USN-7046-1: Flatpak and Bubblewrap vulnerability

It was discovered that Flatpak incorrectly handled certain persisted directories. An attacker could possibly use this issue to read and write files in locations it would not normally have access to. A patch was also needed to Bubblewrap in order to avoid race conditions caused by this fix...

Improper Access Control

github.com/rancher/rancher is vulnerable to Improper Access Control. The vulnerability is due to improper cleanup of roleBindings associated with a user or group when they are removed from a project, allowing former members to continue creating, updating, reading, and deleting namespaces in that...

Huawei EulerOS: Security Advisory for expat (EulerOS-SA-2023-1252)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-42762

BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit before 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host processes into thinking the sandboxed process is not confined by the sandbox, by abusing VFS syscalls that manipulate its filesystem namespace. The impact...

Microsoft Windows NT <= 4.0 SP4 Known DLL Cache Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/234/info The names and mappings of kernel objects in NT are cached in the object namespace. In this area, DLL mappings are kept in a section called KnownDlls. By manipulating the namespace, it is possible to redirect call...

phpMyAdmin 3.x Conditional Session Manipulation

No description provided by source. Application: phpMyAdmin 3.x Patched ver: 3.3.10.3 and 3.4.3.2 Severity: Low Exploitable: Remote PMASA ID: PMASA-2011-12 Description If the Swekey extention is activated a remote attacker can manipulate the variables in the the global namespace. Fix Upgrade to...