CVE-2019-20327

Insecure permissions in cwrapperperl in Centreon Infrastructure Monitoring Software through 19.10 allow local attackers to gain privileges. cwrapperperl is a setuid executable allowing execution of Perl scripts with root privileges...

CVE-2015-7556

DeleGate 9.9.13 allows local users to gain privileges as demonstrated by the dgcpnod setuid program...

Design/Logic Flaw

DeleGate 9.9.13 allows local users to gain privileges as demonstrated by the dgcpnod setuid program...

CVE-2015-7556

DeleGate 9.9.13 allows local users to gain privileges as demonstrated by the dgcpnod setuid program...

Privilege escalation

A Privilege Escalation vulnerability exists in Viscosity 1.4.1 on Mac OS X due to a path name validation issue in the setuid-set ViscosityHelper binary, which could let a remote malicious user execute arbitrary code...

DEBIAN-CVE-2012-3490

The 1 mypopenvimpl and 2 myspawnv functions in src/condorutils/mypopen.cpp and the 3 systemCommand function in condorvm-gahp/vmgahpcommon.cpp in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 does not properly check the return value of setuid calls, which might cause a subprocess to be created...

CVE-2019-19544

CA Automic Dollar Universe 5.3.3 contains a vulnerability, related to the uxdqmsrv binary being setuid root, that allows local attackers to elevate privileges. This vulnerability was reported to CA several years after CA Automic Dollar Universe 5.3.3 reached End of Life EOL status on April 1, 201...

CVE-2019-19882

A flaw was found in shadow-utils. When compiled with --with-libpam, but without explicitly passing --disable-account-tools-setuid and suitable PAM configurations, a local user could obtain root access due to setuid being misconfigured. The highest threat from this vulnerability is to file...

Security Bulletin: IBM Spectrum Scale for IBM Elastic Storage Server is affected where the local attacker can obtain root privilege by injecting parameters into setuid files (CVE-2019-4558)

Summary The Elastic Storage Server is affected by a vulnerability in IBM Spectrum Scale where one can obtain root privilege by injecting parameters into setuid files. A fix for this vulnerability is available. Vulnerability Details CVEID: CVE-2019-4558 DESCRIPTION: A security vulnerability has be...

UBUNTU-CVE-2012-3409

ecryptfs-utils: suid helper does not restrict mounting filesystems with nosuid,nodev which creates a possible privilege escalation...

CVE-2019-19882

shadow 4.8, in certain circumstances affecting at least Gentoo, Arch Linux, and Void Linux, allows local users to obtain root access because setuid programs are misconfigured. Specifically, this affects shadow 4.8 when compiled using --with-libpam but without explicitly passing...

DEBIAN-CVE-2019-19882

shadow 4.8, in certain circumstances affecting at least Gentoo, Arch Linux, and Void Linux, allows local users to obtain root access because setuid programs are misconfigured. Specifically, this affects shadow 4.8 when compiled using --with-libpam but without explicitly passing...

CVE-2019-19882

shadow 4.8, in certain circumstances affecting at least Gentoo, Arch Linux, and Void Linux, allows local users to obtain root access because setuid programs are misconfigured. Specifically, this affects shadow 4.8 when compiled using --with-libpam but without explicitly passing...

Design/Logic Flaw

shadow 4.8, in certain circumstances affecting at least Gentoo, Arch Linux, and Void Linux, allows local users to obtain root access because setuid programs are misconfigured. Specifically, this affects shadow 4.8 when compiled using --with-libpam but without explicitly passing...

CVE-2019-19882

shadow 4.8, in certain circumstances affecting at least Gentoo, Arch Linux, and Void Linux, allows local users to obtain root access because setuid programs are misconfigured. Specifically, this affects shadow 4.8 when compiled using --with-libpam but without explicitly passing...

CVE-2019-19882

CVE-2019-19882 affects Shadow 4.8 when built with --with-libpam but without --disable-account-tools-setuid and without a PAM config compatible with setuid tools, enabling local users to escalate to root via account-management utilities (groupadd, groupdel, groupmod, useradd, userdel, usermod). Th...

CVE-2019-19882

shadow 4.8, in certain circumstances affecting at least Gentoo, Arch Linux, and Void Linux, allows local users to obtain root access because setuid programs are misconfigured. Specifically, this affects shadow 4.8 when compiled using --with-libpam but without explicitly passing...

[ASA-201912-4] shadow: privilege escalation

Arch Linux Security Advisory ASA-201912-4 ========================================= Severity: High Date : 2019-12-18 CVE-ID : CVE-2019-19882 Package : shadow Type : privilege escalation Remote : No Link : https://security.archlinux.org/AVG-1079 Summary ======= The package shadow before version...

CVE-2017-8284

The disasinsn function in target/i386/translate.c in QEMU before 2.9.0, when TCG mode without hardware acceleration is used, does not limit the instruction size, which allows local users to gain privileges by creating a modified basic block that injects code into a setuid program, as demonstrated...

CVE-2019-19726

OpenBSD through 6.6 allows local users to escalate to root because a check for LDLIBRARYPATH in setuid programs can be defeated by setting a very small RLIMITDATA resource limit. When executing chpass or passwd which are setuid root, dlsetupenv in ld.so tries to strip LDLIBRARYPATH from the...