Fedora 44 : libinput (2026-56fa441129)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-56fa441129 advisory. libinput 1.31.1, fixes Lua plugin sandbox escape CVE-2026-35093, CVE-2026-35094 Tenable has extracted the preceding description block directly from...

EUVD-2026-17909

A flaw was found in libinput. An attacker capable of deploying a Lua plugin file in specific system directories can exploit a dangling pointer vulnerability. This occurs when a garbage collection cleanup function is called, leaving a pointer that can then be printed to system logs. This could...

CVE-2026-35094

A flaw was found in libinput. An attacker capable of deploying a Lua plugin file in specific system directories can exploit a dangling pointer vulnerability. This occurs when a garbage collection cleanup function is called, leaving a pointer that can then be printed to system logs. This could...

CVE-2026-35094 Libinput: libinput: information disclosure via dangling pointer in lua plugin handling

A flaw was found in libinput. An attacker capable of deploying a Lua plugin file in specific system directories can exploit a dangling pointer vulnerability. This occurs when a garbage collection cleanup function is called, leaving a pointer that can then be printed to system logs. This could...

CVE-2026-35094

Libinput vulnerability CVE-2026-35094: A dangling pointer flaw occurs in libinput’s Lua plugin handling. If an attacker can place a Lua plugin file in system directories and Lua plugins are enabled and loaded by the compositor, a garbage-collection cleanup can leave a pointer that is printed to s...

CVE-2026-35094

A flaw was found in libinput. An attacker capable of deploying a Lua plugin file in specific system directories can exploit a dangling pointer vulnerability. This occurs when a garbage collection cleanup function is called, leaving a pointer that can then be printed to system logs. This could...

CVE-2026-35094 Libinput: libinput: information disclosure via dangling pointer in lua plugin handling

A flaw was found in libinput. An attacker capable of deploying a Lua plugin file in specific system directories can exploit a dangling pointer vulnerability. This occurs when a garbage collection cleanup function is called, leaving a pointer that can then be printed to system logs. This could...

CVE-2026-35094

A flaw was found in libinput. An attacker capable of deploying a Lua plugin file in specific system directories can exploit a dangling pointer vulnerability. This occurs when a garbage collection cleanup function is called, leaving a pointer that can then be printed to system logs. This could...

CVE-2026-35094

A flaw was found in libinput. An attacker capable of deploying a Lua plugin file in specific system directories can exploit a dangling pointer vulnerability. This occurs when a garbage collection cleanup function is called, leaving a pointer that can then be printed to system logs. This could...

Expired Pointer Dereference

Overview Affected versions of this package are vulnerable to Expired Pointer Dereference in the Lua plugin handling. An attacker can access sensitive information by deploying a malicious Lua plugin file in specific system directories, which triggers a dangling pointer to be printed to system logs...

EUVD-2022-32676

Malicious code in bioql PyPI...

CVE-2022-28223

Tekon KIO devices through 2022-03-30 allow an authenticated admin user to escalate privileges to root by uploading a malicious Lua plugin...

CVE-2022-36044 Rizin Out-of-bounds Write vulnerability in Lua binary plugin

Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to an out-of-bounds write when getting data from Luac files. A user opening a malicious Luac file could be affected by this vulnerability, allowing an attacker to execute code on t...

CVE-2022-28223

Tekon KIO devices through 2022-03-30 allow an authenticated admin user to escalate privileges to root by uploading a malicious Lua plugin...

CVE-2022-28223

Tekon KIO devices through 2022-03-30 allow an authenticated admin user to escalate privileges to root by uploading a malicious Lua plugin...

CVE-2022-28223

Tekon KIO devices through 2022-03-30 allow an authenticated admin user to escalate privileges to root by uploading a malicious Lua plugin...

Code injection

Tekon KIO devices through 2022-03-30 allow an authenticated admin user to escalate privileges to root by uploading a malicious Lua plugin...

CVE-2022-28223

Tekon KIO devices (up to 2022-03-30) are affected. An authenticated admin can escalate to root by uploading a malicious Lua plugin , enabling privilege escalation with high impact. The documents do not specify exact affected versions/models, root-cause details, or a published fix. No exploitation...

CVE-2022-28223

Tekon KIO devices through 2022-03-30 allow an authenticated admin user to escalate privileges to root by uploading a malicious Lua plugin...

Tekon KIO 代码问题漏洞

Tekon KIO is a controller from the Russian company Tekon. A security vulnerability exists in the Tekon KIO device that originates from allowing an authenticated administrator user to elevate privileges to root by uploading a malicious Lua plugin...