Vserver : Security Vulnerabilities, CVEs, CVSS score >= 4
vserver in util-vserver 0.30.209 executes a command as root when the suexec userid parameter is invalid and non-numeric, which might cause local users to inadvertently execute dangerous commands as root.
Max CVSS
7.2
EPSS Score
0.04%
Published
2006-04-06
Updated
2008-09-05
util-vserver before 0.30.208-1 with kernel-patch-vserver before 1.9.5.5 and 2.x before 2.3 for Debian GNU/Linux sets a default policy that trusts unknown capabilities, which could allow local users to conduct unauthorized activities.
Max CVSS
7.5
EPSS Score
0.04%
Published
2005-12-31
Updated
2017-07-20
Race condition in the setsid function in Linux before 2.6.8.1 allows local users to cause a denial of service (crash) and possibly access portions of kernel memory, related to TTY changes, locking, and semaphores.
Max CVSS
6.2
EPSS Score
0.04%
Published
2005-03-07
Updated
2017-10-11
Unspecified vulnerability in procfs in the Linux-VServer stable branch for the 2.4 kernel before 1.23 and Linux-VServer development branch for the 2.4 kernel before 1.3.5 has unspecified impact and attack vectors, related to "write access to specific proc entries from a vserver context", a different vulnerability than CVE-2004-2408.
Max CVSS
10.0
EPSS Score
0.53%
Published
2004-12-31
Updated
2008-09-05
Multiple race conditions in Linux-VServer 1.22 with Linux kernel 2.4.23 and SMP allow local users to cause a denial of service (kernel oops) via unknown attack vectors related to the (1) s_info and (2) ip_info data structures and the (a) forget_original_parent, (b) goodness, (c) schedule, (d) update_process_times, and (e) vc_new_s_context functions.
Max CVSS
5.0
EPSS Score
0.04%
Published
2003-12-31
Updated
2008-09-05
5 vulnerabilities found