3217 matches found
PT-2021-5803 · Ntfs-3G +7 · Ntfs-3G +7
Name of the Vulnerable Software and Affected Versions: NTFS-3G versions prior to 2021.8.22 Description: A stack buffer overflow can occur when correcting differences in the MFT and MFTMirror, allowing for code execution or escalation of privileges when setuid-root. The vulnerability is related to...
Updated bash packages fix a security vulnerability
A privilege escalation vulnerability was found in bash in the way it dropped privileges when started with an effective user id not equal to the real user id. Bash may be vulnerable to this flaw if the setuid permission is set and the owner of the bash program itself is a non-root user. A local...
Security Bulletin: IBM Spectrum Scale and IBM GPFS are affected by a security vulnerability (CVE-2016-0392)
Summary A security vulnerability has been identified in all levels of IBM Spectrum Scale and IBM GPFS that could allow a local attacker to inject commands into setuid file parameters and execute commands as root. Vulnerability Details CVEID: CVE-2016-0392 DESCRIPTION: IBM General Parallel File...
Security Bulletin: IBM Spectrum Scale and IBM GPFS are affected by security vulnerabilities (CVE-2016-2985 and CVE-2016-2984)
Summary Security vulnerabilities have been identified in all levels of IBM Spectrum Scale and IBM GPFS that could allow: - a local attacker to execute commands as root by setting environment variables processed by setuid programs CVE-2016-2985 - a local attacker to execute commands as root by...
Medium: libX11
Issue Overview: A flaw was found in libX11. An integer overflow leading to a heap-buffer overflow occurs when setuid programs call XIM client functions while running with elevated privileges. The highest threat from this vulnerability are to data confidentiality and integrity as well as system...
SUSE: Security Advisory (SUSE-SU-2012:0682-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2020:0547-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
libX11: Heap overflow in the X input method client
A flaw was found in libX11. An integer overflow leading to a heap-buffer overflow occurs when setuid programs call XIM client functions while running with elevated privileges. The highest threat from this vulnerability are to data confidentiality and integrity as well as system vulnerability...
bash: when effective UID is not equal to its real UID the saved UID is not dropped
A privilege escalation vulnerability was found in bash in the way it dropped privileges when started with an effective user id not equal to the real user id. Bash may be vulnerable to this flaw if the setuid permission is set and the owner of the bash program itself is a non-root user. A local...
CVE-2020-28010
Exim 4 before 4.94.2 allows Out-of-bounds Write because the main function, while setuid root, copies the current working directory pathname into a buffer that is too small on some common platforms...
Design/Logic Flaw
Exim 4 before 4.94.2 allows Out-of-bounds Write because the main function, while setuid root, copies the current working directory pathname into a buffer that is too small on some common platforms...
CVE-2020-28010
Exim 4 before 4.94.2 allows Out-of-bounds Write because the main function, while setuid root, copies the current working directory pathname into a buffer that is too small on some common platforms...
UBUNTU-CVE-2020-28010
Exim 4 before 4.94.2 allows Out-of-bounds Write because the main function, while setuid root, copies the current working directory pathname into a buffer that is too small on some common platforms...
CVE-2020-28010
Exim 4 before 4.94.2 allows Out-of-bounds Write because the main function, while setuid root, copies the current working directory pathname into a buffer that is too small on some common platforms...
Privilege Escalation
Bubblewrap bwrap is vulnerable to privilege escalation. If installed in setuid mode and the kernel supports unprivileged user namespaces, then the bwrap --userns2 option can be used to make the setuid process keep running as root while being traceable. This can in turn be used to gain root...
CVE-2021-0255
A local privilege escalation vulnerability in ethtraceroute of Juniper Networks Junos OS may allow a locally authenticated user with shell access to escalate privileges and write to the local filesystem as root. ethtraceroute is shipped with setuid permissions enabled and is owned by the root use...
Information disclosure
A sensitive information disclosure vulnerability in the mosquitto message broker of Juniper Networks Junos OS may allow a locally authenticated user with shell access the ability to read portions of sensitive files, such as the master.passwd file. Since mosquitto is shipped with setuid permission...
CVE-2021-28250
CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a setuid and/or setgid file. When a component is run as an argument of the runpicEhealth executable, the script code will be executed as the ehealth user. NOTE: This vulnerability only affects products that ar...
Privilege escalation
UNSUPPORTED WHEN ASSIGNED CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a setuid and/or setgid file. When a component is run as an argument of the runpicEhealth executable, the script code will be executed as the ehealth user. NOTE: This vulnerability onl...
CVE-2021-28250
CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a setuid and/or setgid file. When a component is run as an argument of the runpicEhealth executable, the script code will be executed as the ehealth user. NOTE: This vulnerability only affects products that ar...