Qualys discovered that needrestart passed unsanitized data to a library (libmodule-scandeps-perl) which expects safe input. A local attacker could possibly use this issue to execute arbitrary code as root. (CVE-2024-11003)
Qualys discovered that the library libmodule-scandeps-perl incorrectly parsed perl code. This could allow a local attacker to execute arbitrary shell commands. (CVE-2024-10224)
Qualys discovered that needrestart incorrectly used the PYTHONPATH environment variable to spawn a new Python interpreter. A local attacker could possibly use this issue to execute arbitrary code as root. (CVE-2024-48990)
Qualys discovered that needrestart incorrectly checked the path to the Python interpreter. A local attacker could possibly use this issue to win a race condition and execute arbitrary code as root. (CVE-2024-48991)
Qualys discovered that needrestart incorrectly used the RUBYLIB environment variable to spawn a new Ruby interpreter. A local attacker could possibly use this issue to execute arbitrary code as root. (CVE-2024-48992)
{ "availability": "No subscription required", "binaries": [ { "binary_version": "1.31-1ubuntu0.1", "binary_name": "libmodule-scandeps-perl" } ] }
{ "ecosystem": "Ubuntu:22.04:LTS", "cves": [ { "severity": [ { "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "type": "CVSS_V3" }, { "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "medium", "type": "Ubuntu" } ], "id": "CVE-2024-10224" }, { "severity": [ { "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "medium", "type": "Ubuntu" } ], "id": "CVE-2024-11003" }, { "severity": [ { "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "high", "type": "Ubuntu" } ], "id": "CVE-2024-48990" }, { "severity": [ { "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "high", "type": "Ubuntu" } ], "id": "CVE-2024-48991" }, { "severity": [ { "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "high", "type": "Ubuntu" } ], "id": "CVE-2024-48992" } ] }
{ "availability": "No subscription required", "binaries": [ { "binary_version": "3.5-5ubuntu2.2", "binary_name": "needrestart" } ] }
{ "ecosystem": "Ubuntu:22.04:LTS", "cves": [ { "severity": [ { "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "type": "CVSS_V3" }, { "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "medium", "type": "Ubuntu" } ], "id": "CVE-2024-10224" }, { "severity": [ { "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "medium", "type": "Ubuntu" } ], "id": "CVE-2024-11003" }, { "severity": [ { "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "high", "type": "Ubuntu" } ], "id": "CVE-2024-48990" }, { "severity": [ { "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "high", "type": "Ubuntu" } ], "id": "CVE-2024-48991" }, { "severity": [ { "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "high", "type": "Ubuntu" } ], "id": "CVE-2024-48992" } ] }
{ "availability": "No subscription required", "binaries": [ { "binary_version": "1.35-1ubuntu0.24.04.1", "binary_name": "libmodule-scandeps-perl" } ] }
{ "ecosystem": "Ubuntu:24.04:LTS", "cves": [ { "severity": [ { "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "type": "CVSS_V3" }, { "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "medium", "type": "Ubuntu" } ], "id": "CVE-2024-10224" }, { "severity": [ { "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "medium", "type": "Ubuntu" } ], "id": "CVE-2024-11003" }, { "severity": [ { "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "high", "type": "Ubuntu" } ], "id": "CVE-2024-48990" }, { "severity": [ { "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "high", "type": "Ubuntu" } ], "id": "CVE-2024-48991" }, { "severity": [ { "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "high", "type": "Ubuntu" } ], "id": "CVE-2024-48992" } ] }
{ "availability": "No subscription required", "binaries": [ { "binary_version": "3.6-7ubuntu4.3", "binary_name": "needrestart" } ] }
{ "ecosystem": "Ubuntu:24.04:LTS", "cves": [ { "severity": [ { "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "type": "CVSS_V3" }, { "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "medium", "type": "Ubuntu" } ], "id": "CVE-2024-10224" }, { "severity": [ { "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "medium", "type": "Ubuntu" } ], "id": "CVE-2024-11003" }, { "severity": [ { "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "high", "type": "Ubuntu" } ], "id": "CVE-2024-48990" }, { "severity": [ { "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "high", "type": "Ubuntu" } ], "id": "CVE-2024-48991" }, { "severity": [ { "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "high", "type": "Ubuntu" } ], "id": "CVE-2024-48992" } ] }
{ "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro", "binaries": [ { "binary_version": "1.20-1ubuntu0.1~esm1", "binary_name": "libmodule-scandeps-perl" } ] }
{ "ecosystem": "Ubuntu:Pro:16.04:LTS", "cves": [ { "severity": [ { "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "type": "CVSS_V3" }, { "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "medium", "type": "Ubuntu" } ], "id": "CVE-2024-10224" }, { "severity": [ { "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "medium", "type": "Ubuntu" } ], "id": "CVE-2024-11003" }, { "severity": [ { "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "high", "type": "Ubuntu" } ], "id": "CVE-2024-48990" }, { "severity": [ { "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "high", "type": "Ubuntu" } ], "id": "CVE-2024-48991" }, { "severity": [ { "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "high", "type": "Ubuntu" } ], "id": "CVE-2024-48992" } ] }
{ "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro", "binaries": [ { "binary_version": "2.6-1ubuntu0.1~esm1", "binary_name": "needrestart" } ] }
{ "ecosystem": "Ubuntu:Pro:16.04:LTS", "cves": [ { "severity": [ { "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "type": "CVSS_V3" }, { "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "medium", "type": "Ubuntu" } ], "id": "CVE-2024-10224" }, { "severity": [ { "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "medium", "type": "Ubuntu" } ], "id": "CVE-2024-11003" }, { "severity": [ { "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "high", "type": "Ubuntu" } ], "id": "CVE-2024-48990" }, { "severity": [ { "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "high", "type": "Ubuntu" } ], "id": "CVE-2024-48991" }, { "severity": [ { "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "high", "type": "Ubuntu" } ], "id": "CVE-2024-48992" } ] }
{ "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro", "binaries": [ { "binary_version": "1.24-1ubuntu0.1~esm1", "binary_name": "libmodule-scandeps-perl" } ] }
{ "ecosystem": "Ubuntu:Pro:18.04:LTS", "cves": [ { "severity": [ { "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "type": "CVSS_V3" }, { "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "medium", "type": "Ubuntu" } ], "id": "CVE-2024-10224" }, { "severity": [ { "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "medium", "type": "Ubuntu" } ], "id": "CVE-2024-11003" }, { "severity": [ { "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "high", "type": "Ubuntu" } ], "id": "CVE-2024-48990" }, { "severity": [ { "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "high", "type": "Ubuntu" } ], "id": "CVE-2024-48991" }, { "severity": [ { "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "high", "type": "Ubuntu" } ], "id": "CVE-2024-48992" } ] }
{ "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro", "binaries": [ { "binary_version": "3.1-1ubuntu0.1+esm1", "binary_name": "needrestart" } ] }
{ "ecosystem": "Ubuntu:Pro:18.04:LTS", "cves": [ { "severity": [ { "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "type": "CVSS_V3" }, { "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "medium", "type": "Ubuntu" } ], "id": "CVE-2024-10224" }, { "severity": [ { "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "medium", "type": "Ubuntu" } ], "id": "CVE-2024-11003" }, { "severity": [ { "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "high", "type": "Ubuntu" } ], "id": "CVE-2024-48990" }, { "severity": [ { "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "high", "type": "Ubuntu" } ], "id": "CVE-2024-48991" }, { "severity": [ { "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "high", "type": "Ubuntu" } ], "id": "CVE-2024-48992" } ] }
{ "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro", "binaries": [ { "binary_version": "1.27-1ubuntu0.1~esm1", "binary_name": "libmodule-scandeps-perl" } ] }
{ "ecosystem": "Ubuntu:Pro:20.04:LTS", "cves": [ { "severity": [ { "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "type": "CVSS_V3" }, { "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "medium", "type": "Ubuntu" } ], "id": "CVE-2024-10224" }, { "severity": [ { "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "medium", "type": "Ubuntu" } ], "id": "CVE-2024-11003" }, { "severity": [ { "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "high", "type": "Ubuntu" } ], "id": "CVE-2024-48990" }, { "severity": [ { "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "high", "type": "Ubuntu" } ], "id": "CVE-2024-48991" }, { "severity": [ { "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "high", "type": "Ubuntu" } ], "id": "CVE-2024-48992" } ] }
{ "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro", "binaries": [ { "binary_version": "3.4-6ubuntu0.1+esm1", "binary_name": "needrestart" } ] }
{ "ecosystem": "Ubuntu:Pro:20.04:LTS", "cves": [ { "severity": [ { "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "type": "CVSS_V3" }, { "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "medium", "type": "Ubuntu" } ], "id": "CVE-2024-10224" }, { "severity": [ { "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "medium", "type": "Ubuntu" } ], "id": "CVE-2024-11003" }, { "severity": [ { "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "high", "type": "Ubuntu" } ], "id": "CVE-2024-48990" }, { "severity": [ { "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "high", "type": "Ubuntu" } ], "id": "CVE-2024-48991" }, { "severity": [ { "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "high", "type": "Ubuntu" } ], "id": "CVE-2024-48992" } ] }