Lucene search
K

91 matches found

OSV
OSV
added 2023/05/25 12:0 a.m.37 views

UBUNTU-CVE-2023-1523

Using the TIOCLINUX ioctl request, a malicious snap could inject contents into the input of the controlling terminal which could allow it to cause arbitrary commands to be executed outside of the snap sandbox after the snap exits. Graphical terminal emulators like xterm, gnome-terminal and others...

10CVSS5.9AI score0.01447EPSS
Exploits1References5
Veracode
Veracode
added 2023/04/28 2:53 a.m.28 views

Improper Input Validation

flatpak is vulnerable to Improper Input Validation. Vulnerability allows copied text from a linux virtual console to be run after flatpak app is closed resulting in improper input validation...

10CVSS6.6AI score0.00871EPSS
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/04/02 12:0 a.m.34 views

SUSE SLES15: flatpak / flatpak-devel / flatpak-zsh-completion / libflatpak0 / etc (SUSE-SU-2023:1713-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:1713-1 advisory. - CVE-2023-28101: Fixed misleading terminal output with metadata with ANSI control codes bsc1209410. - CVE-2023-28100: Fixed...

10CVSS6.7AI score0.00887EPSS
Exploits0References7
OSV
OSV
added 2023/03/24 5:55 a.m.6 views

MGASA-2023-0115 Updated flatpak packages fix security vulnerability

If a malicious Flatpak app is run on a Linux virtual console such as /dev/tty1, it can copy text from the virtual console and paste it back into the virtual console's input buffer, from which the command might be run by the user's shell after the Flatpak app has exited. This is similar to...

10CVSS7AI score0.00887EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2023/03/20 12:0 a.m.26 views

Fedora 38 : flatpak (2023-508e400dec)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-508e400dec advisory. Update to 1.15.4 Fix CVE-2023-28100 and CVE-2023-28101 Tenable has extracted the preceding description block directly from the Fedora security...

10CVSS7.1AI score0.00887EPSS
Exploits0References3
Prion
Prion
added 2023/03/16 4:15 p.m.24 views

Command injection

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Versions prior to 1.10.8, 1.12.8, 1.14.4, and 1.15.4 contain a vulnerability similar to CVE-2017-5226, but using the TIOCLINUX ioctl command instead of TIOCSTI. If a Flatpak app is run on a Linux...

1.7CVSS7.6AI score0.03169EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2023/03/16 3:51 p.m.33 views

CVE-2023-28100 TIOCLINUX can send commands outside sandbox if running on a virtual console

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Versions prior to 1.10.8, 1.12.8, 1.14.4, and 1.15.4 contain a vulnerability similar to CVE-2017-5226, but using the TIOCLINUX ioctl command instead of TIOCSTI. If a Flatpak app is run on a Linux...

10CVSS6.9AI score0.00871EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2023/03/16 3:51 p.m.24 views

CVE-2023-28100

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Versions prior to 1.10.8, 1.12.8, 1.14.4, and 1.15.4 contain a vulnerability similar to CVE-2017-5226, but using the TIOCLINUX ioctl command instead of TIOCSTI. If a Flatpak app is run on a Linux...

10CVSS8.3AI score0.00871EPSS
Exploits0
Cvelist
Cvelist
added 2023/03/16 3:51 p.m.28 views

CVE-2023-28100 TIOCLINUX can send commands outside sandbox if running on a virtual console

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Versions prior to 1.10.8, 1.12.8, 1.14.4, and 1.15.4 contain a vulnerability similar to CVE-2017-5226, but using the TIOCLINUX ioctl command instead of TIOCSTI. If a Flatpak app is run on a Linux...

10CVSS9.3AI score0.00871EPSS
Exploits0References4
CVE
CVE
added 2023/03/16 3:51 p.m.128 views

CVE-2023-28100

CVE-2023-28100 affects Flatpak on Linux prior to versions 1.10.8, 1.12.8, 1.14.4, and 1.15.4. The root cause involves using the TIOCLINUX ioctl on Linux virtual consoles (e.g., /dev/tty1) which can allow a Flatpak app running in a console to copy text from the console into the command buffer and ...

