29 matches found
openSUSE 16 Security Update : xdg-dbus-proxy (openSUSE-SU-2026:20934-1)
The remote openSUSE 16 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2026:20934-1 advisory. This update for xdg-dbus-proxy fixes the following issue: - CVE-2026-34080: failure in the policy parser can lead to information disclosure bsc1261737...
OPENSUSE-SU-2026:20934-1 Security update for xdg-dbus-proxy
This update for xdg-dbus-proxy fixes the following issue: - CVE-2026-34080: failure in the policy parser can lead to information disclosure bsc1261737...
MGASA-2026-0178 Updated xdg-dbus-proxy packages fix security vulnerability
A policy parser vulnerability allows bypassing eavesdrop restrictions. The proxy checks for eavesdrop=true in policy rules but fails to handle eavesdrop ='true' with a space before the equals sign and similar cases...
Updated xdg-dbus-proxy packages fix security vulnerability
A policy parser vulnerability allows bypassing eavesdrop restrictions. The proxy checks for eavesdrop=true in policy rules but fails to handle eavesdrop ='true' with a space before the equals sign and similar cases...
OESA-2026-2286 xdg-dbus-proxy security update
xdg-dbus-proxy is a filtering proxy for D-Bus connections. It was originally part of the flatpak project, but it has been broken out as a standalone module to facilitate using it in other contexts. Security Fixes: xdg-dbus-proxy is a filtering proxy for D-Bus connections. Prior to 0.1.7, a policy...
OESA-2026-2212 xdg-dbus-proxy security update
xdg-dbus-proxy is a filtering proxy for D-Bus connections. It was originally part of the flatpak project, but it has been broken out as a standalone module to facilitate using it in other contexts. Security Fixes: xdg-dbus-proxy is a filtering proxy for D-Bus connections. Prior to 0.1.7, a policy...
SUSE CVE-2026-34080
xdg-dbus-proxy is a filtering proxy for D-Bus connections. Prior to 0.1.7, a policy parser vulnerability allows bypassing eavesdrop restrictions. The proxy checks for eavesdrop=true in policy rules but fails to handle eavesdrop ='true' with a space before the equals sign and similar cases. Client...
CVE-2026-34080
A flaw was found in xdg-dbus-proxy, a filtering proxy for D-Bus connections. A local client can exploit a policy parser vulnerability by crafting specific policy rules, such as including a space before the equals sign in "eavesdrop=true". This improper parsing allows the client to bypass intended...
CVE-2026-34080
xdg-dbus-proxy is a filtering proxy for D-Bus connections. Prior to 0.1.7, a policy parser vulnerability allows bypassing eavesdrop restrictions. The proxy checks for eavesdrop=true in policy rules but fails to handle eavesdrop ='true' with a space before the equals sign and similar cases. Client...
DEBIAN-CVE-2026-34080
xdg-dbus-proxy is a filtering proxy for D-Bus connections. Prior to 0.1.7, a policy parser vulnerability allows bypassing eavesdrop restrictions. The proxy checks for eavesdrop=true in policy rules but fails to handle eavesdrop ='true' with a space before the equals sign and similar cases. Client...
CVE-2026-34080
xdg-dbus-proxy is a filtering proxy for D-Bus connections. Prior to 0.1.7, a policy parser vulnerability allows bypassing eavesdrop restrictions. The proxy checks for eavesdrop=true in policy rules but fails to handle eavesdrop ='true' with a space before the equals sign and similar cases. Client...
UBUNTU-CVE-2026-34080
xdg-dbus-proxy is a filtering proxy for D-Bus connections. Prior to 0.1.7, a policy parser vulnerability allows bypassing eavesdrop restrictions. The proxy checks for eavesdrop=true in policy rules but fails to handle eavesdrop ='true' with a space before the equals sign and similar cases. Client...
CVE-2026-34080
xdg-dbus-proxy is a filtering proxy for D-Bus connections. Prior to 0.1.7, a policy parser vulnerability allows bypassing eavesdrop restrictions. The proxy checks for eavesdrop=true in policy rules but fails to handle eavesdrop ='true' with a space before the equals sign and similar cases. Client...
CVE-2026-34080
xdg-dbus-proxy is a filtering proxy for D-Bus connections. Prior to 0.1.7, a policy parser vulnerability allowed bypassing eavesdrop restrictions because the parser mishandles patterns like eavesdrop ='true' (space before =). As a result, clients could intercept D-Bus messages they should not hav...
Linux Distros Unpatched Vulnerability : CVE-2026-34080
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - xdg-dbus-proxy is a filtering proxy for D-Bus connections. Prior to 0.1.7, a policy parser vulnerability allows bypassing eavesdrop restrictions. The proxy chec...
Prototype Pollution
content-security-policy-parser is vulnerable to Prototype Pollution. The vulnerability is due to improper handling of the proto property in policy names, which allows an attacker to override the Object prototype and potentially execute arbitrary actions through prototype pollution...
@0xbigboss/vite-plugin-web-extension (>=5.2.0 <=5.4.0), @58860ed6ffd9e897/gold-finger-extension (=1.0.2) +54 more potentially affected by CVE-2025-55164 via content-security-policy-parser (>=0.1.1 <=0.5.0)
content-security-policy-parser NPM version =0.1.1, =5.2.0, =2.13.1, =2.12.1-canary.3354, =2.12.1-canary.3354, =2.12.5, =0.84.3, =0.0.0-experimental-2cc8de3, =0.0.0-experimental-4529dd0, =0.0.0-experimental-2cd2b9e, =0.0.0-experimental-2cc8de3, =0.0.0-experimental-2cc8de3,...
@0xbigboss/vite-plugin-web-extension (>=5.2.0 <=5.4.0), @58860ed6ffd9e897/gold-finger-extension (=1.0.2) +54 more potentially affected by CVE-2025-55164 via content-security-policy-parser (>=0.1.1 <=0.4.1)
content-security-policy-parser NPM version =0.1.1, =5.2.0, =2.13.1, =2.12.1-canary.3354, =2.12.1-canary.3354, =2.12.5, =0.84.3, =0.0.0-experimental-2cc8de3, =0.0.0-experimental-4529dd0, =0.0.0-experimental-2cd2b9e, =0.0.0-experimental-2cc8de3, =0.0.0-experimental-2cc8de3,...
Prototype Pollution
Overview content-security-policy-parser is a Parse Content Security Policy directives. Affected versions of this package are vulnerable to Prototype Pollution via the parse function. An attacker can manipulate the Object prototype by supplying a crafted policy name in HTTP queries, potentially...
CVE-2025-55164 content-security-policy-parser Prototype Pollution Vulnerability May Lead to RCE
content-security-policy-parser parses content security policy directives. A prototype pollution vulnerability exists in versions 0.5.0 and earlier, wherein if a policy name is called proto, one can override the Object prototype. This issue has been patched in version 0.6.0. A workaround involves...