Search CVE reports


Toggle filters

1 – 5 of 5 results


CVE-2011-2473

Negligible priority
Ignored

The do_dump_data function in utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to create or overwrite arbitrary files via a crafted --session-dir argument in conjunction with a symlink attack on the opd_pipe...

1 affected packages

oprofile

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
oprofile
Show less packages

CVE-2011-2472

Medium priority

Some fixes available 3 of 4

Directory traversal vulnerability in utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to overwrite arbitrary files via a .. (dot dot) in the --save argument, related to the --session-dir argument, a different...

1 affected packages

oprofile

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
oprofile
Show less packages

CVE-2011-2471

Medium priority

Some fixes available 3 of 4

utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to gain privileges via shell metacharacters in the (1) --vmlinux, (2) --session-dir, or (3) --xen argument, related to the daemonrc file and the do_save_setup...

1 affected packages

oprofile

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
oprofile
Show less packages

CVE-2011-1760

Medium priority

Some fixes available 3 of 4

utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to conduct eval injection attacks and gain privileges via shell metacharacters in the -e argument.

1 affected packages

oprofile

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
oprofile
Show less packages

CVE-2006-0576

Unknown priority
Fixed

Untrusted search path vulnerability in opcontrol in OProfile 0.9.1 and earlier allows local users to execute arbitrary commands via a modified PATH that references malicious (1) which or (2) dirname programs. NOTE: while...

1 affected packages

oprofile

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
oprofile
Show less packages