EUVD-2021-13475

Malware in sbrugna...

flatpak: sandbox escape via RequestBackground portal

A flaw was found in Flatpak, a system for building, distributing, and running sandboxed desktop applications on Linux. Normally, the "--command" argument of "flatpak run" expects being given a command to run in the specified Flatpak app, along with optional arguments. However, it is possible to...

Arbitrary Code Execution

Flatpak is vulnerable to Arbitrary Code Execution. The vulnerability is due to improper handling of the --command argument to the portal interface org.freedesktop.portal.Background.RequestBackground from within a Flatpak app, which allows malicious or compromised Flatpak apps to pass bwrap...

DEBIAN-CVE-2024-32462

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. in versions before 1.10.9, 1.12.9, 1.14.6, and 1.15.8, a malicious or compromised Flatpak app could execute arbitrary code outside its sandbox. Normally, the --command argument of flatpak run...

CVE-2024-32462

CVE-2024-32462 affects Flatpak releases prior to 1.15.8, 1.10.9, 1.12.9, and 1.14.6. The issue arises when a Flatpak app passes arbitrary bwrap arguments (eg, --bind) to the --command used by flatpak run, which can be constructed from a portal call (org.freedesktop.portal.Background.RequestBackgr...

CVE-2024-32462 Flatpak vulnerable to a sandbox escape via RequestBackground portal due to bad argument parsing

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. in versions before 1.10.9, 1.12.9, 1.14.6, and 1.15.8, a malicious or compromised Flatpak app could execute arbitrary code outside its sandbox. Normally, the --command argument of flatpak run...

CVE-2024-32462 Flatpak vulnerable to a sandbox escape via RequestBackground portal due to bad argument parsing

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. in versions before 1.10.9, 1.12.9, 1.14.6, and 1.15.8, a malicious or compromised Flatpak app could execute arbitrary code outside its sandbox. Normally, the --command argument of flatpak run...

Fortinet FortiNAC 跨站脚本漏洞

Fortinet FortiNAC is a zero-trust access solution from Fortinet. A security vulnerability exists in Fortinet FortiNAC portal UI versions prior to 9.4.1, which stems from improper neutralization of user input. An attacker could exploit this vulnerability to conduct a cross-site scripting attack...

Malicious code in public-portal-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8346ab3983e1f424b89fcf805f9d9493c1bc54b8dbb262eab74ed75a028760a6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2021-31355

A persistent cross-site scripting XSS vulnerability in the captive portal graphical user interface of Juniper Networks Junos OS may allow a remote authenticated user to inject web script or HTML and steal sensitive data and credentials from a web administration session, possibly tricking a...

OpenEMR 安全漏洞

OpenEMR is an open source medical management system from the OpenEMR community. The system can be used for medical practice management, electronic medical records, prescription writing and medical billing requests. An access control error vulnerability exists in OpenEMR version 5.0.2.1, which ste...

Cross site scripting

A remote reflected cross-site scripting XSS vulnerability was discovered in Aruba ClearPass Policy Manager versions: Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the guest portal interface of ClearPass could allow a remote attacker to conduct a reflected cross-site scripting XSS atta...

Cisco Secure ACS Portal Interface Session Hijacking

The version of Cisco Secure Access Control System ACS on the remote host is affected by a vulnerability in the Portal Interface. Due to insufficient session management, this could allow a remote, authenticated attacker to perform actions in the portal with the privileges of another user. C Tenabl...

Cisco Secure ACS Portal Session Management Vulnerability

A vulnerability in the portal interface of Cisco Secure Access Control System ACS could allow an authenticated, remote attacker to access the portal with the access capabilities of another user. The vulnerability is due to insufficient session management in the portal. An attacker could exploit...

Input validation

The web portal interface in Citrix Access Gateway aka Citrix Advanced Access Control before Advanced Edition 4.5 HF1 places a session ID in the URL, which allows context-dependent attackers to hijack sessions by reading "residual information", including the a referer log, browser history, or...

CVE-2007-0011

The web portal interface in Citrix Access Gateway aka Citrix Advanced Access Control before Advanced Edition 4.5 HF1 places a session ID in the URL, which allows context-dependent attackers to hijack sessions by reading "residual information", including the a referer log, browser history, or...