Lucene search
K

20 matches found

Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.7 views

MiracleLinux 7 : flatpak-1.0.2-5.el7 (AXSA:2019-3881:02)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2019-3881:02 advisory. flatpak: Sandbox bypass via IOCSTI incomplete fix for CVE-2017-5226 CVE-2019-10063 Tenable has extracted the preceding description block directly fr...

10CVSS7.2AI score0.03169EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-2124

Malware in sbrugna...

9CVSS8.4AI score0.01909EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2024/02/29 12:0 a.m.32 views

CentOS 9 : flatpak-1.12.8-1.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the flatpak-1.12.8-1.el9 build changelog. - Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Versions prior to 1.10.8, 1.12.8,...

10CVSS7.1AI score0.00887EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/11/16 12:0 a.m.38 views

Oracle Linux 9 : flatpak (ELSA-2023-6518)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-6518 advisory. 1.12.8-1 - Update to 1.12.8 CVE-2023-28100, CVE-2023-28101 Resolves: 2180312, 2221792 Tenable has extracted the preceding description block directly fr...

10CVSS7.1AI score0.00887EPSS
Exploits0References3
Circl
Circl
added 2023/03/16 7:30 p.m.3 views

CVE-2017-5226

creationtimestamp| type| source ---|---|--- 2023-03-16 19:30:51+00:00| seen| https://t.me/cibsecurity/60169 2026-01-08 16:43:07+00:00| seen| https://gist.github.com/sloonz/ef282a1f53366e1ed6f5cb848de015ba 2026-04-14 17:12:31+00:00| seen|...

10CVSS7.6AI score0.03169EPSS
Exploits1References3
Veracode
Veracode
added 2020/08/06 9:32 p.m.30 views

Arbitrary Code Execution

webkit2gtk is vulnerable arbitrary code execution. The vulnerability exists due to the bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONENEWUSER and the TIOCSTI ioctl. CLONENEWUSER could potentially be used to confuse xdg-desktop-portal, whic...

10CVSS2.7AI score0.03169EPSS
Exploits1References8Affected Software1
Prion
Prion
added 2020/07/14 2:15 p.m.34 views

Design/Logic Flaw

The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONENEWUSER and the TIOCSTI ioctl. CLONENEWUSER could potentially be used to confuse xdg-desktop-portal, which allows access outside the sandbox. TIOCSTI can be used to directly execute comman...

7.5CVSS8AI score0.03169EPSS
Exploits1References7Affected Software6
Cvelist
Cvelist
added 2020/07/14 1:7 p.m.28 views

CVE-2020-13753

The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONENEWUSER and the TIOCSTI ioctl. CLONENEWUSER could potentially be used to confuse xdg-desktop-portal, which allows access outside the sandbox. TIOCSTI can be used to directly execute comman...

9.6AI score0.02917EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2019/08/12 12:0 a.m.36 views

NewStart CGSL CORE 5.05 / MAIN 5.05 : flatpak Vulnerability (NS-SA-2019-0084)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has flatpak packages installed that are affected by a vulnerability: - Flatpak before 1.0.8, 1.1.x and 1.2.x before 1.2.4, and 1.3.x before 1.3.1 allows a sandbox bypass. Flatpak versions since 0.8.1 address CVE-2017-5226 by...

9CVSS7.3AI score0.01909EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/05/31 12:0 a.m.35 views

Amazon Linux 2 : flatpak (ALAS-2019-1219)

Flatpak allows a sandbox bypass. Flatpak versions since 0.8.1 address CVE-2017-5226 by using a seccomp filter to prevent sandboxed apps from using the TIOCSTI ioctl, which could otherwise be used to inject commands into the controlling terminal so that they would be executed outside the sandbox...

10CVSS7.1AI score0.03169EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2019/05/14 12:0 a.m.33 views

CentOS 7 : flatpak (CESA-2019:1024)

An update for flatpak is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

10CVSS7.1AI score0.03169EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2019/05/14 12:0 a.m.81 views

CentOS Update for flatpak CESA-2019:1024 centos7

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS8.1AI score0.03169EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2019/05/09 12:0 a.m.36 views

Scientific Linux Security Update : flatpak on SL7.x x86_64 (20190508)

Security Fixes : - flatpak: Sandbox bypass via IOCSTI incomplete fix for CVE-2017-5226 CVE-2019-10063 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include'compat.inc'; if description scriptid124705; scriptversion"1.4";...

10CVSS7AI score0.03169EPSS
Exploits1References3
Prion
Prion
added 2019/03/26 2:29 p.m.22 views

Design/Logic Flaw

Flatpak before 1.0.8, 1.1.x and 1.2.x before 1.2.4, and 1.3.x before 1.3.1 allows a sandbox bypass. Flatpak versions since 0.8.1 address CVE-2017-5226 by using a seccomp filter to prevent sandboxed apps from using the TIOCSTI ioctl, which could otherwise be used to inject commands into the...

6.8CVSS7.3AI score0.03169EPSS
Exploits1References3Affected Software1
UbuntuCve
UbuntuCve
added 2017/03/29 8:59 p.m.26 views

CVE-2017-5226

When executing a program via the bubblewrap sandbox, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an attacker to escape the sandbox...

10CVSS6.9AI score0.03169EPSS
Exploits1References2
OSV
OSV
added 2017/03/29 8:59 p.m.32 views

CVE-2017-5226

When executing a program via the bubblewrap sandbox, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an attacker to escape the sandbox...

10CVSS6.6AI score
Exploits0References7
OSV
OSV
added 2017/03/29 8:59 p.m.2 views

DEBIAN-CVE-2017-5226

When executing a program via the bubblewrap sandbox, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an attacker to escape the sandbox...

10CVSS7AI score0.03169EPSS
Exploits1References1
Cvelist
Cvelist
added 2017/03/29 12:0 a.m.25 views

CVE-2017-5226

When executing a program via the bubblewrap sandbox, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an attacker to escape the sandbox...

9.1AI score0.03169EPSS
Exploits1References7
CVE
CVE
added 2017/03/29 12:0 a.m.150 views

CVE-2017-5226

CVE-2017-5226 is described across connected docs as a bubblewrap sandbox escape via TIOCSTI: a nonprivileged session could push characters into the terminal input buffer to escape the sandbox. Related entries (e.g., CVE-2020-13753) note this as part of a family using TIOCSTI and CLONE_NEWUSER, hi...

10CVSS7.6AI score0.03169EPSS
Exploits1References7Affected Software1
Debian CVE
Debian CVE
added 2017/03/29 12:0 a.m.32 views

CVE-2017-5226

When executing a program via the bubblewrap sandbox, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an attacker to escape the sandbox...

10CVSS7.5AI score0.03169EPSS
Exploits1
Rows per page
Query Builder