Lucene search
K

550 matches found

EUVD
EUVD
added 6 days ago9 views

EUVD-2026-42435

A sandbox escape vulnerability exists in the OpenJDK packages provided in Ubuntu. The .jar MIME handlers installed by these packages execute files marked as executable when the mailcap package is installed. A compromised or malicious sandboxed application with access to the OpenURI portal via...

8.8CVSS6.3AI score0.0012EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added last week5 views

CVE-2026-10037 Sandbox Escape in Ubuntu OpenJDK Packages via xdg-desktop-portal

A sandbox escape vulnerability exists in the OpenJDK packages provided in Ubuntu. The .jar MIME handlers installed by these packages execute files marked as executable when the mailcap package is installed. A compromised or malicious sandboxed application with access to the OpenURI portal via...

8.8CVSS6.3AI score0.0012EPSS
Exploits0References1
CVE
CVE
added last week24 views

CVE-2026-10037

CVE-2026-10037 describes a sandbox escape in Ubuntu’s OpenJDK packages. The issue arises from .jar MIME handlers installed by these packages executing files marked as executable when the mailcap package is present. A compromised sandboxed application with access to the OpenURI portal via xdg-desk...

8.8CVSS6.3AI score0.0012EPSS
Exploits0References1
Cvelist
Cvelist
added last week41 views

CVE-2026-10037 Sandbox Escape in Ubuntu OpenJDK Packages via xdg-desktop-portal

A sandbox escape vulnerability exists in the OpenJDK packages provided in Ubuntu. The .jar MIME handlers installed by these packages execute files marked as executable when the mailcap package is installed. A compromised or malicious sandboxed application with access to the OpenURI portal via...

8.8CVSS0.0012EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.15 views

PT-2026-56604

Name of the Vulnerable Software and Affected Versions OpenJDK packages provided in Ubuntu affected versions not specified Description A sandbox escape issue exists where .jar MIME handlers execute files marked as executable if the mailcap package is installed. A malicious sandboxed application wi...

8.8CVSS6.3AI score0.0012EPSS
Exploits0References11
Fedora
Fedora
added 2026/07/06 2:55 p.m.18 views

[SECURITY] Fedora 44 Update: rust-ashpd-0.13.12-2.fc44

XDG portals wrapper in Rust using zbus...

5.9AI score
Exploits0
OSV
OSV
added 2026/07/03 7:24 p.m.2 views

SUSE-SU-2026:2755-1 Security update for xdg-dbus-proxy

This update for xdg-dbus-proxy fixes the following issue: - CVE-2026-34080: failure in the policy parser can lead to information disclosure bsc1261737...

6.8CVSS5.9AI score0.00175EPSS
Exploits0References3
OSV
OSV
added 2026/06/30 12:1 p.m.3 views

SUSE-SU-2026:2712-1 Security update for xdg-desktop-portal

This update for xdg-desktop-portal fixes the following issue: - CVE-2026-40354: File deletion via symlink attack bsc1262045...

6.3CVSS5.8AI score0.00128EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/17 2:1 p.m.14 views

Symlink Attack

Overview chrome-devtools-mcp is a MCP server for Chrome DevTools Affected versions of this package are vulnerable to Symlink Attack in the fs.writeFileSync process when writing the PID file to a runtime directory under /tmp if $XDGRUNTIMEDIR is unset. An attacker can overwrite or truncate arbitra...

6.9CVSS6AI score0.00077EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/06/14 12:0 a.m.7 views

openSUSE 16 Security Update : xdg-dbus-proxy (openSUSE-SU-2026:20934-1)

The remote openSUSE 16 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2026:20934-1 advisory. This update for xdg-dbus-proxy fixes the following issue: - CVE-2026-34080: failure in the policy parser can lead to information disclosure bsc1261737...