10CVSS7.9AI score0.00871EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2023/03/02 2:33 p.m.30 views

CVE-2023-23039

A race condition leading to a use-after-free vulnerability was found in the Linux kernel's Sun Virtual Console Concentrator VCC. This issue can result in a system crash or potential code execution if a physically proximate attacker removes a VCC device while calling open...

6.4CVSS6AI score0.00212EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:45 a.m.1 views

SUSE CVE-2012-3515

Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100 sequence that triggers the overwrite of a "device model's address space."...

7.2CVSS6.9AI score0.00528EPSS
Exploits0References18
SUSE CVE
SUSE CVE
added 2023/02/15 5:26 a.m.4 views

SUSE CVE-2014-7823

The virDomainGetXMLDesc API in Libvirt before 1.2.11 allows remote read-only users to obtain the VNC password by using the VIRDOMAINXMLMIGRATABLE flag, which triggers the use of the VIRDOMAINXMLSECURE flag...

5CVSS7.1AI score0.01905EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/04/05 3:52 p.m.6 views

kernel: out-of-bounds read in in vc_do_resize function in drivers/tty/vt/vt.c

A flaw was found in the Linux kernel’s virtual console resize functionality. An attacker with local access to virtual consoles can use the virtual console resizing code to gather kernel internal data structures...

6.1CVSS6.9AI score0.00413EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/04/05 3:11 p.m.6 views

kernel: out-of-bounds read in in vc_do_resize function in drivers/tty/vt/vt.c

A flaw was found in the Linux kernel’s virtual console resize functionality. An attacker with local access to virtual consoles can use the virtual console resizing code to gather kernel internal data structures...

6.1CVSS6.9AI score0.00413EPSS
Exploits0References4
Hewlett-Packard
Hewlett-Packard
added 2022/03/03 12:0 a.m.69 views

HP ThinPro Linux Escalation of Privilege

A potential security vulnerability, known as PwnKit, has been identified in all versions of HP ThinPro OS, which might allow local escalation of privilege. For customers who cannot upgrade to HP ThinPro 7.2 and apply the patch, the following mitigation steps prevent nonprivileged customers from...

7.8CVSS2.8AI score0.94921EPSS
Exploits152
Microsoft CVE
Microsoft CVE
added 2022/03/01 8:0 a.m.3 views

A race problem was seen in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c in the Linux kernel which may cause an out of bounds read in vt as the write access to vc_mode is not protected by lock-in vt_ioctl (KDSETMDE). The highest threat from this vulnerability is to data confidentiality.

...

4.7CVSS7.2AI score0.00364EPSS
Exploits1
CNVD
CNVD
added 2021/07/30 12:0 a.m.18 views

Dell EMC iDRAC9 improper authentication vulnerability

Dell EMC iDRAC9 is an integrated Dell Remote Access Controller that helps IT administrators deploy, update, monitor and maintain servers without installing any additional software.Dell EMC iDRAC9 has an improper authentication vulnerability. An attacker could use this vulnerability to gain...

7.5CVSS4.2AI score0.01726EPSS
Exploits0
NVD
NVD
added 2021/07/29 4:15 p.m.11 views

CVE-2021-21538

Dell EMC iDRAC9 versions 4.40.00.00 and later, but prior to 4.40.10.00, contain an improper authentication vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to gain access to the virtual console...

10CVSS0.01726EPSS
Exploits0References1
Prion
Prion
added 2021/07/29 4:15 p.m.23 views

Authentication flaw

Dell EMC iDRAC9 versions 4.40.00.00 and later, but prior to 4.40.10.00, contain an improper authentication vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to gain access to the virtual console...

7.5CVSS9.7AI score0.01726EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder