glibc: static setuid binary dlopen may incorrectly search LD_LIBRARY_PATH

A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen, including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo, may incorrectly search LDLIBRARYPATH to determine which library to load, allowing a local attacker to load...

glibc: static setuid binary dlopen may incorrectly search LD_LIBRARY_PATH

A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen, including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo, may incorrectly search LDLIBRARYPATH to determine which library to load, allowing a local attacker to load...

CLSA-2025-1750416241 glibc: Fix of CVE-2025-4802

CVE-2025-4802: fix untrusted LDLIBRARYPATH vulnerability in dynamically shared library loading in setuid binaries...

OESA-2025-1581 glibc security update

The GNU C Library project provides the core libraries for the GNU system and GNU/Linux systems, as well as many other systems that use Linux as the kernel. These libraries provide critical APIs including ISO C11, POSIX.1-2008, BSD, OS-specific APIs and more. These APIs include such foundational...

USN-7541-1 glibc vulnerability

It was discovered that the GNU C Library incorrectly search LDLIBRARYPATH to determine which library to load when statically linked setuid binary calls dlopen. A local attacker could possibly use this issue to cause a denial of service or execute arbitrary code...

AZL-61873 CVE-2025-4802 affecting package glibc 2.35-10

Untrusted LDLIBRARYPATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen including internal dlopen calls after setlocale or calls to NSS functions...

GNU C Library 代码问题漏洞

The GNU C Library is an open source, free C language compiler from the GNU community released under the LGPL license. A code issue vulnerability exists in GNU C Library, which can be exploited by an attacker to cause dynamic shared library loading...

PT-2025-6761 · Unknown · Usb-Convertercable Driver

Name of the Vulnerable Software and Affected Versions: USB-CONVERTERCABLE DRIVER affected versions not specified Description: A security issue has been discovered in USB-CONVERTERCABLE DRIVER, related to the insecure loading of dynamic link libraries, which could allow local attackers to...

[SECURITY] Fedora 39 Update: rust-scx_rusty-0.5.4-2.fc39

A multi-domain, BPF / user space hybrid scheduler used within schedext, which is a Linux kernel feature which enables implementing kernel thread schedulers in BPF and dynamically loading them. https://github.com/sched-ext/scx/tree/main...

[SECURITY] Fedora 39 Update: rust-scx_rustland-0.0.3-2.fc39

A BPF component dispatcher that implements the low level sched-ext functionalities and a user-space counterpart scheduler, written in Rust, that implements the actual scheduling policy. This is used within schedext, which is a Linux kernel feature which enables implementing kernel thread schedule...

Fedora: Security Advisory for glib2 (FEDORA-2024-635a54eb7e)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: rust-scx_rusty-0.5.4-2.fc40

A multi-domain, BPF / user space hybrid scheduler used within schedext, which is a Linux kernel feature which enables implementing kernel thread schedulers in BPF and dynamically loading them. https://github.com/sched-ext/scx/tree/main...

[SECURITY] Fedora 39 Update: glib2-2.78.6-1.fc39

GLib is the low-level core library that forms the basis for projects such as GTK+ and GNOME. It provides data structure handling for C, portability wrappers, and interfaces for such runtime functionality as an event loop, threads, dynamic loading, and an object system...

The vulnerability of the Microsoft ODBC Driver for SQL Server’s dynamic layout library, related to reading data beyond the buffer in memory, allows an attacker to execute arbitrary code.

The vulnerability of the Microsoft ODBC Driver for SQL Server dynamic loading library relates to reading data beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code remotely...

Fedora: Security Advisory for plexus-classworlds (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

pocsuite3

This is a Python-based framework for remote vulnerability testing and proof-of-concept development, called pocsuite3. It is developed by the Knownsec 404 Team and is designed for penetration testers and security researchers. The framework comes with a powerful proof-of-concept engine and various...

Google Golang Cross-Site Scripting Vulnerability

Google Golang is a static, strongly typed, compiled language from Google.The syntax of Go is close to C, but with differences in variable declarations.Go supports garbage collection.Go's parallel model is based on Tony Hall's Communicating Sequential Processes CSP, and other languages with a...

PythonMemoryModule - Pure-Python Implementation Of MemoryModule Technique To Load Dll And Unmanaged Exe Entirely From Memory

"Python memory module" AI generated pic - hotpot.ai pure-python implementation of MemoryModule technique to load a dll or unmanaged exe entirely from memory What is it PythonMemoryModule is a Python ctypes porting of the MemoryModule technique originally published by Joachim Bauch. It can load a...

Path traversal

In imo.im 2022.11.1051, a path traversal vulnerability delivered via an unsanitized deeplink can force the application to write a file into the application's data directory. This may allow an attacker to save a shared library under a special directory which the app uses to dynamically load module...

Google Golang 安全漏洞

Google Golang is a static, strongly typed, compiled language from Google.The syntax of Go is close to C, but with differences in variable declarations.Go supports garbage collection.Go's parallel model is based on Tony Hall's Communicating Sequential Processes CSP, and other languages with a...