315 matches found
USN-7117-1 Several security issues were fixed in needrestart and Module::ScanDeps
Qualys discovered that needrestart passed unsanitized data to a library libmodule-scandeps-perl which expects safe input. A local attacker could possibly use this issue to execute arbitrary code as root. CVE-2024-11003 Qualys discovered that the library libmodule-scandeps-perl incorrectly parsed...
CVE-2024-48991
CVE-2024-48991 affects needrestart prior to version 3.8. The issue arises from a race condition that allows a local attacker to trick needrestart into executing their own Python interpreter, leading to arbitrary code execution as root. The initial fix (commit 6ce6136) introduced a regression, whi...
CVE-2024-48991
Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by winning a race condition and tricking needrestart into running their own, fake Python interpreter instead of the system's real Python interpreter. The initial security fix 6ce6136...
CVE-2024-48991
Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by winning a race condition and tricking needrestart into running their own, fake Python interpreter instead of the system's real Python interpreter. The initial security fix 6ce6136...
CVE-2024-48991
Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by winning a race condition and tricking needrestart into running their own, fake Python interpreter instead of the system's real Python interpreter. The initial security fix 6ce6136...
CVE-2024-48990
Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Python interpreter with an attacker-controlled PYTHONPATH environment variable...
CVE-2024-48990
The CVE-2024-48990 vulnerability affects needrestart prior to 3.8, where an attacker can cause root code execution by manipulating the PYTHONPATH environment variable as needrestart runs Python with elevated privileges. Public PoCs and exploits exist (e.g., PoCs and Metasploit module targeting ne...
UBUNTU-CVE-2024-48990
Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Python interpreter with an attacker-controlled PYTHONPATH environment variable...
UBUNTU-CVE-2024-48991
Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by winning a race condition and tricking needrestart into running their own, fake Python interpreter instead of the system's real Python interpreter. The initial security fix 6ce6136...
needrestart 权限许可和访问控制问题漏洞
needrestart is a tool by liske personal developer for checking which daemons need to be restarted after an upgrade. A security vulnerability exists in versions prior to needrestart 3.8, which stems from a vulnerability that allows a local attacker to execute arbitrary code as root by winning a ra...
PT-2024-8542 · Unknown +3 · Needrestart +3
Name of the Vulnerable Software and Affected Versions: needrestart versions prior to 3.8 Description: The issue is related to a race condition that allows local attackers to execute arbitrary code as root by tricking needrestart into running a fake Python interpreter. This is achieved by winning ...
The vulnerability of the Python programming language interpreter lies in the use of an insecure search path, which allows attackers to exploit their privileges.
The vulnerability of the Python programming language interpreter is related to the use of an unreliable search path. Exploiting this vulnerability can allow attackers to gain increased privileges...
[SECURITY] Fedora 41 Update: rust-pyo3-0.22.4-1.fc41
Bindings to Python interpreter...
[SECURITY] Fedora 39 Update: rust-pyo3-0.22.4-1.fc39
Bindings to Python interpreter...
Cisco NX-OS Protection Mechanism Failure (CVE-2024-20286)
A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlying operating system of the device. The vulnerability is due to insufficient validation of...
Cisco NX-OS Protection Mechanism Failure (CVE-2024-20284)
A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlying operating system of the device. The vulnerability is due to insufficient validation of...
The vulnerability of the Python interpreter of the Cisco NX-OS operating system for Cisco Nexus switches allows a hacker to execute arbitrary commands.
The vulnerability of the Python interpreter in the Cisco NX-OS operating system of Cisco Nexus switches is related to insufficient spatial separation. Exploiting this vulnerability could allow an attacker to execute arbitrary commands in the basic operating system...
The vulnerability of the Python programming language interpreter, related to the use of memory after it is freed, allows attackers to trigger a service failure.
The vulnerability of the Python programming language interpreter is related to the use of memory after it is freed. Exploiting this vulnerability can allow a remote attacker to cause a service failure...
The vulnerability of the `read_ints` function in the plistlib.py component of the Python interpreter, related to uncontrolled resource consumption, allows a hacker to cause a service failure.
The vulnerability of the readints function in the plistlib.py component of the Python interpreter involves an uncontrolled consumption of resources. Exploiting this vulnerability could allow a malicious actor to cause service failures...
The vulnerability of the Python interpreter of the Cisco NX-OS operating system for Cisco Nexus switches allows a hacker to execute arbitrary commands.
The vulnerability of the Python interpreter in the Cisco NX-OS operating system of Cisco Nexus switches is related to a breach in the data protection mechanism. Exploiting this vulnerability allows an attacker to execute arbitrary commands in the underlying operating system...