Lucene search
+L

252 matches found

OSV
OSV
added 2017/03/29 8:59 p.m.5 views

DEBIAN-CVE-2017-5226

When executing a program via the bubblewrap sandbox, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an attacker to escape the sandbox...

10CVSS7AI score0.03169EPSS
Exploits1References1
CVE
CVE
added 2017/03/29 12:0 a.m.152 views

CVE-2017-5226

CVE-2017-5226 is described across connected docs as a bubblewrap sandbox escape via TIOCSTI: a nonprivileged session could push characters into the terminal input buffer to escape the sandbox. Related entries (e.g., CVE-2020-13753) note this as part of a family using TIOCSTI and CLONE_NEWUSER, hi...

10CVSS7.6AI score0.03169EPSS
Exploits1References7Affected Software1
Prion
Prion
added 2017/02/13 6:59 p.m.9 views

Code injection

Bubblewrap before 0.1.3 sets the PRSETDUMPABLE flag, which might allow local users to gain privileges by attaching to the process, as demonstrated by sending commands to a PrivSep socket...

6.9CVSS7.3AI score0.00399EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2017/02/13 6:59 p.m.16 views

CVE-2016-8659

Bubblewrap before 0.1.3 sets the PRSETDUMPABLE flag, which might allow local users to gain privileges by attaching to the process, as demonstrated by sending commands to a PrivSep socket...

7CVSS7AI score0.00399EPSS
Exploits0References4
OSV
OSV
added 2017/02/13 6:59 p.m.5 views

DEBIAN-CVE-2016-8659

Bubblewrap before 0.1.3 sets the PRSETDUMPABLE flag, which might allow local users to gain privileges by attaching to the process, as demonstrated by sending commands to a PrivSep socket...

7CVSS7AI score0.00399EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2017/02/13 6:59 p.m.26 views

CVE-2016-8659

Bubblewrap before 0.1.3 sets the PRSETDUMPABLE flag, which might allow local users to gain privileges by attaching to the process, as demonstrated by sending commands to a PrivSep socket...

7CVSS7AI score0.00399EPSS
Exploits0References2
OSV
OSV
added 2017/02/13 6:59 p.m.10 views

CVE-2016-8659

Bubblewrap before 0.1.3 sets the PRSETDUMPABLE flag, which might allow local users to gain privileges by attaching to the process, as demonstrated by sending commands to a PrivSep socket...

7CVSS7.1AI score
Exploits0References4
Cvelist
Cvelist
added 2017/02/13 6:0 p.m.21 views

CVE-2016-8659

Bubblewrap before 0.1.3 sets the PRSETDUMPABLE flag, which might allow local users to gain privileges by attaching to the process, as demonstrated by sending commands to a PrivSep socket...

7AI score0.00399EPSS
Exploits0References4
CVE
CVE
added 2017/02/13 6:0 p.m.37 views

CVE-2016-8659

CVE-2016-8659 affects Bubblewrap versions prior to 0.1.3. The underlying issue is that the process sets the PR_SET_DUMPABLE flag, which may allow local users to gain privileges by attaching to the PrivSep socket. The connected documents confirm the vulnerable component and the root cause, and des...

7CVSS7AI score0.00399EPSS
Exploits0References4Affected Software1
Debian CVE
Debian CVE
added 2017/02/13 6:0 p.m.43 views

CVE-2016-8659

Bubblewrap before 0.1.3 sets the PRSETDUMPABLE flag, which might allow local users to gain privileges by attaching to the process, as demonstrated by sending commands to a PrivSep socket...

7CVSS7AI score0.00399EPSS
Exploits0
ThreatPost
ThreatPost
added 2016/12/12 1:47 p.m.24 views

Alpha Version of Sandboxed Tor Browser Released

A sandboxed version of the Tor Browser was released over the weekend, and while there are still some rough edges and bugs – potentially major, according to the developer– it could be the first step toward protecting Tor users from recent de-anonymization exploits. Yawning Angel, a longtime Tor...

7AI score
Exploits0References11
CNVD
CNVD
added 2016/10/18 12:0 a.m.5 views

Project Atomic bubblewrap Local Elevation of Privilege Vulnerability

Project Atomic is a suite of software sponsored by Red Hat that supports the creation and running of applications using Linux and Docker containers. A local elevation of privilege vulnerability exists in Project Atomic bubblewrap version 0.1.2-1, which can be exploited by an attacker to gain...

7CVSS7AI score0.00399EPSS
Exploits0References1
Rows per page
Query Builder