CVSS: 10.0EPSS: 29%CPEs: 2EXPL: 5CVE-2015-1815 – Fedora 21 setroubleshootd 3.2.22 - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2015-1815
26 Mar 2015 — The get_rpm_nvr_by_file_path_temporary function in util.py in setroubleshoot before 3.2.22 allows remote attackers to execute arbitrary commands via shell metacharacters in a file name. La función get_rpm_nvr_by_file_path_temporary en util.py en setroubleshoot anterior a 3.2.22 permite a atacantes remotos ejecutar cpmandos arbitrarios a través de metacaracteres de shell en el nombre de un fichero. It was found that setroubleshoot did not sanitize file names supplied in a shell command look-up for RPMs assoc... • https://www.exploit-db.com/exploits/36564 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 0CVE-2007-5495 – setroubleshoot insecure logging
https://notcve.org/view.php?id=CVE-2007-5495
23 May 2008 — sealert in setroubleshoot 2.0.5 allows local users to overwrite arbitrary files via a symlink attack on the sealert.log temporary file. Vulnerabilidad en sealert in setroubleshoot 2.0.5, permite a los usuarios locales sobrescribir ficheros arbitrarios a través de un ataque mediate enlace simbólico en el fichero temporal sealert.log • http://secunia.com/advisories/30339 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 4.6EPSS: 0%CPEs: 3EXPL: 0CVE-2007-5496 – setroubleshoot log injection
https://notcve.org/view.php?id=CVE-2007-5496
23 May 2008 — Cross-site scripting (XSS) vulnerability in setroubleshoot 2.0.5 allows local users to inject arbitrary web script or HTML via a crafted (1) file or (2) process name, which triggers an Access Vector Cache (AVC) log entry in a log file used during composition of HTML documents for sealert. Vulnerabilidad de ejecución de código en sitios cruzados en setroubleshoot 2.0.5, permite a usuarios locales inyectar código web oi HTMl a através de (1) un fichero o (2) un nombre de proceso, con disparadores en la entrad... • http://secunia.com/advisories/30339 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •