Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bubblewrap vulnerabilities and exploits
(subscribe to this query)
516
VMScore
CVE-2020-9843
An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web con...
Apple Icloud
Apple Itunes
Apple Safari
Apple Iphone Os
Apple Watchos
Apple Tvos
Apple Ipados
1 Article
790
VMScore
CVE-2020-9850
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. A remote attacker may be able to cause arbitrary code ...
Apple Icloud
Apple Itunes
Apple Safari
Apple Iphone Os
Apple Watchos
Apple Tvos
Apple Ipados
1 Metasploit module
1 Article
756
VMScore
CVE-2020-5291
Bubblewrap (bwrap) before version 0.4.1, if installed in setuid mode and the kernel supports unprivileged user namespaces, then the `bwrap --userns2` option can be used to make the setuid process keep running as root while being traceable. This can in turn be used to gain root pe...
Projectatomic Bubblewrap
Debian Debian Linux 10.0
Archlinux Arch Linux -
Centos Centos 7.0
642
VMScore
CVE-2005-4890
There is a possible tty hijacking in shadow 4.x prior to 4.1.5 and sudo 1.x prior to 1.7.4 via "su - user -c program". The user session can be escaped to the parent session by using the TIOCSTI ioctl to push characters into the input buffer to be read by the next proces...
Debian Shadow
Sudo Project Sudo
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Redhat Enterprise Linux 5
Redhat Enterprise Linux 4
Redhat Enterprise Linux 6.0
2 Github repositories
409
VMScore
CVE-2019-12439
bubblewrap.c in Bubblewrap prior to 0.3.3 misuses temporary directories in /tmp as a mount point. In some particular configurations (related to XDG_RUNTIME_DIR), a local attacker may abuse this flaw to prevent other users from executing bubblewrap or potentially execute code.
Projectatomic Bubblewrap
605
VMScore
CVE-2019-11460
An issue exists in GNOME gnome-desktop 3.26, 3.28, and 3.30 before 3.30.2.2, and 3.32 before 3.32.1.1. A compromised thumbnailer may escape the bubblewrap sandbox used to confine thumbnailers by using the TIOCSTI ioctl to push characters into the input buffer of the thumbnailer...
Gnome Gnome-desktop 3.28.0
Gnome Gnome-desktop 3.26.0
Gnome Gnome-desktop
392
VMScore
CVE-2019-11461
An issue exists in GNOME Nautilus 3.30 before 3.30.6 and 3.32 before 3.32.1. A compromised thumbnailer may escape the bubblewrap sandbox used to confine thumbnailers by using the TIOCSTI ioctl to push characters into the input buffer of the thumbnailer's controlling terminal...
Gnome Nautilus
668
VMScore
CVE-2017-5226
When executing a program via the bubblewrap sandbox, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an malicious user to escape the sandbox.
Projectatomic Bubblewrap
3 Github repositories
614
VMScore
CVE-2016-8659
Bubblewrap prior to 0.1.3 sets the PR_SET_DUMPABLE flag, which might allow local users to gain privileges by attaching to the process, as demonstrated by sending commands to a PrivSep socket.
Bubblewrap Project Bubblewrap
189
VMScore
CVE-2016-2781
chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.
Gnu Coreutils
7 Github repositories
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »