CVE-2024-48990
- EPSS 17.59%
- Veröffentlicht 19.11.2024 18:15:21
- Zuletzt bearbeitet 03.07.2025 16:08:12
Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Python interpreter with an attacker-controlled PYTHONPATH environment variable.
CVE-2024-48991
- EPSS 0.08%
- Veröffentlicht 19.11.2024 18:15:21
- Zuletzt bearbeitet 03.07.2025 16:08:31
Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by winning a race condition and tricking needrestart into running their own, fake Python interpreter (instead of the system's real Python...
CVE-2024-48992
- EPSS 0.2%
- Veröffentlicht 19.11.2024 18:15:21
- Zuletzt bearbeitet 03.07.2025 16:08:48
Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Ruby interpreter with an attacker-controlled RUBYLIB environment variable.
CVE-2024-11003
- EPSS 13.71%
- Veröffentlicht 19.11.2024 18:15:19
- Zuletzt bearbeitet 03.07.2025 16:07:46
Qualys discovered that needrestart, before version 3.8, passes unsanitized data to a library (Modules::ScanDeps) which expects safe input. This could allow a local attacker to execute arbitrary shell commands. Please see the related CVE-2024-10224 in...
CVE-2022-30688
- EPSS 0.04%
- Veröffentlicht 17.05.2022 19:15:08
- Zuletzt bearbeitet 21.11.2024 07:03:10
needrestart 0.8 through 3.5 before 3.6 is prone to local privilege escalation. Regexes to detect the Perl, Python, and Ruby interpreters are not anchored, allowing a local user to escalate privileges when needrestart tries to detect if interpreters a...