Количество 24
Количество 24
RLSA-2025:7592
Important: yggdrasil security update
ELSA-2025-7592
ELSA-2025-7592: yggdrasil security update (IMPORTANT)
CVE-2025-3931
A flaw was found in Yggdrasil, which acts as a system broker, allowing the processes to communicate to other children's "worker" processes through the DBus component. Yggdrasil creates a DBus method to dispatch messages to workers. However, it misses authentication and authorization checks, allowing every system user to call it. One available Yggdrasil worker acts as a package manager with capabilities to create and enable new repositories and install or remove packages. This flaw allows an attacker with access to the system to leverage the lack of authentication on the dispatch message to force the Yggdrasil worker to install arbitrary RPM packages. This issue results in local privilege escalation, enabling the attacker to access and modify sensitive system data.
CVE-2025-3931
A flaw was found in Yggdrasil, which acts as a system broker, allowing the processes to communicate to other children's "worker" processes through the DBus component. Yggdrasil creates a DBus method to dispatch messages to workers. However, it misses authentication and authorization checks, allowing every system user to call it. One available Yggdrasil worker acts as a package manager with capabilities to create and enable new repositories and install or remove packages. This flaw allows an attacker with access to the system to leverage the lack of authentication on the dispatch message to force the Yggdrasil worker to install arbitrary RPM packages. This issue results in local privilege escalation, enabling the attacker to access and modify sensitive system data.
CVE-2024-45336
The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header which is redirected to b.com/ will not send that header to b.com. In the event that the client received a subsequent same-domain redirect, however, the sensitive headers would be restored. For example, a chain of redirects from a.com/, to b.com/1, and finally to b.com/2 would incorrectly send the Authorization header to b.com/2.
CVE-2024-45336
The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header which is redirected to b.com/ will not send that header to b.com. In the event that the client received a subsequent same-domain redirect, however, the sensitive headers would be restored. For example, a chain of redirects from a.com/, to b.com/1, and finally to b.com/2 would incorrectly send the Authorization header to b.com/2.
CVE-2024-45336
The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header which is redirected to b.com/ will not send that header to b.com. In the event that the client received a subsequent same-domain redirect, however, the sensitive headers would be restored. For example, a chain of redirects from a.com/, to b.com/1, and finally to b.com/2 would incorrectly send the Authorization header to b.com/2.
CVE-2024-45336
Sensitive headers incorrectly sent after cross-domain redirect in net/http
CVE-2024-45336
The HTTP client drops sensitive headers after following a cross-domain ...
GHSA-rpg2-jvhp-h354
Yggdrasil Vulnerable to Local Privilege Escalation
GHSA-7wrw-r4p8-38rx
The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header which is redirected to b.com/ will not send that header to b.com. In the event that the client received a subsequent same-domain redirect, however, the sensitive headers would be restored. For example, a chain of redirects from a.com/, to b.com/1, and finally to b.com/2 would incorrectly send the Authorization header to b.com/2.
BDU:2025-02667
Уязвимость языка программирования Golang, связанная с недостаточной защитой служебных данных, позволяющая нарушителю получить несанкционированный доступ к учетным данным
SUSE-SU-2025:0281-1
Security update for go1.22
SUSE-SU-2025:0280-1
Security update for go1.23
ROS-20250212-16
Множественные уязвимости golang
ELSA-2025-3772
ELSA-2025-3772: go-toolset:ol8 security update (MODERATE)
SUSE-SU-2025:1555-1
Security update for go1.22-openssl
RLSA-2025:7466
Moderate: delve and golang security update
ELSA-2025-7466
ELSA-2025-7466: delve and golang security update (MODERATE)
SUSE-SU-2025:0285-1
Security update for go1.24
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | RLSA-2025:7592 Important: yggdrasil security update | около 1 месяца назад | ||
| ELSA-2025-7592 ELSA-2025-7592: yggdrasil security update (IMPORTANT) | 4 месяца назад | ||
 | CVE-2025-3931 A flaw was found in Yggdrasil, which acts as a system broker, allowing the processes to communicate to other children's "worker" processes through the DBus component. Yggdrasil creates a DBus method to dispatch messages to workers. However, it misses authentication and authorization checks, allowing every system user to call it. One available Yggdrasil worker acts as a package manager with capabilities to create and enable new repositories and install or remove packages. This flaw allows an attacker with access to the system to leverage the lack of authentication on the dispatch message to force the Yggdrasil worker to install arbitrary RPM packages. This issue results in local privilege escalation, enabling the attacker to access and modify sensitive system data. | CVSS3: 7.8 | 0% Низкий | 6 месяцев назад |
 | CVE-2025-3931 A flaw was found in Yggdrasil, which acts as a system broker, allowing the processes to communicate to other children's "worker" processes through the DBus component. Yggdrasil creates a DBus method to dispatch messages to workers. However, it misses authentication and authorization checks, allowing every system user to call it. One available Yggdrasil worker acts as a package manager with capabilities to create and enable new repositories and install or remove packages. This flaw allows an attacker with access to the system to leverage the lack of authentication on the dispatch message to force the Yggdrasil worker to install arbitrary RPM packages. This issue results in local privilege escalation, enabling the attacker to access and modify sensitive system data. | CVSS3: 7.8 | 0% Низкий | 6 месяцев назад |
 | CVE-2024-45336 The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header which is redirected to b.com/ will not send that header to b.com. In the event that the client received a subsequent same-domain redirect, however, the sensitive headers would be restored. For example, a chain of redirects from a.com/, to b.com/1, and finally to b.com/2 would incorrectly send the Authorization header to b.com/2. | CVSS3: 6.1 | 0% Низкий | 9 месяцев назад |
| CVE-2024-45336 The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header which is redirected to b.com/ will not send that header to b.com. In the event that the client received a subsequent same-domain redirect, however, the sensitive headers would be restored. For example, a chain of redirects from a.com/, to b.com/1, and finally to b.com/2 would incorrectly send the Authorization header to b.com/2. | CVSS3: 5.9 | 0% Низкий | 10 месяцев назад |
| CVE-2024-45336 The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header which is redirected to b.com/ will not send that header to b.com. In the event that the client received a subsequent same-domain redirect, however, the sensitive headers would be restored. For example, a chain of redirects from a.com/, to b.com/1, and finally to b.com/2 would incorrectly send the Authorization header to b.com/2. | CVSS3: 6.1 | 0% Низкий | 9 месяцев назад |
 | CVE-2024-45336 Sensitive headers incorrectly sent after cross-domain redirect in net/http | CVSS3: 6.1 | 0% Низкий | 9 месяцев назад |
| CVE-2024-45336 The HTTP client drops sensitive headers after following a cross-domain ... | CVSS3: 6.1 | 0% Низкий | 9 месяцев назад |
| GHSA-rpg2-jvhp-h354 Yggdrasil Vulnerable to Local Privilege Escalation | CVSS3: 7.8 | 0% Низкий | 6 месяцев назад |
| GHSA-7wrw-r4p8-38rx The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header which is redirected to b.com/ will not send that header to b.com. In the event that the client received a subsequent same-domain redirect, however, the sensitive headers would be restored. For example, a chain of redirects from a.com/, to b.com/1, and finally to b.com/2 would incorrectly send the Authorization header to b.com/2. | CVSS3: 6.1 | 0% Низкий | 9 месяцев назад |
 | BDU:2025-02667 Уязвимость языка программирования Golang, связанная с недостаточной защитой служебных данных, позволяющая нарушителю получить несанкционированный доступ к учетным данным | CVSS3: 6.1 | 0% Низкий | 9 месяцев назад |
 | SUSE-SU-2025:0281-1 Security update for go1.22 | 9 месяцев назад | ||
| SUSE-SU-2025:0280-1 Security update for go1.23 | 9 месяцев назад | ||
 | ROS-20250212-16 Множественные уязвимости golang | CVSS3: 6.1 | 9 месяцев назад | |
| ELSA-2025-3772 ELSA-2025-3772: go-toolset:ol8 security update (MODERATE) | 7 месяцев назад | ||
| SUSE-SU-2025:1555-1 Security update for go1.22-openssl | 6 месяцев назад | ||
| RLSA-2025:7466 Moderate: delve and golang security update | около 1 месяца назад | ||
| ELSA-2025-7466 ELSA-2025-7466: delve and golang security update (MODERATE) | 4 месяца назад | ||
| SUSE-SU-2025:0285-1 Security update for go1.24 | 9 месяцев назад |
Уязвимостей на страницу