25 matches found
OESA-2026-2286 xdg-dbus-proxy security update
xdg-dbus-proxy is a filtering proxy for D-Bus connections. It was originally part of the flatpak project, but it has been broken out as a standalone module to facilitate using it in other contexts. Security Fixes: xdg-dbus-proxy is a filtering proxy for D-Bus connections. Prior to 0.1.7, a policy...
OESA-2026-2212 xdg-dbus-proxy security update
xdg-dbus-proxy is a filtering proxy for D-Bus connections. It was originally part of the flatpak project, but it has been broken out as a standalone module to facilitate using it in other contexts. Security Fixes: xdg-dbus-proxy is a filtering proxy for D-Bus connections. Prior to 0.1.7, a policy...
SUSE CVE-2026-34080
xdg-dbus-proxy is a filtering proxy for D-Bus connections. Prior to 0.1.7, a policy parser vulnerability allows bypassing eavesdrop restrictions. The proxy checks for eavesdrop=true in policy rules but fails to handle eavesdrop ='true' with a space before the equals sign and similar cases. Client...
CVE-2026-34080
A flaw was found in xdg-dbus-proxy, a filtering proxy for D-Bus connections. A local client can exploit a policy parser vulnerability by crafting specific policy rules, such as including a space before the equals sign in "eavesdrop=true". This improper parsing allows the client to bypass intended...
CVE-2026-34080
xdg-dbus-proxy is a filtering proxy for D-Bus connections. Prior to 0.1.7, a policy parser vulnerability allows bypassing eavesdrop restrictions. The proxy checks for eavesdrop=true in policy rules but fails to handle eavesdrop ='true' with a space before the equals sign and similar cases. Client...
DEBIAN-CVE-2026-34080
xdg-dbus-proxy is a filtering proxy for D-Bus connections. Prior to 0.1.7, a policy parser vulnerability allows bypassing eavesdrop restrictions. The proxy checks for eavesdrop=true in policy rules but fails to handle eavesdrop ='true' with a space before the equals sign and similar cases. Client...
UBUNTU-CVE-2026-34080
xdg-dbus-proxy is a filtering proxy for D-Bus connections. Prior to 0.1.7, a policy parser vulnerability allows bypassing eavesdrop restrictions. The proxy checks for eavesdrop=true in policy rules but fails to handle eavesdrop ='true' with a space before the equals sign and similar cases. Client...
CVE-2026-34080
xdg-dbus-proxy is a filtering proxy for D-Bus connections. Prior to 0.1.7, a policy parser vulnerability allows bypassing eavesdrop restrictions. The proxy checks for eavesdrop=true in policy rules but fails to handle eavesdrop ='true' with a space before the equals sign and similar cases. Client...
CVE-2026-34080
xdg-dbus-proxy is a filtering proxy for D-Bus connections. Prior to 0.1.7, a policy parser vulnerability allows bypassing eavesdrop restrictions. The proxy checks for eavesdrop=true in policy rules but fails to handle eavesdrop ='true' with a space before the equals sign and similar cases. Client...
CVE-2026-34080
xdg-dbus-proxy is a filtering proxy for D-Bus connections. Prior to 0.1.7, a policy parser vulnerability allowed bypassing eavesdrop restrictions because the parser mishandles patterns like eavesdrop ='true' (space before =). As a result, clients could intercept D-Bus messages they should not hav...
Linux Distros Unpatched Vulnerability : CVE-2026-34080
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - xdg-dbus-proxy is a filtering proxy for D-Bus connections. Prior to 0.1.7, a policy parser vulnerability allows bypassing eavesdrop restrictions. The proxy chec...
Prototype Pollution
content-security-policy-parser is vulnerable to Prototype Pollution. The vulnerability is due to improper handling of the proto property in policy names, which allows an attacker to override the Object prototype and potentially execute arbitrary actions through prototype pollution...
@0xbigboss/vite-plugin-web-extension (>=5.2.0 <=5.4.0), @58860ed6ffd9e897/gold-finger-extension (=1.0.2) +54 more potentially affected by CVE-2025-55164 via content-security-policy-parser (>=0.1.1 <=0.5.0)
content-security-policy-parser NPM version =0.1.1, =5.2.0, =2.13.1, =2.12.1-canary.3354, =2.12.1-canary.3354, =2.12.5, =0.84.3, =0.0.0-experimental-2cc8de3, =0.0.0-experimental-4529dd0, =0.0.0-experimental-2cd2b9e, =0.0.0-experimental-2cc8de3, =0.0.0-experimental-2cc8de3,...
@0xbigboss/vite-plugin-web-extension (>=5.2.0 <=5.4.0), @58860ed6ffd9e897/gold-finger-extension (=1.0.2) +54 more potentially affected by CVE-2025-55164 via content-security-policy-parser (>=0.1.1 <=0.4.1)
content-security-policy-parser NPM version =0.1.1, =5.2.0, =2.13.1, =2.12.1-canary.3354, =2.12.1-canary.3354, =2.12.5, =0.84.3, =0.0.0-experimental-2cc8de3, =0.0.0-experimental-4529dd0, =0.0.0-experimental-2cd2b9e, =0.0.0-experimental-2cc8de3, =0.0.0-experimental-2cc8de3,...
Prototype Pollution
Overview content-security-policy-parser is a Parse Content Security Policy directives. Affected versions of this package are vulnerable to Prototype Pollution via the parse function. An attacker can manipulate the Object prototype by supplying a crafted policy name in HTTP queries, potentially...
CVE-2025-55164 content-security-policy-parser Prototype Pollution Vulnerability May Lead to RCE
content-security-policy-parser parses content security policy directives. A prototype pollution vulnerability exists in versions 0.5.0 and earlier, wherein if a policy name is called proto, one can override the Object prototype. This issue has been patched in version 0.6.0. A workaround involves...
CVE-2025-55164
The vulnerability CVE-2025-55164 affects the content-security-policy-parser library. A prototype pollution flaw exists in versions ≤0.5.0 when a policy name of proto is provided, enabling override of Object.prototype. A fix is available in version 0.6.0 and later; remediation is to upgrade to 0.6...
PT-2025-32688 · Unknown +1 · Content-Security-Policy-Parser +1
Name of the Vulnerable Software and Affected Versions: content-security-policy-parser versions 0.5.0 and earlier Description: The content-security-policy-parser software parses content security policy directives. A prototype pollution vulnerability exists in versions 0.5.0 and earlier, where...
CVE-2025-49830
Conjur provides secrets management and application identity for infrastructure. An authenticated attacker who is able to load policy can use the policy yaml parser to reference files on the Secrets Manager, Self-Hosted server. These references may be used as reconnaissance to better understand th...
CVE-2025-49830
Conjur provides secrets management and application identity for infrastructure. An authenticated attacker who is able to load policy can use the policy yaml parser to reference files on the Secrets Manager, Self-Hosted server. These references may be used as reconnaissance to better understand th...