Lucene search
+L

189 matches found

osv
osv
added 2019/06/19 8:0 p.m.4 views

USN-4024-1 evince update

As a security improvement, this update adjusts the AppArmor profile for the Evince thumbnailer to reduce access to the system and adjusts the AppArmor profile for Evince and Evince previewer to limit access to the DBus system bus. Additionally adjust the evince abstraction to disallow writes on...

5.8AI score
Exploits0References3
osv
osv
added 2019/05/27 12:9 p.m.4 views

USN-3994-1 gnome-desktop3 vulnerability

It was discovered that gnome-desktop incorrectly confined thumbnailers. If a user were tricked into downloading a malicious image file, a remote attacker could possibly combine this issue with another vulnerability to escape the sandbox and execute arbitrary code...

9CVSS7AI score0.01952EPSS
Exploits0References2
nvd
nvd
added 2019/04/22 10:29 p.m.18 views

CVE-2019-11460

An issue was discovered in GNOME gnome-desktop 3.26, 3.28, and 3.30 prior to 3.30.2.2, and 3.32 prior to 3.32.1.1. A compromised thumbnailer may escape the bubblewrap sandbox used to confine thumbnailers by using the TIOCSTI ioctl to push characters into the input buffer of the thumbnailer's...

9CVSS8.4AI score0.01952EPSS
Exploits0References5
prion
prion
added 2019/04/22 10:29 p.m.22 views

Design/Logic Flaw

An issue was discovered in GNOME gnome-desktop 3.26, 3.28, and 3.30 prior to 3.30.2.2, and 3.32 prior to 3.32.1.1. A compromised thumbnailer may escape the bubblewrap sandbox used to confine thumbnailers by using the TIOCSTI ioctl to push characters into the input buffer of the thumbnailer's...

6.8CVSS8.3AI score0.01952EPSS
Exploits0References5Affected Software1
osv
osv
added 2019/04/22 10:29 p.m.2 views

DEBIAN-CVE-2019-11460

An issue was discovered in GNOME gnome-desktop 3.26, 3.28, and 3.30 prior to 3.30.2.2, and 3.32 prior to 3.32.1.1. A compromised thumbnailer may escape the bubblewrap sandbox used to confine thumbnailers by using the TIOCSTI ioctl to push characters into the input buffer of the thumbnailer's...

9CVSS7.2AI score0.01952EPSS
Exploits0References1
prion
prion
added 2019/04/22 9:29 p.m.28 views

Design/Logic Flaw

An issue was discovered in GNOME Nautilus 3.30 prior to 3.30.6 and 3.32 prior to 3.32.1. A compromised thumbnailer may escape the bubblewrap sandbox used to confine thumbnailers by using the TIOCSTI ioctl to push characters into the input buffer of the thumbnailer's controlling terminal, allowing...

4.4CVSS8.3AI score0.01909EPSS
Exploits0References3Affected Software1
osv
osv
added 2019/04/22 9:29 p.m.21 views

CVE-2019-11461

An issue was discovered in GNOME Nautilus 3.30 prior to 3.30.6 and 3.32 prior to 3.32.1. A compromised thumbnailer may escape the bubblewrap sandbox used to confine thumbnailers by using the TIOCSTI ioctl to push characters into the input buffer of the thumbnailer's controlling terminal, allowing...

7.8CVSS9.1AI score
Exploits0References3
ubuntucve
ubuntucve
added 2019/04/22 9:29 p.m.30 views

CVE-2019-11461

An issue was discovered in GNOME Nautilus 3.30 prior to 3.30.6 and 3.32 prior to 3.32.1. A compromised thumbnailer may escape the bubblewrap sandbox used to confine thumbnailers by using the TIOCSTI ioctl to push characters into the input buffer of the thumbnailer's controlling terminal, allowing...

7.8CVSS6.9AI score0.00348EPSS
Exploits0References1
debiancve
debiancve
added 2019/04/22 8:26 p.m.59 views

CVE-2019-11461

An issue was discovered in GNOME Nautilus 3.30 prior to 3.30.6 and 3.32 prior to 3.32.1. A compromised thumbnailer may escape the bubblewrap sandbox used to confine thumbnailers by using the TIOCSTI ioctl to push characters into the input buffer of the thumbnailer's controlling terminal, allowing...

