62 matches found
Malicious code in matic-snaps (npm)
The package matic-snaps was found to contain malicious code...
MAL-2025-26012 Malicious code in matic-snaps (npm)
The package matic-snaps was found to contain malicious code...
CVE-2024-6107
Due to insufficient verification, an attacker could use a malicious client to bypass authentication checks and run RPC commands in a region. This has been addressed in MAAS and updated in the corresponding snaps...
CVE-2025-49709
Certain canvas operations could have lead to memory corruption. This vulnerability was fixed in Firefox 139.0.4...
UBUNTU-CVE-2022-49770
In the Linux kernel, the following vulnerability has been resolved: ceph: avoid putting the realm twice when decoding snaps fails When decoding the snaps fails it maybe leaving the 'firstrealm' and 'realm' pointing to the same snaprealm memory. And then it'll put it twice and could cause random...
CVE-2022-49770 ceph: avoid putting the realm twice when decoding snaps fails
In the Linux kernel, the following vulnerability has been resolved: ceph: avoid putting the realm twice when decoding snaps fails When decoding the snaps fails it maybe leaving the 'firstrealm' and 'realm' pointing to the same snaprealm memory. And then it'll put it twice and could cause random...
CVE-2022-49770 ceph: avoid putting the realm twice when decoding snaps fails
In the Linux kernel, the following vulnerability has been resolved: ceph: avoid putting the realm twice when decoding snaps fails When decoding the snaps fails it maybe leaving the 'firstrealm' and 'realm' pointing to the same snaprealm memory. And then it'll put it twice and could cause random...
CVE-2025-27425
Scanning certain QR codes that included text with a website URL could allow the URL to be opened without presenting the user with a confirmation alert first. This vulnerability was fixed in Firefox for iOS 136...
CVE-2025-1014
Certificate length was not properly checked when added to a certificate store. In practice only trusted data was processed. This vulnerability was fixed in Firefox 135, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135...
MetaMask: Missing Line Terminator on allowedOrigins enables origin spoofing
The vulnerability identified by @pkkr was related to the Snaps allowedOrigins functionality, which allows Snap developers to control which origins can interact with certain Snap APIs. Due to a missing regex terminator, the origin control could be bypassed, enabling a malicious domain to access...
GSD-2022-1007874 ceph: avoid putting the realm twice when decoding snaps fails
ceph: avoid putting the realm twice when decoding snaps fails This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.81 by commit...
GHSA-G63H-Q855-VP3Q Configuration API in EdgeXFoundry 2.1.0 and earlier exposes message bus credentials to local unauthenticated users
Impact The /api/v2/config endpoint exposes message bus credentials to local unauthenticated users. In security-enabled mode, message bus credentials are supposed to be kept in the EdgeX secret store and require authentication to access. This vulnerability bypasses the access controls on message b...
@agoric/cosmic-swingset (>=0.10.8 <=0.18.0), @agoric/ertp (>=0.1.4 <=0.4.1) +18 more potentially affected by CVE-2021-23543 via realms-shim (=1.2.2)
realms-shim NPM version =1.2.2 is affected by a known vulnerability. The following packages have a transitive dependency on realms-shim and may be impacted: - @agoric/cosmic-swingset =0.10.8, =0.1.4, =0.0.1, =0.1.1, =0.0.1, =0.0.20, =0.1.0, =2.0.1, =1.0.0, =0.0.1, =0.4.1, =0.0.6, =0.0.1-alpha2,...
@agoric/cosmic-swingset (>=0.10.8 <=0.18.0), @agoric/ertp (>=0.1.4 <=0.4.1) +18 more potentially affected by CVE-2021-23543 via realms-shim (=1.2.2)
realms-shim NPM version =1.2.2 is affected by a known vulnerability. The following packages have a transitive dependency on realms-shim and may be impacted: - @agoric/cosmic-swingset =0.10.8, =0.1.4, =0.0.1, =0.1.1, =0.0.1, =0.0.20, =0.1.0, =2.0.1, =1.0.0, =0.0.1, =0.4.1, =0.0.6, =0.0.1-alpha2,...
GHSA-6C7M-QWXJ-MVHP Broken encryption in EdgeX Foundry
Summary Broken encryption in app-functions-sdk “AES” transform in EdgeX Foundry releases prior to Jakarta allows attackers to decrypt messages via unspecified vectors. Detailed Description The app-functions-sdk exports an “aes” transform that user scripts can optionally call to encrypt data in th...
USN-4728-1 snapd vulnerability
Gilad Reti and Nimrod Stoler discovered that snapd did not correctly specify cgroup delegation when generating systemd service units for various container management snaps. This could allow a local attacker to escalate privileges via access to arbitrary devices of the container host from within a...
PT-2021-11381 · Canonical +1 · Snapd +2
Name of the Vulnerable Software and Affected Versions: snapd affected versions not specified Description: The issue arises when generating systemd service units for the docker snap and similar snaps, as snapd fails to specify Delegate=yes. As a result, systemd moves processes from containers...
Ubuntu 16.04 LTS / 18.04 LTS : Snapcraft vulnerability (USN-4661-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4661-1 advisory. It was discovered that Snapcraft includes the current directory when configuring LDLIBRARYPATH for application commands. If a user were tricked into...
USN-4661-1 snapcraft vulnerability
It was discovered that Snapcraft includes the current directory when configuring LDLIBRARYPATH for application commands. If a user were tricked into installing a malicious snap or downloading a malicious library, under certain circumstances an attacker could exploit this to affect strict mode sna...
CVE-2019-4259
A security vulnerability has been identified in IBM Spectrum Scale 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.2.3, and 5.0.0 with CES stack enabled that could allow sensitive data to be included with service snaps. IBM X-Force ID: 160011...