Количество 21
Количество 21
ELSA-2025-7592
ELSA-2025-7592: yggdrasil security update (IMPORTANT)
CVE-2025-3931
A flaw was found in Yggdrasil, which acts as a system broker, allowing the processes to communicate to other children's "worker" processes through the DBus component. Yggdrasil creates a DBus method to dispatch messages to workers. However, it misses authentication and authorization checks, allowing every system user to call it. One available Yggdrasil worker acts as a package manager with capabilities to create and enable new repositories and install or remove packages. This flaw allows an attacker with access to the system to leverage the lack of authentication on the dispatch message to force the Yggdrasil worker to install arbitrary RPM packages. This issue results in local privilege escalation, enabling the attacker to access and modify sensitive system data.
CVE-2025-3931
A flaw was found in Yggdrasil, which acts as a system broker, allowing the processes to communicate to other children's "worker" processes through the DBus component. Yggdrasil creates a DBus method to dispatch messages to workers. However, it misses authentication and authorization checks, allowing every system user to call it. One available Yggdrasil worker acts as a package manager with capabilities to create and enable new repositories and install or remove packages. This flaw allows an attacker with access to the system to leverage the lack of authentication on the dispatch message to force the Yggdrasil worker to install arbitrary RPM packages. This issue results in local privilege escalation, enabling the attacker to access and modify sensitive system data.
CVE-2024-45336
The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header which is redirected to b.com/ will not send that header to b.com. In the event that the client received a subsequent same-domain redirect, however, the sensitive headers would be restored. For example, a chain of redirects from a.com/, to b.com/1, and finally to b.com/2 would incorrectly send the Authorization header to b.com/2.
CVE-2024-45336
The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header which is redirected to b.com/ will not send that header to b.com. In the event that the client received a subsequent same-domain redirect, however, the sensitive headers would be restored. For example, a chain of redirects from a.com/, to b.com/1, and finally to b.com/2 would incorrectly send the Authorization header to b.com/2.
CVE-2024-45336
The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header which is redirected to b.com/ will not send that header to b.com. In the event that the client received a subsequent same-domain redirect, however, the sensitive headers would be restored. For example, a chain of redirects from a.com/, to b.com/1, and finally to b.com/2 would incorrectly send the Authorization header to b.com/2.
CVE-2024-45336
CVE-2024-45336
The HTTP client drops sensitive headers after following a cross-domain ...
GHSA-rpg2-jvhp-h354
Yggdrasil Vulnerable to Local Privilege Escalation
GHSA-7wrw-r4p8-38rx
The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header which is redirected to b.com/ will not send that header to b.com. In the event that the client received a subsequent same-domain redirect, however, the sensitive headers would be restored. For example, a chain of redirects from a.com/, to b.com/1, and finally to b.com/2 would incorrectly send the Authorization header to b.com/2.
BDU:2025-02667
Уязвимость языка программирования Golang, связанная с недостаточной защитой служебных данных, позволяющая нарушителю получить несанкционированный доступ к учетным данным
SUSE-SU-2025:0281-1
Security update for go1.22
SUSE-SU-2025:0280-1
Security update for go1.23
ROS-20250212-16
Множественные уязвимости golang
ELSA-2025-3772
ELSA-2025-3772: go-toolset:ol8 security update (MODERATE)
SUSE-SU-2025:1555-1
Security update for go1.22-openssl
ELSA-2025-7466
ELSA-2025-7466: delve and golang security update (MODERATE)
SUSE-SU-2025:0285-1
Security update for go1.24
SUSE-SU-2025:01731-1
Security update for go1.23-openssl
SUSE-SU-2025:0429-1
Security update for govulncheck-vulndb
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| ELSA-2025-7592 ELSA-2025-7592: yggdrasil security update (IMPORTANT) | около 1 месяца назад | ||
