14 matches found
SUSE CVE-2026-35535
In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not a fatal error and can lead to privilege escalation...
Linux Distros Unpatched Vulnerability : CVE-2006-4447
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm, does not check the return values for setuid and seteuid calls when attemptin...
Pleaser privilege escalation vulnerability
please aka pleaser through 0.5.4 allows privilege escalation through the TIOCSTI and/or TIOCLINUX ioctl. If both TIOCSTI and TIOCLINUX are disabled, this cannot be exploited. Here is how to see it in action: $ cd "$mktemp -d" $ git clone --depth 1 https://gitlab.com/edneville/please.git $ cd...
RUSTSEC-2023-0066 Vulnerable to privilege escalation using ioctls TIOCSTI and TIOCLINUX
please is vulnerable to privilege escalation using ioctls TIOCSTI and TIOCLINUX on systems where they are not disabled. Here is how to see it in action: $ cd "$mktemp -d" $ git clone --depth 1 https://gitlab.com/edneville/please.git $ cd please/ $ git rev-parse HEAD...
SUSE CVE-2012-1187
Bitlbee does not drop extra group privileges correctly in unix.c...
Security update for avahi (important)
openSUSE Security Update: Security update for avahi Announcement ID: openSUSE-SU-2021:1845-1 Rating: important References: 1180827 1184521 Cross-References: CVE-2021-26720 CVE-2021-3468 CVSS scores: CVE-2021-26720 NVD : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-26720 SUSE: 7.8...
SUSE: Security Advisory (SUSE-SU-2021:1845-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
zsh security update
4.3.11-11 - improve printing of error messages introduced by the fix of CVE-2019-20044 4.3.11-10 - drop privileges securely when unsetting PRIVILEGED option CVE-2019-20044...
QNX 6.4.x / 6.5.x /etc/shadow Disclosure
QNX 6.4.x/6.5.x pppoectl disclose /etc/shadow by cenobyte 2013 - vulnerability description: QNX setuid root /sbin/pppoectl allows any user to gain access to privileged information such as the root password hash. The vulnerability exists because of a failure to drop privileges or check the...
qemu: when started as root, extra groups are not dropped correctly
The changeprocessuid function in os-posix.c in Qemu 0.14.0 and earlier does not properly drop group privileges when the -runas option is used, which allows local guest users to access restricted files on the host...
TOR Privilege Escalation Vulnerability (Windows)
This host is installed with TOR and is prone to Privilege Escalation vulnerability. OpenVAS Vulnerability Test $Id: secpodtorprivilegeescalationwin.nasl 5370 2017-02-20 15:24:26Z cfi $ TOR Privilege Escalation Vulnerability Windows Authors: Sujit Ghosal Copyright c 2008 SecPod,...
CVE-2005-0070
Synaesthesia 2.1 and earlier, and possibly other versions, when installed setuid root, does not drop privileges before processing configuration and mixer files, which allows local users to read arbitrary files...
DSA-428 slocate - buffer overflow
Bulletin has no description...
IBM AIX nslookup fails to drop root privileges
Overview The nslookup command fails to drop privileges, allowing local attackers to gain root privileges. Description The nslookup program fails to drop the privileges it gains from being setuid. This access appears to be needed to read the "/etc/resolv.conf" file. This problem was described in I...