Lucene search
+L

93 matches found

osv
osv
added 2018/10/03 12:0 a.m.5 views

UBUNTU-CVE-2018-17972

An issue was discovered in the procpidstack function in fs/proc/base.c in the Linux kernel through 4.18.11. It does not ensure that only root may inspect the kernel stack of an arbitrary task, allowing a local attacker to exploit racy stack unwinding and leak kernel task stack contents...

5.5CVSS6.8AI score0.0035EPSS
Exploits0References15
cve
cve
added 2018/07/26 7:0 p.m.287 views

CVE-2017-18344

CVE-2017-18344 affects the Linux kernel before 4.14.8. The timer_create syscall in kernel/time/posix-timers.c fails to validate sigevent->sigev_notify, causing out-of-bounds access in show_timer when /proc/$PID/timers is read and enabling a local user to read arbitrary kernel memory on builds ...

5.5CVSS6.1AI score0.03228EPSS
Exploits8References15Affected Software1
nvd
nvd
added 2018/06/13 8:29 p.m.27 views

CVE-2018-1121

procps-ng, procps is vulnerable to a process hiding through race condition. Since the kernel's procpidreaddir returns PID entries in ascending numeric order, a process occupying a high PID can use inotify events to determine when the process list is being scanned, and fork/exec to obtain a lower...

5.9CVSS5.4AI score0.04189EPSS
Exploits5References5
packetstorm
packetstorm
added 2018/05/22 12:0 a.m.109 views

Procps-ng Audit Report

Qualys Security Advisory Procps-ng Audit Report ======================================================================== Contents ======================================================================== Summary 1. FUSE-backed /proc/PID/cmdline 2. Unprivileged process hiding 3. Local Privilege...

7AI score0.09081EPSS
Exploits11
opensuse
opensuse
added 2017/05/31 12:9 p.m.77 views

Security update for sudo (important)

This update for sudo fixes the following issues: CVE-2017-1000367: - Due to incorrect assumptions in /proc/pid/stat parsing, a local attacker can pretend that his tty is any file on the filesystem, thus gaining arbitrary file write access on SELinux-enabled systems. bsc1039361 - Fix FQDN for...

7.2AI score0.08018EPSS
Exploits8References4
nessus
nessus
added 2017/05/31 12:0 a.m.38 views

SUSE SLED12 / SLES12 Security Update : sudo (SUSE-SU-2017:1446-1)

This update for sudo fixes the following issues: CVE-2017-1000367 : - Due to incorrect assumptions in /proc/pid/stat parsing, a local attacker can pretend that his tty is any file on the filesystem, thus gaining arbitrary file write access on SELinux-enabled systems. bsc1039361 - Fix FQDN for...

6.9CVSS7.3AI score0.08018EPSS
Exploits8References7
nessus
nessus
added 2017/05/31 12:0 a.m.17 views

SUSE SLED12 / SLES12 Security Update : sudo (SUSE-SU-2017:1450-1)

This update for sudo fixes the following issues: CVE-2017-1000367 : - Due to incorrect assumptions in /proc/pid/stat parsing, a local attacker can pretend that his tty is any file on the filesystem, thus gaining arbitrary file write access on SELinux-enabled systems. bsc1039361 - Fix FQDN for...

6.9CVSS7.3AI score0.08018EPSS
Exploits8References7
nessus
nessus
added 2017/05/31 12:0 a.m.72 views

Ubuntu 14.04 LTS / 16.04 LTS : Sudo vulnerability (USN-3304-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3304-1 advisory. It was discovered that Sudo did not properly parse the contents of /proc/pid/stat when attempting to determine its controlling tty. A local attacker i...

6.9CVSS7.3AI score0.08018EPSS
Exploits8References2
ubuntucve
ubuntucve
added 2017/05/30 3:0 p.m.38 views

CVE-2017-1000367

Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation embedded spaces in the getprocessttyname function resulting in information disclosure and command execution...

