Lucene search
K

16 matches found

OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.17 views

Mageia: Security Advisory (MGASA-2018-0143)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS8.8AI score0.0042EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.28 views

Huawei EulerOS: Security Advisory for flatpak (EulerOS-SA-2019-2146)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS8.7AI score0.0042EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/08/12 12:0 a.m.20 views

NewStart CGSL CORE 5.04 / MAIN 5.04 : flatpak Vulnerability (NS-SA-2019-0042)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has flatpak packages installed that are affected by a vulnerability: - It was found that flatpak's D-Bus proxy did not properly filter the access to D-Bus during the authentication protocol. A specially crafted flatpak...

8.8CVSS7.3AI score0.0042EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2018/10/26 12:0 a.m.20 views

Amazon Linux 2 : flatpak (ALAS-2018-1096)

It was found that flatpak's D-Bus proxy did not properly filter the access to D-Bus during the authentication protocol. A specially crafted flatpak application could use this flaw to bypass all restrictions imposed by flatpak and have full access to the D-BUS interface.CVE-2018-6560 C Tenable...

8.8CVSS7.2AI score0.0042EPSS
Exploits0References2
Amazon
Amazon
added 2018/10/24 12:0 a.m.25 views

Medium: flatpak

Issue Overview: It was found that flatpak's D-Bus proxy did not properly filter the access to D-Bus during the authentication protocol. A specially crafted flatpak application could use this flaw to bypass all restrictions imposed by flatpak and have full access to the D-BUS interface.CVE-2018-65...

8.8CVSS9AI score0.0042EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2018/10/01 12:0 a.m.27 views

CentOS 7 : flatpak (CESA-2018:2766)

An update for flatpak is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

8.8CVSS7.2AI score0.0042EPSS
Exploits0References2
Cent OS
Cent OS
added 2018/09/28 4:44 p.m.573 views

flatpak security update

CentOS Errata and Security Advisory CESA-2018:2766 An update for flatpak is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

8.8CVSS6.9AI score0.0042EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2018/09/27 12:0 a.m.37 views

RHEL 7 : flatpak (RHSA-2018:2766)

An update for flatpak is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

8.8CVSS7.2AI score0.0042EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2018/09/27 12:0 a.m.19 views

Oracle Linux 7 : flatpak (ELSA-2018-2766)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2018-2766 advisory. 0.8.8-4 - Add patch for CVE-2018-6560 1547376 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that...

8.8CVSS7.2AI score0.0042EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2018/09/27 12:0 a.m.13 views

Scientific Linux Security Update : flatpak on SL7.x x86_64 (20180925)

Security Fixes : - flatpak: sandbox escape in D-Bus filtering by a crafted authentication handshake CVE-2018-6560 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include"compat.inc"; if description scriptid117786; scriptversion"1.4";...

8.8CVSS7.1AI score0.0042EPSS
Exploits0References2
Oracle linux
Oracle linux
added 2018/09/25 12:0 a.m.50 views

flatpak security update

0.8.8-4 - Add patch for CVE-2018-6560 1547376...

8.8CVSS1.2AI score0.0042EPSS
Exploits0
OSV
OSV
added 2018/02/26 4:23 p.m.5 views

MGASA-2018-0143 Updated flatpak packages fix security vulnerability

Updated flatpak packages fix security vulnerability: A sandbox escape in the flatpak dbus proxy in the authentication phase CVE-2018-6560. The flatpak has been upgraded to the latest stable version, 0.10.3, which fixes this issue. The bubblewrap, ostree, flatpak-builder, xdg-desktop-portal,...

8.8CVSS8.9AI score0.0042EPSS
Exploits0References3
Mageia
Mageia
added 2018/02/26 4:23 p.m.35 views

Updated flatpak packages fix security vulnerability

Updated flatpak packages fix security vulnerability: A sandbox escape in the flatpak dbus proxy in the authentication phase CVE-2018-6560. The flatpak has been upgraded to the latest stable version, 0.10.3, which fixes this issue. The bubblewrap, ostree, flatpak-builder, xdg-desktop-portal,...

8.8CVSS2.3AI score0.0042EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2018/02/08 12:0 a.m.22 views

openSUSE Security Update : flatpak (openSUSE-2018-139)

This update for flatpak to version 0.8.9 fixes security issues and bugs. The following vulnerabilities were fixed : - CVE-2018-6560: sandbox escape in the flatpak dbus proxy boo1078923 - CVE-2017-9780: Malicious apps could have included inappropriate permissions boo1078989 - old-style eavesdroppi...

8.8CVSS7.2AI score0.0042EPSS
Exploits0References5
NVD
NVD
added 2018/02/02 2:29 p.m.12 views

CVE-2018-6560

In dbus-proxy/flatpak-proxy.c in Flatpak before 0.8.9, and 0.9.x and 0.10.x before 0.10.3, crafted D-Bus messages to the host can be used to break out of the sandbox, because whitespace handling in the proxy is not identical to whitespace handling in the daemon...

8.8CVSS8.6AI score0.0042EPSS
Exploits0References4
CVE
CVE
added 2018/02/02 2:0 p.m.92 views

CVE-2018-6560

CVE-2018-6560 affects Flatpak’s D-Bus proxy (dbus-proxy/flatpak-proxy.c) in Flatpak versions prior to 0.8.9, and in 0.9.x and 0.10.x prior to 0.10.3. The issue is caused by whitespace handling in the proxy not matching the daemon, enabling crafted D‑Bus messages to escape the sandbox. Practical i...

8.8CVSS8.4AI score0.0042EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder