4 matches found
CVE-2026-54229 Abrt: chownproblemdir succeeds during active post-create event processing due to inadequate locking
A race condition was found in the abrt-dbus D-Bus service's ChownProblemDir method. ChownProblemDir opens the dump directory with DDOPENREADONLY and calls ddchown to change ownership of all files to the caller's uid, succeeding even while post-create event handlers hold a write lock. This allows ...
Exposure of Resource to Wrong Sphere
Overview electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Exposure of Resource to Wrong Sphere via the window.open function. An attacker can gain access to or manipulate the browsin...
CVE-2025-1037
By making minor configuration changes to the TropOS 4th Gen device, an authenticated user with the ability to run user level shell commands can enable access via secure shell SSH to an unrestricted root shell. This is possible through abuse of a particular set of scripts and executables that allo...
xwiki-platform 代码注入漏洞
Thomas Mortagne xwiki-platform is an open source application by Thomas Mortagne. A general-purpose Wiki platform that provides runtime services for applications built on it. A code injection vulnerability exists in xwiki-platform, which stems from the fact that a user without programming privileg...