CVSS: 9.8EPSS: 4%CPEs: 2EXPL: 0CVE-2015-5224
https://notcve.org/view.php?id=CVE-2015-5224
23 Aug 2017 — The mkostemp function in login-utils in util-linux when used incorrectly allows remote attackers to cause file name collision and possibly other attacks. La función mkostemp en login-utils en util-linux, al usarse de forma incorrecta, permite que atacantes remotos provoquen una colisión de nombre de archivo y, posiblemente, otros ataques. • http://www.openwall.com/lists/oss-security/2015/08/24/3 •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 0CVE-2017-7480 – Gentoo Linux Security Advisory 201805-11
https://notcve.org/view.php?id=CVE-2017-7480
21 Jul 2017 — rkhunter versions before 1.4.4 are vulnerable to file download over insecure channel when doing mirror update resulting into potential remote code execution. rkhunter versiones anteriores a 1.4.4, es vulnerable a descargar archivos en canales no seguros cuando se realiza una actualización espejo, resultando en una potencial ejecución de código remota. A vulnerability has been found in Rootkit Hunter that allows a remote attacker to execute arbitrary code. Versions less than 1.4.6 are affected. • http://seclists.org/oss-sec/2017/q2/643 • CWE-300: Channel Accessible by Non-Endpoint CWE-417: Communication Channel Errors •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-2779
https://notcve.org/view.php?id=CVE-2016-2779
07 Feb 2017 — runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer. runuser en util-linux permite a usuarios locales escapar a la sesión principal a través de una llamada ioctl TIOCSTI manipulada, que empuja caracteres al búfer de entrada del terminal. • http://www.openwall.com/lists/oss-security/2016/02/27/1 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.9EPSS: 0%CPEs: 19EXPL: 0CVE-2016-5011 – util-linux: Extended partition loop in MBR partition table leads to DOS
https://notcve.org/view.php?id=CVE-2016-5011
04 Nov 2016 — The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset. La función parse_dos_extended en partitions/dos.c en la biblioteca libblkid en util-linux permite a atacantes físicamente próximos provocar una denegación de servicio (consumo de memoria) a través de una tabla de particiones MSDOS manipulada c... • http://rhn.redhat.com/errata/RHSA-2016-2605.html •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2015-5218
https://notcve.org/view.php?id=CVE-2015-5218
09 Nov 2015 — Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable. Desbordamiento de buffer en text-utils/colcrt.c en colcrt en util-linux en versiones anteriores a 2.27 permite a usuarios locales causar una denegación de servicio (caída) a través de un archivo manipulado, relacionado con la variable page global. • http://lists.opensuse.org/opensuse-updates/2015-11/msg00035.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2014-9114 – Gentoo Linux Security Advisory 201612-14
https://notcve.org/view.php?id=CVE-2014-9114
30 Mar 2015 — Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code. Blkid en util-linux en versiones anteriores a 2.26rc-1 permite a usuarios locales ejecutar código arbitrario. Sebastian Krahmer reported a command injection flaw in blkid. This could possibly result in command execution with root privileges. The util-linux package has been updated to version 2.24.2 and patched to fix this issue and other bugs. • http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145188.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4325
https://notcve.org/view.php?id=CVE-2014-4325
25 Aug 2014 — The cmd_boot function in app/aboot/aboot.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to bypass intended device-lock and kernel-signature restrictions by using fastboot mode in a boot command for an arbitrary kernel image. La función cmd_boot en app/aboot/aboot.c en el bootloader Little Kernel (LK), distribuido con las contribuciones Android Qualcomm Innovation Center (QuIC) para los d... • https://www.codeaurora.org/projects/security-advisories/fastboot-boot-command-bypasses-signature-verification-cve-2014-4325 • CWE-287: Improper Authentication •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2014-0973
https://notcve.org/view.php?id=CVE-2014-0973
25 Aug 2014 — The image_verify function in platform/msm_shared/image_verify.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not check whether a certain digest size is consistent with the RSA_public_decrypt API specification, which makes it easier for attackers to bypass boot-image authentication requirements via trailing data. La función image_verify en platform/msm_shared/image_verify.c en el bootloader Little Ke... • http://source.android.com/security/bulletin/2016-07-01.html • CWE-287: Improper Authentication •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2014-0974
https://notcve.org/view.php?id=CVE-2014-0974
25 Aug 2014 — The boot_linux_from_mmc function in app/aboot/aboot.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly validate a certain address value, which allows attackers to write data to a controllable memory location by leveraging the ability to initiate an attempted boot of an arbitrary image. La función boot_linux_from_mmc en app/aboot/aboot.c en el bootloader Little Kernel (LK), distribuido con l... • http://source.android.com/security/bulletin/2016-07-01.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2013-0157 – util-linux: mount folder existence information disclosure
https://notcve.org/view.php?id=CVE-2013-0157
21 Jan 2014 — (a) mount and (b) umount in util-linux 2.14.1, 2.17.2, and probably other versions allow local users to determine the existence of restricted directories by (1) using the --guess-fstype command-line option or (2) attempting to mount a non-existent device, which generates different error messages depending on whether the directory exists. (a) mount y (b) unmount en util-linux 2.14.1, 2.17.2, y probablemente otras versiones permite a usuarios locales determinar la existencia de directorios restringidos median... • http://bugs.debian.org/697464 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •