Factory

This hub aggregates every CVE we track for Factory, a product in the operating systems space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Factory.

• CVE-2022-31253openldap2: /usr/lib/openldap/start allows ldap user/group to recursively chown arbitrary directory trees to itself7.1Nov 9, 2022
• CVE-2022-31256sendmail: mail to root privilege escalation via sm-client.pre script7.7Oct 26, 2022
• CVE-2022-31251slurm: %post for slurm-testsuite operates as root in user owned directory6.5Sep 7, 2022
• CVE-2022-21946suddoers configuration for cscreen not restrictive enough5.3Mar 16, 2022
• CVE-2022-21945cscreen: usage of fixed path /tmp/cscreen.debug5.1Mar 16, 2022
• CVE-2021-45082An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function check_for_invalid_imports can allow Cheetah code to import Python modules via the "#from MODULE import" substri...7.8Feb 18, 2022
• CVE-2022-21944watchman: chown in watchman@.socket unit allows symlink attack7.8Jan 26, 2022
• CVE-2021-36781parsec: dangerous 777 permissions for /run/parsec5.9Jan 14, 2022
• CVE-2021-46141An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriFreeUriMembers and uriMakeOwner.5.5Jan 6, 2022
• CVE-2021-46142An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriNormalizeSyntax.5.5Jan 6, 2022
• CVE-2021-41819CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby.7.5Jan 1, 2022
• CVE-2021-41817Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1.7.5Jan 1, 2022
• CVE-2021-4166Out-of-bounds Read in vim/vim7.1Dec 25, 2021
• CVE-2021-32000clone-master-clean-up: dangerous file system operations3.2Jul 28, 2021
• CVE-2021-25321arpwatch: Local privilege escalation from runtime user to root7.8Jun 30, 2021