Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Selinux Security Vulnerabilities

cve
cve

CVE-2011-3151

The Ubuntu SELinux initscript before version 1:0.10 used touch to create a lockfile in a world-writable directory. If the OS kernel does not have symlink protections then an attacker can cause a zero byte file to be allocated on any writable filesystem.

5.9CVSS

5.5AI Score

0.001EPSS

2019-04-22 04:29 PM
24
cve
cve

CVE-2015-3170

selinux-policy when sysctl fs.protected_hardlinks are set to 0 allows local users to cause a denial of service (SSH login prevention) by creating a hardlink to /etc/passwd from a directory named .config, and updating selinux-policy.

5.5CVSS

5.3AI Score

0.0004EPSS

2017-07-21 02:29 PM
18
cve
cve

CVE-2016-7545

SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call.

8.8CVSS

8.5AI Score

0.0004EPSS

2017-01-19 08:59 PM
216
cve
cve

CVE-2018-1063

Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the SELinux context of an arbitrary file to a context with few restrictions. This only happens when the relabeling process is done, usually when taking SELinux state fr...

4.4CVSS

4.4AI Score

0.0004EPSS

2018-03-02 03:29 PM
178
cve
cve

CVE-2020-10751

A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages wi...

6.1CVSS

6.7AI Score

0.001EPSS

2020-05-26 03:15 PM
342
cve
cve

CVE-2020-1690

An improper authorization flaw was discovered in openstack-selinux's applied policy where it does not prevent a non-root user in a container from privilege escalation. A non-root attacker in one or more Red Hat OpenStack (RHOSP) containers could send messages to the dbus. With access to the dbus, t...

6.5CVSS

6.4AI Score

0.0004EPSS

2021-06-07 08:15 PM
28
6
cve
cve

CVE-2021-36084

The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __cil_verify_classpermission and __cil_pre_verify_helper).

3.3CVSS

4.1AI Score

0.001EPSS

2021-07-01 03:15 AM
156
7
cve
cve

CVE-2021-36085

The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __verify_map_perm_classperms and hashtab_map).

3.3CVSS

4.1AI Score

0.001EPSS

2021-07-01 03:15 AM
176
8
cve
cve

CVE-2021-36086

The CIL compiler in SELinux 3.2 has a use-after-free in cil_reset_classpermission (called from cil_reset_classperms_set and cil_reset_classperms_list).

3.3CVSS

4.1AI Score

0.001EPSS

2021-07-01 03:15 AM
163
5
cve
cve

CVE-2021-36087

The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in ebitmap_match_any (called indirectly from cil_check_neverallow). This occurs because there is sometimes a lack of checks for invalid statements in an optional block.

3.3CVSS

4.1AI Score

0.001EPSS

2021-07-01 03:15 AM
147
5