CVE-2025-9615

A flaw was found in NetworkManager. The NetworkManager package allows access to files that may belong to other users. NetworkManager allows non-root users to configure the system's network. The daemon runs with root privileges and can access files owned by users different from the one who added t...

UBUNTU-CVE-2025-9615

A flaw was found in NetworkManager. The NetworkManager package allows access to files that may belong to other users. NetworkManager allows non-root users to configure the system's network. The daemon runs with root privileges and can access files owned by users different from the one who added t...

EUVD-2025-25276

Malicious code in bioql PyPI...

Race Condition within a Thread

Overview Affected versions of this package are vulnerable to Race Condition within a Thread via the Autoupdate helper tool. A local unprivileged attacker can gain elevated privileges by sending a very well-timed XPC message and connect to the daemon when it is spawned as root and requesting...

CVE-2025-50691

MCSManager 10.5.3 daemon process runs as a root account by default, and its sensitive data including tokens and terminal content is stored in the data directory, readable by all users. Other users on the system can read the daemon's key and use it to log in, leading to privilege escalation...

CVE-2025-50691

MCSManager 10.5.3 daemon process runs as a root account by default, and its sensitive data including tokens and terminal content is stored in the data directory, readable by all users. Other users on the system can read the daemon's key and use it to log in, leading to privilege escalation...

CVE-2025-50691

MCSManager 10.5.3 daemon process runs as a root account by default, and its sensitive data including tokens and terminal content is stored in the data directory, readable by all users. Other users on the system can read the daemon's key and use it to log in, leading to privilege escalation...

CVE-2025-8453

CWE-269: Improper Privilege Management vulnerability exists that could cause privilege escalation and arbitrary code execution when a privileged engineer user with console access modifies a configuration file used by a root-level daemon to execute custom scripts...

CVE-2025-50691

MCSManager 10.5.3 daemon process runs as a root account by default, and its sensitive data including tokens and terminal content is stored in the data directory, readable by all users. Other users on the system can read the daemon's key and use it to log in, leading to privilege escalation...

CVE-2025-50691

MCSManager 10.5.3 daemon process runs as a root account by default, and its sensitive data including tokens and terminal content is stored in the data directory, readable by all users. Other users on the system can read the daemon's key and use it to log in, leading to privilege escalation...

MCSManager Panel 安全漏洞

MCSManager Panel is an open source game server administration panel from MCSManager. A security vulnerability exists in MCSManager Panel version 10.5.3, which stems from a daemon running as root by default and sensitive data being readable by all users, which may result in elevated privileges...

CVE-2025-8453

CWE-269: Improper Privilege Management vulnerability exists that could cause privilege escalation and arbitrary code execution when a privileged engineer user with console access modifies a configuration file used by a root-level daemon to execute custom scripts...

CVE-2025-8453

CWE-269: Improper Privilege Management vulnerability exists that could cause privilege escalation and arbitrary code execution when a privileged engineer user with console access modifies a configuration file used by a root-level daemon to execute custom scripts...

CVE-2025-8453

CWE-269: Improper Privilege Management vulnerability exists that could cause privilege escalation and arbitrary code execution when a privileged engineer user with console access modifies a configuration file used by a root-level daemon to execute custom scripts...

CVE-2025-8453

CVE-2025-8453 describes a CWE-269 vulnerability in Schneider Electric Saitel DR RTU (and related RTU products) where a privileged engineer with console access can modify a configuration file used by a root‑level daemon to execute scripts, enabling privilege escalation and potential arbitrary code...

PT-2025-34053 · Unknown · Root-Level Daemon

Name of the Vulnerable Software and Affected Versions: affected versions not specified Description: A CWE-269: Improper Privilege Management issue exists that may lead to privilege escalation and arbitrary code execution. This occurs when a privileged engineer user with console access modifies a...

PYSEC-2024-248

OpenCanary, a multi-protocol network honeypot, directly executed commands taken from its config file. Prior to version 0.9.4, where the config file is stored in an unprivileged user directory but the daemon is executed by root, it’s possible for the unprivileged user to change the config file and...

CVE-2017-1000203

ROOT version 6.9.03 and below is vulnerable to an authenticated shell metacharacter injection in the rootd daemon resulting in remote code execution...

Use-After-Free Vulnerability in pcsc-lite

Peter Wu on Openwall mailing-list reports: The issue allows a local attacker to cause a Denial of Service, but can potentially result in Privilege Escalation since the daemon is running as root. while any local user can connect to the Unix socket. Fixed by patch which is released with hpcsc-lite...