7647 matches found
C-MOR Video Surveillance 5.2401 / 6.00PL01 Cross Site Scripting
Advisory ID: SYSS-2024-021 Product: C-MOR Video Surveillance Manufacturer: za-internet GmbH Affected Versions: 5.2401, 6.00PL01 Tested Versions: 5.2401, 6.00PL01 Vulnerability Type: Persistent Cross-Site Scripting CWE-79 Risk Level: High Solution Status: Open Manufacturer Notification: 2024-04-05...
flatpak: Access to files outside sandbox for apps using persistent= (--persist)
A sandbox escape vulnerability was found in Flatpak due to a symlink-following issue when mounting persistent directories. This flaw allows a local user or attacker to craft a symbolic link that can bypass the intended restrictions, enabling access to and modification of files outside the...
flatpak: Access to files outside sandbox for apps using persistent= (--persist)
A sandbox escape vulnerability was found in Flatpak due to a symlink-following issue when mounting persistent directories. This flaw allows a local user or attacker to craft a symbolic link that can bypass the intended restrictions, enabling access to and modification of files outside the...
flatpak: Access to files outside sandbox for apps using persistent= (--persist)
A sandbox escape vulnerability was found in Flatpak due to a symlink-following issue when mounting persistent directories. This flaw allows a local user or attacker to craft a symbolic link that can bypass the intended restrictions, enabling access to and modification of files outside the...
Important: Red Hat Security Advisory: bubblewrap and flatpak security update
An update for bubblewrap and flatpak is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service. Red Hat Product Security has rated...
flatpak: Access to files outside sandbox for apps using persistent= (--persist)
A sandbox escape vulnerability was found in Flatpak due to a symlink-following issue when mounting persistent directories. This flaw allows a local user or attacker to craft a symbolic link that can bypass the intended restrictions, enabling access to and modification of files outside the...
flatpak: Access to files outside sandbox for apps using persistent= (--persist)
A sandbox escape vulnerability was found in Flatpak due to a symlink-following issue when mounting persistent directories. This flaw allows a local user or attacker to craft a symbolic link that can bypass the intended restrictions, enabling access to and modification of files outside the...
flatpak: Access to files outside sandbox for apps using persistent= (--persist)
A sandbox escape vulnerability was found in Flatpak due to a symlink-following issue when mounting persistent directories. This flaw allows a local user or attacker to craft a symbolic link that can bypass the intended restrictions, enabling access to and modification of files outside the...
RHEL 9 : bubblewrap and flatpak (RHSA-2024:6355)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:6355 advisory. Bubblewrap /usr/bin/bwrap is a core execution engine for unprivileged containers that works as a setuid binary on kernels without user namespaces...
Important: bubblewrap and flatpak security update
Bubblewrap /usr/bin/bwrap is a core execution engine for unprivileged containers that works as a setuid binary on kernels without user namespaces. Security Fixes: flatpak: Access to files outside sandbox for apps using persistent= --persist CVE-2024-42472 For more details about the security issue...
Important: Red Hat Security Advisory: bubblewrap and flatpak security update
An update for bubblewrap and flatpak is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
flatpak: Access to files outside sandbox for apps using persistent= (--persist)
A sandbox escape vulnerability was found in Flatpak due to a symlink-following issue when mounting persistent directories. This flaw allows a local user or attacker to craft a symbolic link that can bypass the intended restrictions, enabling access to and modification of files outside the...
flatpak: Access to files outside sandbox for apps using persistent= (--persist)
A sandbox escape vulnerability was found in Flatpak due to a symlink-following issue when mounting persistent directories. This flaw allows a local user or attacker to craft a symbolic link that can bypass the intended restrictions, enabling access to and modification of files outside the...
flatpak: Access to files outside sandbox for apps using persistent= (--persist)
A sandbox escape vulnerability was found in Flatpak due to a symlink-following issue when mounting persistent directories. This flaw allows a local user or attacker to craft a symbolic link that can bypass the intended restrictions, enabling access to and modification of files outside the...
CVE-2024-45177
An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 and 6.00PL01. Due to improper input validation, the C-MOR web interface is vulnerable to persistent cross-site scripting XSS attacks. It was found out that the camera configuration is vulnerable to a persistent cross-site...
Malicious code in fworit (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1ed926bf3a44788ba5620ba3ef2a3d4bb1bf64dd35797dbfafd5e7c9c991a4f7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in uworut (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 94a75c1d9dba41b228d5979bb4c983eee613e504985724579e7b775e47227cbb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2024-45177
za-internet C-MOR Video Surveillance versions 5.2401–6.00PL01 are vulnerable to persistent cross-site scripting via the web interface due to inadequate input validation. The PT Security advisory notes this can allow remote script injection. Remediation: apply the patch for 5.2401 and 6.00PL01; up...
ALSA-2024:6356 Important: bubblewrap and flatpak security update
Bubblewrap /usr/bin/bwrap is a core execution engine for unprivileged containers that works as a setuid binary on kernels without user namespaces. Security Fixes: flatpak: Access to files outside sandbox for apps using persistent= --persist CVE-2024-42472 For more details about the security issue...
Malicious code in @diotoborg/aperiam-iste (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d8b1e84bd8de9f5a3048435ab58b5bb57df28c17c5ecff7a2ac6de63784c3067 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...