CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2015-5218
https://notcve.org/view.php?id=CVE-2015-5218
09 Nov 2015 — Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable. Desbordamiento de buffer en text-utils/colcrt.c en colcrt en util-linux en versiones anteriores a 2.27 permite a usuarios locales causar una denegación de servicio (caída) a través de un archivo manipulado, relacionado con la variable page global. • http://lists.opensuse.org/opensuse-updates/2015-11/msg00035.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2014-9114 – Gentoo Linux Security Advisory 201612-14
https://notcve.org/view.php?id=CVE-2014-9114
30 Mar 2015 — Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code. Blkid en util-linux en versiones anteriores a 2.26rc-1 permite a usuarios locales ejecutar código arbitrario. Sebastian Krahmer reported a command injection flaw in blkid. This could possibly result in command execution with root privileges. The util-linux package has been updated to version 2.24.2 and patched to fix this issue and other bugs. • http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145188.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2013-0157 – util-linux: mount folder existence information disclosure
https://notcve.org/view.php?id=CVE-2013-0157
21 Jan 2014 — (a) mount and (b) umount in util-linux 2.14.1, 2.17.2, and probably other versions allow local users to determine the existence of restricted directories by (1) using the --guess-fstype command-line option or (2) attempting to mount a non-existent device, which generates different error messages depending on whether the directory exists. (a) mount y (b) unmount en util-linux 2.14.1, 2.17.2, y probablemente otras versiones permite a usuarios locales determinar la existencia de directorios restringidos median... • http://bugs.debian.org/697464 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 0CVE-2007-5191 – util-linux (u)mount doesn't drop privileges properly when calling helpers
https://notcve.org/view.php?id=CVE-2007-5191
04 Oct 2007 — mount and umount in util-linux and loop-aes-utils call the setuid and setgid functions in the wrong order and do not check the return values, which might allow attackers to gain privileges via helpers such as mount.nfs. El montaje y desmontaje en util-linux y loop-aes-utils, llaman a las funciones setuid y setgid en el orden incorrecto y no comprueban los valores de retorno, lo que podría permitir a atacantes alcanzar privilegios por medio de asistentes como mount.nfs. • http://bugs.gentoo.org/show_bug.cgi?id=195390 • CWE-252: Unchecked Return Value •
CVSS: 7.2EPSS: 0%CPEs: 7EXPL: 0CVE-2001-1494
https://notcve.org/view.php?id=CVE-2001-1494
31 Dec 2001 — script command in the util-linux package before 2.11n allows local users to overwrite arbitrary files by setting a hardlink from the typescript log file to any file on the system, then having root execute the script command. • http://seclists.org/bugtraq/2001/Dec/0122.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •