RSS   Vulnerabilities for 'Setroubleshoot'   RSS

2015-03-30
 
CVE-2015-1815

 

 
The get_rpm_nvr_by_file_path_temporary function in util.py in setroubleshoot before 3.2.22 allows remote attackers to execute arbitrary commands via shell metacharacters in a file name.

 
2008-05-23
 
CVE-2007-5496

 

 
Cross-site scripting (XSS) vulnerability in setroubleshoot 2.0.5 allows local users to inject arbitrary web script or HTML via a crafted (1) file or (2) process name, which triggers an Access Vector Cache (AVC) log entry in a log file used during composition of HTML documents for sealert.

 
 
CVE-2007-5495

 

 
sealert in setroubleshoot 2.0.5 allows local users to overwrite arbitrary files via a symlink attack on the sealert.log temporary file.

 


Copyright 2024, cxsecurity.com

 

Back to Top