cbcvebase.

Maynard Johnson Oprofile vulnerabilities

5 known vulnerabilities affecting maynard_johnson/oprofile.

Total CVEs
5
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH3MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2011-1760P3HIGHCVSS 7.2PoC≤ 0.9.6v0.1+21 more2011-06-09
CVE-2011-1760 [HIGH] CWE-94 CVE-2011-1760: utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to conduct eval injection atta utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to conduct eval injection attacks and gain privileges via shell metacharacters in the -e argument.
nvd
CVE-2011-2471P4HIGHCVSS 7.2≤ 0.9.6v0.1+21 more2011-06-09
CVE-2011-2471 [HIGH] CVE-2011-2471: utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to gain privileges via shell m utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to gain privileges via shell metacharacters in the (1) --vmlinux, (2) --session-dir, or (3) --xen argument, related to the daemonrc file and the do_save_setup and do_load_setup functions, a different vulnerability than CVE-2011-1760.
nvd
CVE-2011-2472P4MEDIUMCVSS 6.3≤ 0.9.6v0.1+21 more2011-06-09
CVE-2011-2472 [MEDIUM] CVE-2011-2472: Directory traversal vulnerability in utils/opcontrol in OProfile 0.9.6 and earlier might allow local Directory traversal vulnerability in utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to overwrite arbitrary files via a .. (dot dot) in the --save argument, related to the --session-dir argument, a different vulnerability than CVE-2011-1760.
nvd
CVE-2006-0576P4HIGHCVSS 7.2≤ 0.9.1v0.1+16 more2006-02-08
CVE-2006-0576 [HIGH] CVE-2006-0576: Untrusted search path vulnerability in opcontrol in OProfile 0.9.1 and earlier allows local users to Untrusted search path vulnerability in opcontrol in OProfile 0.9.1 and earlier allows local users to execute arbitrary commands via a modified PATH that references malicious (1) which or (2) dirname programs. NOTE: while opcontrol normally is not run setuid, a common configuration suggests accessing opcontrol using sudo. In such a context, this is a vulnerabili
nvd
CVE-2011-2473P4MEDIUMCVSS 6.3≤ 0.9.6v0.1+21 more2011-06-09
CVE-2011-2473 [MEDIUM] CVE-2011-2473: The do_dump_data function in utils/opcontrol in OProfile 0.9.6 and earlier might allow local users t The do_dump_data function in utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to create or overwrite arbitrary files via a crafted --session-dir argument in conjunction with a symlink attack on the opd_pipe file, a different vulnerability than CVE-2011-1760.
nvd
Maynard Johnson Oprofile vulnerabilities | cvebase