6.9CVSS7AI score0.08018EPSS
Exploits8References4
ubuntucve
ubuntucve
added 2017/02/09 12:0 a.m.30 views

CVE-2017-2618

A flaw was found in the Linux kernel's handling of clearing SELinux attributes on /proc/pid/attr files before 4.9.10. An empty null write to this file can crash the system by causing the system to attempt to access unmapped kernel memory...

5.5CVSS6.7AI score0.00459EPSS
Exploits0References4
debiancve
debiancve
added 2016/01/22 3:0 p.m.51 views

CVE-2016-1572

mount.ecryptfsprivate.c in eCryptfs-utils does not validate mount destination filesystem types, which allows local users to gain privileges by mounting over a nonstandard filesystem, as demonstrated by /proc/$pid...

8.4CVSS8.3AI score0.00368EPSS
Exploits0
nessus
nessus
added 2014/07/22 12:0 a.m.26 views

RHEL 6 : kernel-rt (RHSA-2012:0061)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2012:0061 advisory. The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: It was found...

6.9CVSS7.6AI score0.10904EPSS
Exploits11References5
nessus
nessus
added 2013/01/24 12:0 a.m.37 views

RHEL 5 : kernel (RHSA-2011:1813)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2011:1813 advisory. - kernel: sctp dos CVE-2011-2482 - kernel: rpc task leak after flocking NFS share CVE-2011-2491 - kernel: /proc/PID/io infoleak CVE-2011-249...

7.8CVSS7.6AI score0.03769EPSS
Exploits2References14
nessus
nessus
added 2012/08/01 12:0 a.m.46 views

Scientific Linux Security Update : kernel on SL6.x i386/x86_64

Security issues : - Using PCI passthrough without interrupt remapping support allowed KVM guests to generate MSI interrupts and thus potentially inject traps. A privileged guest user could use this flaw to crash the host or possibly escalate their privileges on the host. The fix for this issue ca...

8.3CVSS7.1AI score0.01974EPSS
Exploits8References15
openvas
openvas
added 2012/03/16 12:0 a.m.29 views

Ubuntu Update for linux USN-1336-1

Ubuntu Update for Linux kernel vulnerabilities USN-1336-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN13361.nasl 7960 2017-12-01 06:58:16Z santu $ Ubuntu Update for linux USN-1336-1 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This...

6.9CVSS7.1AI score0.10904EPSS
Exploits11References2
openvas
openvas
added 2012/03/16 12:0 a.m.33 views

Ubuntu: Security Advisory (USN-1336-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.4AI score0.10904EPSS
Exploits18References2
securityvulns
securityvulns
added 2012/02/15 12:0 a.m.98 views

[USN-1364-1] Linux kernel (OMAP4) vulnerabilities

========================================================================== Ubuntu Security Notice USN-1364-1 February 13, 2012 linux-ti-omap4 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its...

7.8CVSS0.3AI score0.20492EPSS
Exploits18
openvas
openvas
added 2012/02/01 12:0 a.m.34 views

Ubuntu: Security Advisory (USN-1342-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.9CVSS7AI score0.10904EPSS
Exploits11References2
nvd
nvd
added 2012/01/27 3:55 p.m.21 views

CVE-2012-0056

The memwrite function in the Linux kernel before 3.2.2, when ASLR is disabled, does not properly check permissions when writing to /proc//mem, which allows local users to gain privileges by modifying process memory, as demonstrated by Mempodipper...

6.9CVSS6.3AI score0.10904EPSS
Exploits11References14
prion
prion
added 2012/01/27 3:55 p.m.38 views

Input validation

The memwrite function in the Linux kernel before 3.2.2, when ASLR is disabled, does not properly check permissions when writing to /proc//mem, which allows local users to gain privileges by modifying process memory, as demonstrated by Mempodipper...

6.9CVSS6.9AI score0.10904EPSS
Exploits11References14Affected Software1
Rows per page
Query Builder