7.8CVSS8.6AI score0.00348EPSS
Exploits0
cvelist
cvelist
added 2019/04/22 8:26 p.m.39 views

CVE-2019-11461

An issue was discovered in GNOME Nautilus 3.30 prior to 3.30.6 and 3.32 prior to 3.32.1. A compromised thumbnailer may escape the bubblewrap sandbox used to confine thumbnailers by using the TIOCSTI ioctl to push characters into the input buffer of the thumbnailer's controlling terminal, allowing...

8.4AI score0.00348EPSS
Exploits0References3
alpinelinux
alpinelinux
added 2019/04/22 8:26 p.m.38 views

CVE-2019-11461

An issue was discovered in GNOME Nautilus 3.30 prior to 3.30.6 and 3.32 prior to 3.32.1. A compromised thumbnailer may escape the bubblewrap sandbox used to confine thumbnailers by using the TIOCSTI ioctl to push characters into the input buffer of the thumbnailer's controlling terminal, allowing...

7.8CVSS8.6AI score0.00348EPSS
Exploits0
cvelist
cvelist
added 2019/04/22 8:26 p.m.42 views

CVE-2019-11460

An issue was discovered in GNOME gnome-desktop 3.26, 3.28, and 3.30 prior to 3.30.2.2, and 3.32 prior to 3.32.1.1. A compromised thumbnailer may escape the bubblewrap sandbox used to confine thumbnailers by using the TIOCSTI ioctl to push characters into the input buffer of the thumbnailer's...

8.4AI score0.01952EPSS
Exploits0References5
ubuntucve
ubuntucve
added 2019/04/22 12:0 a.m.24 views

CVE-2019-11460

An issue was discovered in GNOME gnome-desktop 3.26, 3.28, and 3.30 prior to 3.30.2.2, and 3.32 prior to 3.32.1.1. A compromised thumbnailer may escape the bubblewrap sandbox used to confine thumbnailers by using the TIOCSTI ioctl to push characters into the input buffer of the thumbnailer's...

9CVSS6.9AI score0.01952EPSS
Exploits0References2
exploitdb
exploitdb
added 2019/02/11 12:0 a.m.80 views

Evince - CBT File Command Injection (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/zip' class MetasploitModule 'Evince CBT File Command Injection', 'Description' = %q This module exploits a command injection vulnerability in Evince before...

7.8CVSS7.7AI score0.50826EPSS
Exploits9
packetstorm
packetstorm
added 2019/02/07 12:0 a.m.30 views

Evince CBT File Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/zip' class MetasploitModule 'Evince CBT File Command Injection', 'Description' = %q This module exploits a command injection vulnerability in Evince before...

6.8CVSS0.4AI score0.50826EPSS
Exploits9
zdt
zdt
added 2019/02/07 12:0 a.m.80 views

Evince CBT File Command Injection Exploit

This Metasploit module exploits a command injection vulnerability in Evince before version 3.24.1 when opening comic book .cbt files. Some file manager software, such as Nautilus and Atril, may allow automatic exploitation without user interaction due to thumbnailer preview functionality. Note th...

7.8CVSS0.2AI score0.50826EPSS
Exploits10
metasploit
metasploit
added 2019/02/03 5:38 a.m.68 views

Evince CBT File Command Injection

This module exploits a command injection vulnerability in Evince before version 3.24.1 when opening comic book .cbt files. Some file manager software, such as Nautilus and Atril, may allow automatic exploitation without user interaction due to thumbnailer preview functionality. Note that limited...

7.8CVSS0.3AI score0.50826EPSS
Exploits9
mageia
mageia
added 2018/12/06 12:10 p.m.33 views

Updated kio-extras packages fix security vulnerability

The HTML thumbnailer was incorrectly accessing some content of remote URLs listed in HTML files. This meant that the owners of the servers referred in HTML files in your system could have seen in their access logs your IP address every time the thumbnailer tried to create the thumbnail...

7.5CVSS2AI score0.01455EPSS
Exploits0References3
nvd
nvd
added 2018/11/29 9:29 p.m.17 views

CVE-2018-19120

The HTML thumbnailer plugin in KDE Applications before 18.12.0 allows attackers to trigger outbound TCP connections to arbitrary IP addresses, leading to disclosure of the source IP address...

7.5CVSS7.3AI score0.01455EPSS
Exploits0References2
prion
prion
added 2018/11/29 9:29 p.m.20 views

Hardcoded credentials

The HTML thumbnailer plugin in KDE Applications before 18.12.0 allows attackers to trigger outbound TCP connections to arbitrary IP addresses, leading to disclosure of the source IP address...

5CVSS7.3AI score0.01455EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder