← Back

Needrestart Project

needrestart_project

5 CVEs • 1 product

Products (1)

Click to collapse
Toggle
Needrestart
needrestart
5 CVEs

CVEs (5)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2024-48992
1Needrestart Project
1Needrestart
Nov 3, 2025
Nov 19, 2024
N/A· v4
7.8 HIGH· v3
N/A· v2
Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Ruby interpreter with an attacker-controlled RUBYLIB environment v...Show more
Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Ruby interpreter with an attacker-controlled RUBYLIB environment variable.Show less
CVE-2024-48991
1Needrestart Project
1Needrestart
Nov 3, 2025
Nov 19, 2024
N/A· v4
7.8 HIGH· v3
N/A· v2
Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by winning a race condition and tricking needrestart into running their own, fake Python interpreter (inste...Show more
Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by winning a race condition and tricking needrestart into running their own, fake Python interpreter (instead of the system's real Python interpreter). The initial security fix (6ce6136) introduced a regression which was subsequently resolved (42af5d3).Show less
CVE-2024-48990
1Needrestart Project
1Needrestart
Nov 3, 2025
Nov 19, 2024
N/A· v4
7.8 HIGH· v3
N/A· v2
Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Python interpreter with an attacker-controlled PYTHONPATH environm...Show more
Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Python interpreter with an attacker-controlled PYTHONPATH environment variable.Show less
CVE-2024-11003
1Needrestart Project
1Needrestart
Nov 3, 2025
Nov 19, 2024
N/A· v4
7.8 HIGH· v3
N/A· v2
Qualys discovered that needrestart, before version 3.8, passes unsanitized data to a library (Modules::ScanDeps) which expects safe input. This could allow a local attacker to execute arbitrary shell commands. Please see...Show more
Qualys discovered that needrestart, before version 3.8, passes unsanitized data to a library (Modules::ScanDeps) which expects safe input. This could allow a local attacker to execute arbitrary shell commands. Please see the related CVE-2024-10224 in Modules::ScanDeps.Show less
CVE-2022-30688
2Debian
Needrestart Project
2Debian Linux
Needrestart
Nov 3, 2025
May 17, 2022
N/A· v4
7.8 HIGH· v3
4.6 MEDIUM· v2
needrestart 0.8 through 3.5 before 3.6 is prone to local privilege escalation. Regexes to detect the Perl, Python, and Ruby interpreters are not anchored, allowing a local user to escalate privileges when needrestart tri...Show more
needrestart 0.8 through 3.5 before 3.6 is prone to local privilege escalation. Regexes to detect the Perl, Python, and Ruby interpreters are not anchored, allowing a local user to escalate privileges when needrestart tries to detect if interpreters are using old source files.Show less