Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2019-11461

Опубликовано: 22 апр. 2019
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 4.4
CVSS3: 7.8

Описание

An issue was discovered in GNOME Nautilus 3.30 prior to 3.30.6 and 3.32 prior to 3.32.1. A compromised thumbnailer may escape the bubblewrap sandbox used to confine thumbnailers by using the TIOCSTI ioctl to push characters into the input buffer of the thumbnailer's controlling terminal, allowing an attacker to escape the sandbox if the thumbnailer has a controlling terminal. This is due to improper filtering of the TIOCSTI ioctl on 64-bit systems, similar to CVE-2019-10063.

РелизСтатусПримечание
bionic

not-affected

code not present
cosmic

not-affected

code not present
devel

released

1:3.32.1-0ubuntu1
disco

released

1:3.32.1-0ubuntu0.19.04.0
esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was needs-triage]
esm-infra/bionic

not-affected

code not present
esm-infra/xenial

not-affected

code not present
precise/esm

DNE

trusty

ignored

end of standard support
trusty/esm

DNE

trusty was needs-triage

Показывать по

Ссылки на источники

EPSS

Процентиль: 18%
0.00056
Низкий

4.4 Medium

CVSS2

7.8 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2019-11461

CVSS3: 4
redhat
почти 7 лет назад

An issue was discovered in GNOME Nautilus 3.30 prior to 3.30.6 and 3.32 prior to 3.32.1. A compromised thumbnailer may escape the bubblewrap sandbox used to confine thumbnailers by using the TIOCSTI ioctl to push characters into the input buffer of the thumbnailer's controlling terminal, allowing an attacker to escape the sandbox if the thumbnailer has a controlling terminal. This is due to improper filtering of the TIOCSTI ioctl on 64-bit systems, similar to CVE-2019-10063.

nvd логотип

CVE-2019-11461

CVSS3: 7.8
nvd
почти 7 лет назад

An issue was discovered in GNOME Nautilus 3.30 prior to 3.30.6 and 3.32 prior to 3.32.1. A compromised thumbnailer may escape the bubblewrap sandbox used to confine thumbnailers by using the TIOCSTI ioctl to push characters into the input buffer of the thumbnailer's controlling terminal, allowing an attacker to escape the sandbox if the thumbnailer has a controlling terminal. This is due to improper filtering of the TIOCSTI ioctl on 64-bit systems, similar to CVE-2019-10063.

debian логотип

CVE-2019-11461

CVSS3: 7.8
debian
почти 7 лет назад

An issue was discovered in GNOME Nautilus 3.30 prior to 3.30.6 and 3.3 ...

github логотип

GHSA-jjgg-8c74-rh96

CVSS3: 7.8
github
больше 3 лет назад

An issue was discovered in GNOME Nautilus 3.30 prior to 3.30.6 and 3.32 prior to 3.32.1. A compromised thumbnailer may escape the bubblewrap sandbox used to confine thumbnailers by using the TIOCSTI ioctl to push characters into the input buffer of the thumbnailer's controlling terminal, allowing an attacker to escape the sandbox if the thumbnailer has a controlling terminal. This is due to improper filtering of the TIOCSTI ioctl on 64-bit systems, similar to CVE-2019-10063.

suse-cvrf логотип

openSUSE-SU-2019:2038-1

suse-cvrf
больше 6 лет назад

Security update for flatpak

EPSS

Процентиль: 18%
0.00056
Низкий

4.4 Medium

CVSS2

7.8 High

CVSS3