Lucene search
K

388 matches found

Fedora
Fedora
added 2018/05/22 3:9 p.m.42 views

[SECURITY] Fedora 28 Update: procps-ng-3.3.12-2.fc28

The procps package contains a set of system utilities that provide system information. Procps includes ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch and pwdx. The ps command displays a snapshot of running processes. The top command provides a repetitive update of the...

9.8CVSS0.4AI score0.01993EPSS
Exploits6
Packet Storm
Packet Storm
added 2018/05/22 12:0 a.m.108 views

Procps-ng Audit Report

Qualys Security Advisory Procps-ng Audit Report ======================================================================== Contents ======================================================================== Summary 1. FUSE-backed /proc/PID/cmdline 2. Unprivileged process hiding 3. Local Privilege...

7AI score0.09081EPSS
Exploits11
OSV
OSV
added 2018/05/22 12:0 a.m.33 views

DSA-4208-1 procps - security update

Bulletin has no description...

9.8CVSS7.5AI score0.09081EPSS
Exploits9
OpenVAS
OpenVAS
added 2018/05/21 12:0 a.m.68 views

Debian: Security Advisory (DSA-4208-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.8AI score0.09081EPSS
Exploits9References4
UbuntuCve
UbuntuCve
added 2018/05/17 5:0 p.m.24 views

CVE-2018-1125

procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat to a stack-allocated string. When pgrep is compiled with FORTIFY as on Red Hat Enterprise Linux and Fedora, the impact is limited to a crash...

7.5CVSS7AI score0.02201EPSS
Exploits5References4
UbuntuCve
UbuntuCve
added 2018/05/17 5:0 p.m.40 views

CVE-2018-1121

procps-ng, procps is vulnerable to a process hiding through race condition. Since the kernel's procpidreaddir returns PID entries in ascending numeric order, a process occupying a high PID can use inotify events to determine when the process list is being scanned, and fork/exec to obtain a lower...

5.9CVSS6.5AI score0.04189EPSS
Exploits5References3
UbuntuCve
UbuntuCve
added 2018/05/17 5:0 p.m.40 views

CVE-2018-1124

procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code executi...

7.8CVSS6.9AI score0.01834EPSS
Exploits5References4
UbuntuCve
UbuntuCve
added 2018/05/17 5:0 p.m.52 views

CVE-2018-1120

A flaw was found affecting the Linux kernel before version 4.17. By mmaping a FUSE-backed file onto a process's memory containing command line arguments or environment strings, an attacker can cause utilities from psutils or procps such as ps, w or any other program which makes a read call to the...

5.3CVSS6.7AI score0.07291EPSS
Exploits5References7
UbuntuCve
UbuntuCve
added 2018/05/17 5:0 p.m.29 views

CVE-2018-1123

procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash temporary denial of service...

7.5CVSS7.1AI score0.09081EPSS
Exploits5References4
UbuntuCve
UbuntuCve
added 2018/05/17 5:0 p.m.25 views

CVE-2018-1122

procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the configfile function...

7.3CVSS6.9AI score0.013EPSS
Exploits5References4
UbuntuCve
UbuntuCve
added 2018/05/17 5:0 p.m.33 views

CVE-2018-1126

procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc. leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124...

9.8CVSS6.8AI score0.01993EPSS
Exploits5References4
OSV
OSV
added 2018/05/17 5:0 p.m.4 views

UBUNTU-CVE-2018-1125

procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat to a stack-allocated string. When pgrep is compiled with FORTIFY as on Red Hat Enterprise Linux and Fedora, the impact is limited to a crash...

7.5CVSS7AI score0.02201EPSS
Exploits5References5
OSV
OSV
added 2018/05/17 5:0 p.m.4 views

UBUNTU-CVE-2018-1124

procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code executi...

7.8CVSS7.3AI score0.01834EPSS
Exploits5References5
OSV
OSV
added 2018/05/17 5:0 p.m.1 views

UBUNTU-CVE-2018-1121

procps-ng, procps is vulnerable to a process hiding through race condition. Since the kernel's procpidreaddir returns PID entries in ascending numeric order, a process occupying a high PID can use inotify events to determine when the process list is being scanned, and fork/exec to obtain a lower...

5.9CVSS6.4AI score0.04189EPSS
Exploits5References4
OSV
OSV
added 2018/05/17 5:0 p.m.3 views

UBUNTU-CVE-2018-1126

procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc. leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124...

9.8CVSS6.8AI score0.01993EPSS
Exploits5References5
OSV
OSV
added 2018/05/17 5:0 p.m.5 views

UBUNTU-CVE-2018-1123

procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash temporary denial of service...

7.5CVSS7.1AI score0.09081EPSS
Exploits5References5
OSV
OSV
added 2018/05/17 5:0 p.m.2 views

UBUNTU-CVE-2018-1122

procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the configfile function...

7.3CVSS7AI score0.013EPSS
Exploits5References5
Positive Technologies
Positive Technologies
added 2018/05/17 12:0 a.m.3 views

PT-2018-1901

Name of the Vulnerable Software and Affected Versions procps-ng versions prior to 3.3.15 Description The issue is related to a stack buffer overflow error in the pgrep function of the procps-ng set of console applications for monitoring and terminating system processes. This error can be exploite...

9.8CVSS7.2AI score0.09081EPSS
Exploits9References75
Positive Technologies
Positive Technologies
added 2018/05/17 12:0 a.m.4 views

PT-2018-10400

Name of the Vulnerable Software and Affected Versions procps-ng versions prior to 3.3.15 Description The issue allows an unprivileged attacker to hide a process from procps-ng's utilities by exploiting a race condition in reading /proc/PID entries. This is achieved through a process occupying a...

5.9CVSS6.2AI score0.04189EPSS
Exploits5References17
OSV
OSV
added 2017/10/09 1:38 p.m.8 views

SUSE-SU-2017:2674-1 Security update for Salt

This update for salt fixes one security issue and bugs: The following security issue has been fixed: - CVE-2017-12791: Directory traversal vulnerability in minion id validation allowed remote minions with incorrect credentials to authenticate to a master via a crafted minion ID bsc1053955...

9.8CVSS9.3AI score0.04629EPSS
Exploits0References7
Rows per page
Query Builder