Lucene search
K

9 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in pyxdg

A code injection issue was discovered in PyXDG before version 0.26, through crafted Python code within a Category element of a Menu XML document in a .menu file. The XDGCONFIGDIRS must be set up to trigger the xdg.Menu.parse parsing within the directory containing this file. This issue occurred d...

7.5CVSS7AI score0.02105EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/04/02 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-35093

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in libinput. A local attacker who can place a specially crafted Lua bytecode file in certain system or user configuration directories can bypas...

8.8CVSS5.8AI score0.00184EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/01 1:53 p.m.5 views

CVE-2026-35093

A flaw was found in libinput. A local attacker who can place a specially crafted Lua bytecode file in certain system or user configuration directories can bypass security restrictions. This allows the attacker to run unauthorized code with the same permissions as the program using libinput, such ...

8.8CVSS5.9AI score0.00184EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.5 views

PT-2026-29524

Name of the Vulnerable Software and Affected Versions libinput affected versions not specified Description A flaw exists in libinput that allows a local attacker to bypass security restrictions by placing a specially crafted Lua bytecode file in specific system or user configuration directories...

8.8CVSS6.2AI score0.00184EPSS
Exploits0References13
Snyk
Snyk
added 2026/04/01 12:0 a.m.2 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the luaLloadfile plugin in configuration directories. An attacker can execute unauthorized code and access sensitive information by placing a specially crafted Lua bytecode file in a system or user...

8.8CVSS6AI score0.00184EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/05/12 2:19 a.m.5 views

SUSE CVE-2023-32076

in-toto is a framework to protect supply chain integrity. The in-toto configuration is read from various directories and allows users to configure the behavior of the framework. The files are from directories following the XDG base directory specification. In versions 1.4.0 and prior, among the...

5.5CVSS7.2AI score0.00241EPSS
Exploits0References3
PyPA
PyPA
added 2019/06/06 7:29 p.m.7 views

PYSEC-2019-199

A code injection issue was discovered in PyXDG before 0.26 via crafted Python code in a Category element of a Menu XML document in a .menu file. XDGCONFIGDIRS must be set up to trigger xdg.Menu.parse parsing within the directory containing this file. This is due to a lack of sanitization in...

7.5CVSS7.5AI score0.02105EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2019/06/06 7:29 p.m.2 views

UBUNTU-CVE-2019-12761

A code injection issue was discovered in PyXDG before 0.26 via crafted Python code in a Category element of a Menu XML document in a .menu file. XDGCONFIGDIRS must be set up to trigger xdg.Menu.parse parsing within the directory containing this file. This is due to a lack of sanitization in...

7.5CVSS7.3AI score0.02105EPSS
Exploits1References5
Debian
Debian
added 2006/05/26 8:39 a.m.10 views

[SECURITY] [DSA 1075-1] New awstats packages fix arbitrary command execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 1075-1 [email protected] http://www.debian.org/security/ Martin Schulze May 26th, 2006 http://www.debian.org/security/faq -...

7.7AI score
Exploits0
Rows per page
Query Builder