CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-33204 – sysstat: check_overflow() function can work incorrectly that lead to an overflow
https://notcve.org/view.php?id=CVE-2023-33204
sysstat through 12.7.2 allows a multiplication integer overflow in check_overflow in common.c. NOTE: this issue exists because of an incomplete fix for CVE-2022-39377. A vulnerability was found in sysstat. This security flaw happens because it allows a multiplication integer overflow in check_overflow in common.c. This issue exists due to an incomplete fix for CVE-2022-39377. • https://github.com/sysstat/sysstat/pull/360 https://lists.debian.org/debian-lts-announce/2023/05/msg00026.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7UUEKMNDMC6RZTI4O367ZD2YKCOX5THX https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NUBFX3UNOSM7KFUIB3J32ASYT5ZRXJQV https://access.redhat.com/security/cve/CVE-2023-33204 https://bugzilla.redhat.com/show_bug.cgi?id=2208270 • CWE-190: Integer Overflow or Wraparound CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 1CVE-2019-19725
https://notcve.org/view.php?id=CVE-2019-19725
sysstat through 12.2.0 has a double free in check_file_actlst in sa_common.c. sysstat versiones hasta 12.2.0, presenta una doble liberación en la función check_file_actlst en el archivo sa_common.c. • https://github.com/sysstat/sysstat/issues/242 https://lists.debian.org/debian-lts-announce/2022/11/msg00014.html https://security.gentoo.org/glsa/202007-22 https://usn.ubuntu.com/4242-1 • CWE-415: Double Free •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 1CVE-2019-16167 – sysstat: memory corruption due to an integer overflow in remap_struct in sa_common.c
https://notcve.org/view.php?id=CVE-2019-16167
sysstat before 12.1.6 has memory corruption due to an Integer Overflow in remap_struct() in sa_common.c. sysstat versiones anteriores a 12.1.6, presenta una corrupción de la memoria debido a un desbordamiento de enteros en la función remap_struct() en el archivo sa_common.c. An integer overflow vulnerability was found in sysstat in the way the `sadf` command processes the contents of data files created by the `sar` command. A local attacker could exploit this flaw by creating a specially crafted file with malformed data that, when loaded by a victim, causes the application to crash. • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00067.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00068.html https://github.com/sysstat/sysstat/compare/v12.1.5...v12.1.6 https://github.com/sysstat/sysstat/issues/230 https://lists.debian.org/debian-lts-announce/2022/11/msg00014.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RVSMKUPWIGQYX4G5LZXL7ZBJN3KY6RM3 https://usn.ubuntu.com/4242-1 https://access&# • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 4.4EPSS: 0%CPEs: 21EXPL: 0CVE-2007-3852 – sysstat insecure temporary file usage
https://notcve.org/view.php?id=CVE-2007-3852
The init script (sysstat.in) in sysstat 5.1.2 up to 7.1.6 creates /tmp/sysstat.run insecurely, which allows local users to execute arbitrary code. El script init (sysstat.in) en sysstat versiones 5.1.2 hasta 7.1.6, crea de manera no segura el archivo /tmp/sysstat.run, lo que permite a usuarios locales ejecutar código arbitrario. • http://osvdb.org/39709 http://secunia.com/advisories/26527 http://www.redhat.com/support/errata/RHSA-2011-1005.html http://www.securityfocus.com/bid/25380 https://bugs.gentoo.org/show_bug.cgi?id=188808 https://exchange.xforce.ibmcloud.com/vulnerabilities/36045 https://access.redhat.com/security/cve/CVE-2007-3852 https://bugzilla.redhat.com/show_bug.cgi?id=251200 • CWE-264: Permissions, Privileges, and Access Controls CWE-377: Insecure Temporary File •