Lucene search
+L

93 matches found

Debian CVE
Debian CVE
added 2021/09/19 4:2 p.m.44 views

CVE-2021-41073

looprwiter in fs/iouring.c in the Linux kernel 5.10 through 5.14.6 allows local users to gain privileges by using IORINGOPPROVIDEBUFFERS to trigger a free of a kernel buffer, as demonstrated by using /proc//maps for exploitation...

7.8CVSS7AI score0.01719EPSS
Exploits2
NVD
NVD
added 2021/06/11 3:15 a.m.21 views

CVE-2021-25682

It was discovered that the getpidinfo function in data/apport did not properly parse the /proc/pid/status file from the kernel...

8.8CVSS0.00453EPSS
Exploits1References1
NVD
NVD
added 2021/05/10 7:15 p.m.20 views

CVE-2020-28588

An information disclosure vulnerability exists in the /proc/pid/syscall functionality of Linux Kernel 5.1 Stable and 5.4.66. More specifically, this issue has been introduced in v5.1-rc4 commit 631b7abacd02b88f4b0795c08b54ad4fc3e7c7c0 and is still present in v5.10-rc4, so it’s likely that all...

5.5CVSS0.011EPSS
Exploits1References1
CVE
CVE
added 2021/05/10 6:54 p.m.249 views

CVE-2020-28588

The CVE-2020-28588 information disclosure exists in the Linux Kernel /proc/pid/syscall interface for 5.1 Stable through 5.4.66, introduced in v5.1-rc4 (commit 631b7abacd02b88f4b0795c08b54ad4fc3e7c7c0) and still present in 5.10-rc4. An attacker can read /proc/pid/syscall to trigger memory contents...

5.5CVSS5.6AI score0.011EPSS
Exploits1References1Affected Software1
Debian CVE
Debian CVE
added 2021/05/10 6:54 p.m.66 views

CVE-2020-28588

An information disclosure vulnerability exists in the /proc/pid/syscall functionality of Linux Kernel 5.1 Stable and 5.4.66. More specifically, this issue has been introduced in v5.1-rc4 commit 631b7abacd02b88f4b0795c08b54ad4fc3e7c7c0 and is still present in v5.10-rc4, so it’s likely that all...

5.5CVSS4.2AI score0.011EPSS
Exploits1
NVD
NVD
added 2020/04/28 12:15 a.m.24 views

CVE-2019-15790

Apport reads and writes information on a crashed process to /proc/pid with elevated privileges. Apport then determines which user the crashed process belongs to by reading /proc/pid through getpidinfo in data/apport. An unprivileged user could exploit this to read information about a privileged...

3.3CVSS4AI score0.00523EPSS
Exploits2References11
Talos
Talos
added 2020/04/27 12:0 a.m.392 views

Linux Kernel /proc/pid/syscall information disclosure vulnerability

Summary An information disclosure vulnerability exists in the /proc/pid/syscall functionality of Linux Kernel 5.1 Stable and 5.4.66. More specifically, this issue has been introduced in v5.1-rc4 commit 631b7abacd02b88f4b0795c08b54ad4fc3e7c7c0 and is still present in v5.10-rc4, so it’s likely that...

5.5CVSS5.5AI score0.011EPSS
Exploits1
Veracode
Veracode
added 2020/04/10 1:1 a.m.41 views

Information Disclosure

kernel is vulnerable to information disclosure. The vulnerability exists as /proc/PID/io is world-readable by default. Previously, these files could be read without any further restrictions. A local, unprivileged user could read these files, belonging to other, possibly privileged processes to...

2.1CVSS3AI score0.00483EPSS
Exploits1References10Affected Software2
Veracode
Veracode
added 2020/04/10 12:55 a.m.40 views

Information Disclosure

kernel is vulnerable to information disclosure. An information leak was found in the Linux kernel's taskshowregs implementation. On IBM S/390 systems, a local, unprivileged user could use this flaw to read /proc/PID/status files, allowing them to discover the CPU register values of processes...

2.1CVSS2.7AI score0.004EPSS
Exploits0References14Affected Software1
Prion
Prion
added 2020/03/11 7:15 p.m.29 views

Race condition

A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with "umask...

3.7CVSS5.2AI score0.004EPSS
Exploits1References8Affected Software6
UbuntuCve
UbuntuCve
added 2020/03/11 7:15 p.m.31 views

CVE-2020-1733

A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with "umask...

5CVSS6.7AI score0.004EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2020/03/11 6:47 p.m.26 views

CVE-2020-1733

A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with "umask...

5CVSS6.7AI score0.004EPSS
Exploits1
UbuntuCve
UbuntuCve
added 2019/10/29 12:0 a.m.28 views

CVE-2019-15790

Apport reads and writes information on a crashed process to /proc/pid with elevated privileges. Apport then determines which user the crashed process belongs to by reading /proc/pid through getpidinfo in data/apport. An unprivileged user could exploit this to read information about a privileged...

3.3CVSS5.8AI score0.00523EPSS
Exploits2References3
OSV
OSV
added 2019/10/29 12:0 a.m.7 views

UBUNTU-CVE-2019-15790

Apport reads and writes information on a crashed process to /proc/pid with elevated privileges. Apport then determines which user the crashed process belongs to by reading /proc/pid through getpidinfo in data/apport. An unprivileged user could exploit this to read information about a privileged...

3.3CVSS5.8AI score0.00523EPSS
Exploits2References4
RedHat Linux
RedHat Linux
added 2019/08/13 3:18 p.m.3 views

kernel: Unprivileged users able to inspect kernel stacks of arbitrary tasks

An issue was discovered in the procpidstack function in fs/proc/base.c in the Linux kernel. An attacker with a local account can trick the stack unwinder code to leak stack contents to userspace. The fix allows only root to inspect the kernel stack of an arbitrary task...

5.5CVSS7.3AI score0.0035EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2019/05/07 12:0 a.m.30 views

Ubuntu 16.04 LTS : Sudo vulnerabilities (USN-3968-1)

The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3968-1 advisory. Florian Weimer discovered that Sudo incorrectly handled the noexec restriction when used with certain applications. A local attacker could possibly use...

8.2CVSS7.5AI score0.00573EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2019/04/23 2:31 p.m.4 views

kernel: Unprivileged users able to inspect kernel stacks of arbitrary tasks

An issue was discovered in the procpidstack function in fs/proc/base.c in the Linux kernel. An attacker with a local account can trick the stack unwinder code to leak stack contents to userspace. The fix allows only root to inspect the kernel stack of an arbitrary task...

5.5CVSS7.3AI score0.0035EPSS
Exploits0References4
NVD
NVD
added 2019/04/12 12:29 a.m.32 views

CVE-2019-11190

The Linux kernel before 4.8 allows local users to bypass ASLR on setuid programs such as /bin/su because installexeccreds is called too late in loadelfbinary in fs/binfmtelf.c, and thus the ptracemayaccess check has a race condition when reading /proc/pid/stat...

4.7CVSS5.8AI score0.00485EPSS
Exploits1References12
Debian CVE
Debian CVE
added 2019/04/11 11:6 p.m.43 views

CVE-2019-11190

The Linux kernel before 4.8 allows local users to bypass ASLR on setuid programs such as /bin/su because installexeccreds is called too late in loadelfbinary in fs/binfmtelf.c, and thus the ptracemayaccess check has a race condition when reading /proc/pid/stat...

4.7CVSS6.3AI score0.00485EPSS
Exploits1
OSV
OSV
added 2018/10/03 10:29 p.m.2 views

DEBIAN-CVE-2018-17972

An issue was discovered in the procpidstack function in fs/proc/base.c in the Linux kernel through 4.18.11. It does not ensure that only root may inspect the kernel stack of an arbitrary task, allowing a local attacker to exploit racy stack unwinding and leak kernel task stack contents...

5.5CVSS6.2AI score0.0035EPSS
Exploits0References1
Rows per page
Query Builder