 | CVE-2025-3931 A flaw was found in Yggdrasil, which acts as a system broker, allowing the processes to communicate to other children's "worker" processes through the DBus component. Yggdrasil creates a DBus method to dispatch messages to workers. However, it misses authentication and authorization checks, allowing every system user to call it. One available Yggdrasil worker acts as a package manager with capabilities to create and enable new repositories and install or remove packages. This flaw allows an attacker with access to the system to leverage the lack of authentication on the dispatch message to force the Yggdrasil worker to install arbitrary RPM packages. This issue results in local privilege escalation, enabling the attacker to access and modify sensitive system data. | CVSS3: 7.8 | 0% Низкий | 3 месяца назад |
 | CVE-2025-3931 A flaw was found in Yggdrasil, which acts as a system broker, allowing the processes to communicate to other children's "worker" processes through the DBus component. Yggdrasil creates a DBus method to dispatch messages to workers. However, it misses authentication and authorization checks, allowing every system user to call it. One available Yggdrasil worker acts as a package manager with capabilities to create and enable new repositories and install or remove packages. This flaw allows an attacker with access to the system to leverage the lack of authentication on the dispatch message to force the Yggdrasil worker to install arbitrary RPM packages. This issue results in local privilege escalation, enabling the attacker to access and modify sensitive system data. | CVSS3: 7.8 | 0% Низкий | 3 месяца назад |
 | CVE-2024-45336 The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header which is redirected to b.com/ will not send that header to b.com. In the event that the client received a subsequent same-domain redirect, however, the sensitive headers would be restored. For example, a chain of redirects from a.com/, to b.com/1, and finally to b.com/2 would incorrectly send the Authorization header to b.com/2. | CVSS3: 6.1 | 0% Низкий | 6 месяцев назад |
| CVE-2024-45336 The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header which is redirected to b.com/ will not send that header to b.com. In the event that the client received a subsequent same-domain redirect, however, the sensitive headers would be restored. For example, a chain of redirects from a.com/, to b.com/1, and finally to b.com/2 would incorrectly send the Authorization header to b.com/2. | CVSS3: 5.9 | 0% Низкий | 7 месяцев назад |
| CVE-2024-45336 The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header which is redirected to b.com/ will not send that header to b.com. In the event that the client received a subsequent same-domain redirect, however, the sensitive headers would be restored. For example, a chain of redirects from a.com/, to b.com/1, and finally to b.com/2 would incorrectly send the Authorization header to b.com/2. | CVSS3: 6.1 | 0% Низкий | 6 месяцев назад |
 | CVSS3: 6.1 | 0% Низкий | 6 месяцев назад | |
| CVE-2024-45336 The HTTP client drops sensitive headers after following a cross-domain ... | CVSS3: 6.1 | 0% Низкий | 6 месяцев назад |
| GHSA-rpg2-jvhp-h354 Yggdrasil Vulnerable to Local Privilege Escalation | CVSS3: 7.8 | 0% Низкий | 3 месяца назад |
| GHSA-7wrw-r4p8-38rx The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header which is redirected to b.com/ will not send that header to b.com. In the event that the client received a subsequent same-domain redirect, however, the sensitive headers would be restored. For example, a chain of redirects from a.com/, to b.com/1, and finally to b.com/2 would incorrectly send the Authorization header to b.com/2. | CVSS3: 6.1 | 0% Низкий | 6 месяцев назад |
 | BDU:2025-02667 Уязвимость языка программирования Golang, связанная с недостаточной защитой служебных данных, позволяющая нарушителю получить несанкционированный доступ к учетным данным | CVSS3: 6.1 | 0% Низкий | 6 месяцев назад |
 | SUSE-SU-2025:0281-1 Security update for go1.22 | 6 месяцев назад | ||
| SUSE-SU-2025:0280-1 Security update for go1.23 | 6 месяцев назад | ||
 | ROS-20250212-16 Множественные уязвимости golang | CVSS3: 6.1 | 6 месяцев назад | |
| ELSA-2025-3772 ELSA-2025-3772: go-toolset:ol8 security update (MODERATE) | 4 месяца назад | ||
| SUSE-SU-2025:1555-1 Security update for go1.22-openssl | 3 месяца назад | ||
| ELSA-2025-7466 ELSA-2025-7466: delve and golang security update (MODERATE) | около 1 месяца назад | ||
| SUSE-SU-2025:0285-1 Security update for go1.24 | 6 месяцев назад | ||
| SUSE-SU-2025:01731-1 Security update for go1.23-openssl | 2 месяца назад | ||
| SUSE-SU-2025:0429-1 Security update for govulncheck-vulndb | 6 месяцев назад |
Уязвимостей на страницу