98 matches found
PT-2026-3885
Name of the Vulnerable Software and Affected Versions openCryptoki versions 2.3.2 and above Description openCryptoki is a PKCS11 library used on Linux and AIX systems. Versions 2.3.2 and above are susceptible to symlink-following when operating in privileged contexts. A user belonging to the...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001104)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001104 advisory. The overlayfs implementation in the Linux kernel through 4.5.2 does not properly maintain POSIX ACL xattr data, which allows local users to gain privileges by...
EUVD-2025-200300
A container privilege escalation flaw was found in certain CodeReady Workspaces images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a...
CVE-2025-57850 Codeready-ws: privilege escalation via excessive /etc/passwd permissions
A container privilege escalation flaw was found in certain CodeReady Workspaces images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a...
CVE-2025-57850
CVE-2025-57850 describes a container privilege escalation in CodeReady Workspaces images. The root cause is that the build process creates /etc/passwd with group-writable permissions, enabling a container user (even non-root) to leverage membership in the root group to modify /etc/passwd and add ...
PT-2025-48768
A container privilege escalation flaw was found in certain CodeReady Workspaces images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a...
CVE-2025-34323
Nagios Log Server versions prior to 2026R1.0.1 are vulnerable to local privilege escalation due to a combination of sudo misconfiguration and group-writable application directories. The 'www-data' user is a member of the 'nagios' group, which has write access to...
CVE-2025-57848 Container-native-virtualization: privilege escalation via excessive /etc/passwd permissions
A container privilege escalation flaw was found in certain Container-native Virtualization images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container,...
CVE-2025-58712 Amq: privilege escalation via excessive /etc/passwd permissions
A container privilege escalation flaw was found in certain AMQ Broker images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root...
Red Hat AMQ Broker 安全漏洞
Red Hat AMQ Broker is a pure Java multi-protocol message broker from Red Hat, Inc. It is built on an efficient asynchronous core with fast native logging for message persistence and unshared state replication options for high availability. A security vulnerability exists in Red Hat AMQ Broker tha...
CVE-2025-57852
A CVE is reported for KServe ModelMesh container images: a build-time /etc/passwd file created with group-writable permissions allows a non-root container user, if they are in the root group, to modify /etc/passwd and add a user with any UID (including 0), enabling full container root access. Thi...
Kaseya KServer 安全漏洞
Kaseya KServer is a central server node for a management system from Kaseya Corporation, USA. A security vulnerability exists in Kaseya KServer that stems from a container image build that creates a /etc/passwd file with group writable permissions, which could lead to elevated privileges...
Linux Distros Unpatched Vulnerability : CVE-2016-2854
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The aufs module for the Linux kernel 3.x and 4.x does not properly maintain POSIX ACL xattr data, which allows local users to gain privileges by leveraging a...
GHSA-856V-8QM2-9WJV operator-sdk: privilege escalation due to incorrect permissions of /etc/passwd
Early versions of Operator-SDK provided an insecure method to allow operator containers to run in environments that used a random UID. Operator-SDK before 0.15.2 provided a script, usersetup, which modifies the permissions of the /etc/passwd file to 664 during build time. Developers who used...
CVE-2025-7195
Early versions of Operator-SDK provided an insecure method to allow operator containers to run in environments that used a random UID. Operator-SDK before 0.15.2 provided a script, usersetup, which modifies the permissions of the /etc/passwd file to 664 during build time. Developers who used...
SUSE CVE-2012-3512
Munin before 2.0.6 stores plugin state files that run as root in the same group-writable directory as non-root plugins, which allows local users to execute arbitrary code by replacing a state file, as demonstrated using the smart plugin...
SUSE CVE-2016-1575
The overlayfs implementation in the Linux kernel through 4.5.2 does not properly maintain POSIX ACL xattr data, which allows local users to gain privileges by leveraging a group-writable setgid directory...
SUSE CVE-2016-2854
The aufs module for the Linux kernel 3.x and 4.x does not properly maintain POSIX ACL xattr data, which allows local users to gain privileges by leveraging a group-writable setgid directory...
CVE-2022-31252 permissions: chkstat does not check for group-writable parent directories or target files in safeOpen()
A Incorrect Authorization vulnerability in chkstat of SUSE Linux Enterprise Server 12-SP5; openSUSE Leap 15.3, openSUSE Leap 15.4, openSUSE Leap Micro 5.2 did not consider group writable path components, allowing local attackers with access to a group what can write to a location included in the...
CVE-2022-31252
A Incorrect Authorization vulnerability in chkstat of SUSE Linux Enterprise Server 12-SP5; openSUSE Leap 15.3, openSUSE Leap 15.4, openSUSE Leap Micro 5.2 did not consider group writable path components, allowing local attackers with access to a group what can write to a location included in the...