6.8CVSS5.4AI score0.00175EPSS
Exploits0References3
OSV
OSV
added 2026/06/10 2:52 p.m.6 views

SUSE-SU-2026:22096-1 Security update for xdg-dbus-proxy

This update for xdg-dbus-proxy fixes the following issue: - CVE-2026-34080: failure in the policy parser can lead to information disclosure bsc1261737...

6.8CVSS5.3AI score0.00175EPSS
Exploits0References3
OSV
OSV
added 2026/06/10 2:52 p.m.8 views

OPENSUSE-SU-2026:20934-1 Security update for xdg-dbus-proxy

This update for xdg-dbus-proxy fixes the following issue: - CVE-2026-34080: failure in the policy parser can lead to information disclosure bsc1261737...

6.8CVSS5.4AI score0.00175EPSS
Exploits0References2
OSV
OSV
added 2026/06/07 5:10 a.m.13 views

MGASA-2026-0178 Updated xdg-dbus-proxy packages fix security vulnerability

A policy parser vulnerability allows bypassing eavesdrop restrictions. The proxy checks for eavesdrop=true in policy rules but fails to handle eavesdrop ='true' with a space before the equals sign and similar cases...

6.8CVSS5.4AI score0.00175EPSS
Exploits0References4
Mageia
Mageia
added 2026/06/07 5:10 a.m.15 views

Updated xdg-dbus-proxy packages fix security vulnerability

A policy parser vulnerability allows bypassing eavesdrop restrictions. The proxy checks for eavesdrop=true in policy rules but fails to handle eavesdrop ='true' with a space before the equals sign and similar cases...

6.8CVSS5.5AI score0.00175EPSS
Exploits0References3
SUSE Linux
SUSE Linux
added 2026/05/28 4:4 p.m.13 views

Security update for xdg-desktop-portal

This update for xdg-desktop-portal fixes the following issue: CVE-2026-40354: File deletion via symlink attack bsc1262045. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command...

5.5CVSS5.8AI score0.00128EPSS
Exploits0References4
OSV
OSV
added 2026/05/28 4:3 p.m.5 views

SUSE-SU-2026:2105-1 Security update for xdg-desktop-portal

This update for xdg-desktop-portal fixes the following issue: - CVE-2026-40354: File deletion via symlink attack bsc1262045...

6.3CVSS5.8AI score0.00128EPSS
Exploits0References3
Ubuntu
Ubuntu
added 2026/05/26 6:25 p.m.21 views

USN-8167-2: xdg-dbus-proxy vulnerability

USN-8167-1 fixed a vulnerability in xdg-dbus-proxy. This update provides the corresponding update for Ubuntu 20.04 LTS. Original advisory details: It was discovered that xdg-dbus-proxy incorrectly handled eavesdropping in policy rules. A local attacker could possibly use this issue to intercept...

6.8CVSS5.8AI score0.00175EPSS
Exploits0
OSV
OSV
added 2026/05/26 6:25 p.m.11 views

USN-8167-2 xdg-dbus-proxy vulnerability

USN-8167-1 fixed a vulnerability in xdg-dbus-proxy. This update provides the corresponding update for Ubuntu 20.04 LTS. Original advisory details: It was discovered that xdg-dbus-proxy incorrectly handled eavesdropping in policy rules. A local attacker could possibly use this issue to intercept...

6.8CVSS5.8AI score0.00175EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.13 views

Ubuntu 24.04 LTS / 25.10 : XDG Desktop Portal vulnerability (USN-8287-1)

The remote Ubuntu 24.04 LTS / 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-8287-1 advisory. It was discovered that XDG Desktop Portal incorrectly handled trashing files. A local attacker could possibly use this issue to delete arbitrary files on...

6.3CVSS6AI score0.00128EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2026/05/20 6:2 p.m.14 views

USN-8287-1: XDG Desktop Portal vulnerability

It was discovered that XDG Desktop Portal incorrectly handled trashing files. A local attacker could possibly use this issue to delete arbitrary files on the host file system via a symlink attack...

6.3CVSS5.9AI score0.00128EPSS
Exploits0
Rows per page
Query Builder