Search For The Latest News, Videos, CVEs, Vulnerabilities...

Bug's feed is a local hosted portal where you can search for the latest news, videos, CVEs, vulnerabilities... It's implemented as a PWA application so you can get rid of the explorer and use it as a desktop application. Navigate through different tabs and take a look to the latest bugs or search...

Open Redirection

kunerbetes is vulnerable to open redirection. An authorized user is able to redirect traffic to private networks on a Node. An untrusted user could exploit this by creating or modifying EndpointSlices to point to localhost or link-local addresses...

Understanding Network Access in Windows AppContainers

Posted by James Forshaw, Project Zero Recently I've been delving into the inner workings of the Windows Firewall. This is interesting to me as it's used to enforce various restrictions such as whether AppContainer sandboxed applications can access the network. Being able to bypass network...

Cross-Site Request Forgery (CSRF) in sergix44/xbackbone

✍️ Description following endpoint vulnerable to CSRF: /omeka/upload/1/unpublish Also there is not any different that you run The application in localhost or some real hosts, this is enough to login with a browser that used the browser for online web surfacing too. 🕵️‍♂️ Proof of Concept // PoC.html...

kubernetes: Holes in EndpointSlice Validation Enable Host Network Hijack

A security issue was discovered in Kubernetes where an authorized user may be able to redirect traffic to private networks on a Node. An untrusted user could exploit this by creating or modifying EndpointSlices to point to localhost or link-local addresses...

Server-Side Request Forgery (SSRF) in gogs/gogs

✍️ Description In 2018, this issue was created to address a SSRF vulnerability in gogs wherein an attacker could have gogs send requests to network-internal hosts - a patch for this was released see diff and no queries about the SSRF issue seem to have been raised again since from what I can tell...

OPENSUSE-SU-2021:2136-1 Security update for cryptctl

This update for cryptctl fixes the following issues: Update to version 2.4: - CVE-2019-18906: Client side password hashing was equivalent to clear text password storage bsc1186226 - First step to use plain text password instead of hashed password. - Move repository into the SUSE github organizati...

openSUSE: Security Advisory for cryptctl (openSUSE-SU-2021:0907-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE-SU-2021:2137-1 Security update for cryptctl

This update for cryptctl fixes the following issues: Update to version 2.4: - CVE-2019-18906: Client side password hashing was equivalent to clear text password storage bsc1186226 - First step to use plain text password instead of hashed password. - Move repository into the SUSE github organizati...

Polkit 0.105-26 0.117-2 Privilege Escalation

Exploit Title: Polkit 0.105-26 0.117-2 - Local Privilege Escalation Date: 06/11/2021 Exploit Author: J Smith CadmusofThebes Vendor Homepage: https://www.freedesktop.org/ Software Link: https://www.freedesktop.org/software/polkit/docs/latest/polkitd.8.html Version: polkit 0.105-26 Ubuntu, polkit...

Newly Discovered Bugs in VSCode Extensions Could Lead to Supply Chain Attacks

Severe security flaws uncovered in popular Visual Studio Code extensions could enable attackers to compromise local machines as well as build and deployment systems through a developer's integrated development environment IDE. The vulnerable extensions could be exploited to run arbitrary code on ...