293 matches found
CVE-2024-48991
CVE-2024-48991 affects needrestart prior to version 3.8. The issue arises from a race condition that allows a local attacker to trick needrestart into executing their own Python interpreter, leading to arbitrary code execution as root. The initial fix (commit 6ce6136) introduced a regression, whi...
CVE-2024-48991
Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by winning a race condition and tricking needrestart into running their own, fake Python interpreter instead of the system's real Python interpreter. The initial security fix 6ce6136...
CVE-2024-48991
Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by winning a race condition and tricking needrestart into running their own, fake Python interpreter instead of the system's real Python interpreter. The initial security fix 6ce6136...
CVE-2024-48990
Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Python interpreter with an attacker-controlled PYTHONPATH environment variable...
CVE-2024-48990
The CVE-2024-48990 vulnerability affects needrestart prior to 3.8, where an attacker can cause root code execution by manipulating the PYTHONPATH environment variable as needrestart runs Python with elevated privileges. Public PoCs and exploits exist (e.g., PoCs and Metasploit module targeting ne...
UBUNTU-CVE-2024-48990
Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Python interpreter with an attacker-controlled PYTHONPATH environment variable...
UBUNTU-CVE-2024-48991
Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by winning a race condition and tricking needrestart into running their own, fake Python interpreter instead of the system's real Python interpreter. The initial security fix 6ce6136...
needrestart 权限许可和访问控制问题漏洞
needrestart is a tool by liske personal developer for checking which daemons need to be restarted after an upgrade. A security vulnerability exists in versions prior to needrestart 3.8, which stems from a vulnerability that allows a local attacker to execute arbitrary code as root by winning a ra...
PT-2024-8542 · Unknown +3 · Needrestart +3
Name of the Vulnerable Software and Affected Versions: needrestart versions prior to 3.8 Description: The issue is related to a race condition that allows local attackers to execute arbitrary code as root by tricking needrestart into running a fake Python interpreter. This is achieved by winning ...
[SECURITY] Fedora 41 Update: rust-pyo3-0.22.4-1.fc41
Bindings to Python interpreter...
[SECURITY] Fedora 39 Update: rust-pyo3-0.22.4-1.fc39
Bindings to Python interpreter...
Cisco NX-OS Protection Mechanism Failure (CVE-2024-20286)
A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlying operating system of the device. The vulnerability is due to insufficient validation of...
Cisco NX-OS Protection Mechanism Failure (CVE-2024-20284)
A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlying operating system of the device. The vulnerability is due to insufficient validation of...
CPython 安全漏洞
CPython is a Python interpreter implemented in C from the Python Foundation. CPython has a security vulnerability that stems from vulnerability to regular expression denial attacks...
Moderate: python3.11 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...
CVE-2024-20286
A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlying operating system of the device. The vulnerability is due to insufficient validation of...
CVE-2024-20286
A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlying operating system of the device. The vulnerability is due to insufficient validation of...
CVE-2024-20285
A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlying operating system of the device. The vulnerability is due to insufficient validation of...
CVE-2024-20285
A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlying operating system of the device. The vulnerability is due to insufficient validation of...
CVE-2024-20284
A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlying operating system of the device. The vulnerability is due to insufficient validation of...