Linux Distros Unpatched Vulnerability : CVE-2021-44038

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Quagga through 1.2.4. Unsafe chown/chmod operations in the suggested spec file allow users with control of the non-root-owned directo...

CVE-2025-57220

An input validation flaw in the 'ate' service of Tenda AC10 v4.0 firmware v16.03.10.09multiTDE01 to escalate privileges to root via a crafted UDP packet...

CVE-2025-25732

Incorrect access control in the EEPROM component of Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units RSUs v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 allows attackers to replace password hashes stored in the EEPROM with hashes of their own, leading to the escalation of privileges to roo...

Remote Code Execution (RCE)

pyloadng is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe path construction in the addcrypted endpoint via the package parameter, which allows unauthenticated attackers to write arbitrary files outside the designated directory, enabling privilege escalation and remot...

Linux Distros Unpatched Vulnerability : CVE-2024-6387

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A security regression CVE-2006-5051 was discovered in OpenSSH's server sshd. There is a race condition which can lead sshd to handle some signals in an unsafe...

Linux Distros Unpatched Vulnerability : CVE-2024-52336

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A script injection vulnerability was identified in the Tuned package. The instancecreate D-Bus function can be called by locally logged-in users without...

Linux Distros Unpatched Vulnerability : CVE-2023-5536

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A feature in LXD LP1829071, affects the default configuration of Ubuntu Server which allows privileged users in the lxd group to escalate their privilege to roo...

CVE-2025-8941

A flaw was found in linux-pam. The pamnamespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020...

CVE-2012-10041 WAN Emulator v2.3 Command Execution

WAN Emulator v2.3 contains two unauthenticated command execution vulnerabilities. The result.php script calls shellexec with unsanitized input from the pc POST parameter, allowing remote attackers to execute arbitrary commands as the www-data user. The system also includes a SUID-root binary name...

Ceph 安全漏洞

Ceph is a file storage platform from Ceph open source. A security vulnerability exists in Ceph versions 17.2.7, 18.2.1 through 18.2.4, and 19.0.0 through 19.2.2, which stems from an unprivileged user being able to elevate to root privileges via chmod 777...

ALSA-2025:A005 Important: libblockdev security update

libblockdev is a C library supporting GObject introspection for manipulation of block devices. It has a plugin-based architecture where each technology like LVM, Btrfs, MD RAID, Swap,... is implemented in a separate plugin, possibly with multiple implementations e.g. using LVM CLI or the new LVM...

CVE-2024-28015

Improper Neutralization of Special Elements used in an OS Command vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX-MS, WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2,...

CVE-2024-20277

A vulnerability in the web-based management interface of Cisco ThousandEyes Enterprise Agent, Virtual Appliance installation type, could allow an authenticated, remote attacker to perform a command injection and elevate privileges to root. This vulnerability is due to insufficient validation of...

CVE-2023-20224

A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent, Virtual Appliance installation type, could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability is due to insufficient input validation of user-supplied CLI arguments. An...

CVE-2023-36750

A vulnerability has been identified in RUGGEDCOM ROX MX5000 All versions V2.16.0, RUGGEDCOM ROX MX5000RE All versions V2.16.0, RUGGEDCOM ROX RX1400 All versions V2.16.0, RUGGEDCOM ROX RX1500 All versions V2.16.0, RUGGEDCOM ROX RX1501 All versions V2.16.0, RUGGEDCOM ROX RX1510 All versions V2.16.0...

CVE-2022-41578

The MPTCP module has an out-of-bounds write vulnerability.Successful exploitation of this vulnerability may cause root privilege escalation attacks implemented by modifying program information...

CVE-2021-29256

. The Arm Mali GPU kernel driver allows an unprivileged user to achieve access to freed memory, leading to information disclosure or root privilege escalation. This affects Bifrost r16p0 through r29p0 before r30p0, Valhall r19p0 through r29p0 before r30p0, and Midgard r28p0 through r30p0...

CVE-2021-37074

There is a Race Condition vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to the user root privilege escalation...

CVE-2020-16262

Winston 1.5.4 devices have a local www-data user that is overly permissioned, resulting in root privilege escalation...

CVE-2018-7716

PrivateVPN 2.0.31 for macOS suffers from a root privilege escalation vulnerability with its com.privat.vpn.helper privileged helper tool. This privileged helper tool implements an XPC service that allows arbitrary installed applications to connect and send messages. The XPC service extracts the...