Lucene search
+L

124 matches found

Cvelist
Cvelist
added 2026/03/26 2:56 p.m.49 views

CVE-2026-4897 Polkit: polkit: denial of service via unbounded input processing through standard input

A flaw was found in polkit. A local user can exploit this by providing a specially crafted, excessively long input to the polkit-agent-helper-1 setuid binary via standard input stdin. This unbounded input can lead to an out-of-memory OOM condition, resulting in a Denial of Service DoS for the...

5.5CVSS0.00131EPSS
Exploits0References2
Veracode
Veracode
added 2026/03/16 3:11 p.m.9 views

Improper Privilege Management

github.com/lxc/incus is vulnerable to Improper Privilege Management. The vulnerability is due to improper handling of custom storage volumes with the security.shifted property, which allows an attacker with root access inside a container to create a setuid binary that can be executed on the host ...

8.6CVSS5.8AI score0.00164EPSS
Exploits1References4Affected Software2
EUVD
EUVD
added 2026/03/05 3:31 a.m.5 views

EUVD-2026-9513

International Data Casting IDC SFX2100 satellite receiver comes with the /sbin/ip utility installed with the setuid bit set. This configuration grants elevated privileges to any local user who can execute the binary. A local actor is able to use the GTFObins resource to preform privileged file...

9.2CVSS6AI score0.00148EPSS
Exploits1References3
NVD
NVD
added 2026/03/05 1:15 a.m.11 views

CVE-2026-29121

International Data Casting IDC SFX2100 satellite receiver comes with the /sbin/ip utility installed with the setuid bit set. This configuration grants elevated privileges to any local user who can execute the binary. A local actor is able to use the GTFObins resource to preform privileged file...

9.2CVSS0.00148EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/05 12:53 a.m.2 views

CVE-2026-29122 `/bin/date` Binary given SETUID Permissions on IDC SFX2100 Leading to Potential LPE

International Data Casting IDC SFX2100 satellite receiver comes with the /bin/date utility installed with the setuid bit set. This configuration grants elevated privileges to any local user who can execute the binary. A local actor is able to use the GTFObins resource to preform privileged file...

9.2CVSS6AI score0.00139EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/05 12:53 a.m.33 views

CVE-2026-29122 `/bin/date` Binary given SETUID Permissions on IDC SFX2100 Leading to Potential LPE

International Data Casting IDC SFX2100 satellite receiver comes with the /bin/date utility installed with the setuid bit set. This configuration grants elevated privileges to any local user who can execute the binary. A local actor is able to use the GTFObins resource to preform privileged file...

9.2CVSS0.00139EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/05 12:48 a.m.4 views

CVE-2026-29121

International Data Casting IDC SFX2100 satellite receiver comes with the /sbin/ip utility installed with the setuid bit set. This configuration grants elevated privileges to any local user who can execute the binary. A local actor is able to use the GTFObins resource to preform privileged file...

9.2CVSS6AI score0.00148EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/03/05 12:48 a.m.38 views

CVE-2026-29121 `/sbin/ip` Binary given SETUID Permissions on IDC SFX2100 Leading to Potential LPE

International Data Casting IDC SFX2100 satellite receiver comes with the /sbin/ip utility installed with the setuid bit set. This configuration grants elevated privileges to any local user who can execute the binary. A local actor is able to use the GTFObins resource to preform privileged file...

9.2CVSS0.00148EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.9 views

PT-2026-23099

Name of the Vulnerable Software and Affected Versions IDC SFX2100 satellite receiver affected versions not specified Description The IDC SFX2100 satellite receiver includes the /bin/date utility installed with the setuid bit set. This configuration allows any local user who can execute the binary...

9.2CVSS5.9AI score0.00139EPSS
Exploits1References7
CISA KEV Catalog
CISA KEV Catalog
added 2026/01/26 12:0 a.m.8 views

Linux Kernel Integer Overflow Vulnerability

Linux Kernel contains an integer overflow vulnerability in the createelftables function which could allow an unprivileged local user with access to SUID or otherwise privileged binary to escalate their privileges on the system...

7.8CVSS7.3AI score0.14806EPSS
In wildExploits6
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.5 views

PT-2026-28661

Name of the Vulnerable Software and Affected Versions polkit affected versions not specified Description A flaw exists in polkit where a local user can trigger a denial of service. This occurs by providing a specially crafted, excessively long input to the polkit-agent-helper-1 setuid binary via...

5.5CVSS5.9AI score0.00131EPSS
Exploits0References32
GithubExploit
GithubExploit
added 2025/12/30 7:27 a.m.182 views

VAPT-Task-3-PTES

VAPT Task-3 – Advanced Exploitation & PTES Report 👤 Author...

6.7AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/12/02 12:19 a.m.19 views

CVE-2025-57489

Incorrect access control in the SDAgent component of Shirt Pocket SuperDuper! v3.10 allows attackers to escalate privileges to root due to the improper use of a setuid binary...

8.1CVSS7.1AI score0.00257EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/12/01 12:0 a.m.12 views

CVE-2025-57489

Incorrect access control in the SDAgent component of Shirt Pocket SuperDuper! v3.10 allows attackers to escalate privileges to root due to the improper use of a setuid binary...

0.00257EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/12/01 12:0 a.m.4 views

PT-2025-48483

Incorrect access control in the SDAgent component of Shirt Pocket SuperDuper! v3.10 allows attackers to escalate privileges to root due to the improper use of a setuid binary...

7.1AI score0.00257EPSS
Exploits1References4
EUVD
EUVD
added 2025/11/13 4:4 p.m.3 views

EUVD-2025-50816

Incus vulnerable to local privilege escalation through custom storage volumes...

8.6CVSS6AI score0.00164EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2025/11/13 4:4 p.m.8 views

Incus vulnerable to local privilege escalation through custom storage volumes

Impact This affects any Incus user in an environment where an unprivileged user may have root access to a container with an attached custom storage volume that has the security.shifted property set to true as well as access to the host as an unprivileged user. The most common case for this would ...

8.6CVSS5.8AI score0.00164EPSS
Exploits1References5Affected Software1
RedhatCVE
RedhatCVE
added 2025/11/11 6:18 a.m.5 views

CVE-2025-64507

An issue in Incus user in an environment where an unprivileged user may have root access to a container with an attached custom storage volume that has the security.shifted property set to true as well as access to the host as an unprivileged user. The most common case for this would be systems...

8.6CVSS6.7AI score0.00164EPSS
Exploits1References6
Snyk
Snyk
added 2025/11/10 10:43 p.m.3 views

Improper Privilege Management

Overview Affected versions of this package are vulnerable to Improper Privilege Management due to the process handling custom storage volumes with the security.shifted property set to true. An attacker can gain elevated privileges on the host system by creating a custom storage volume, writing a...

8.6CVSS6.6AI score0.00164EPSS
Exploits1References3
OSV
OSV
added 2025/11/10 10:15 p.m.5 views

UBUNTU-CVE-2025-64507

Incus is a system container and virtual machine manager. An issue in versions prior to 6.0.6 and 6.19.0 affects any Incus user in an environment where an unprivileged user may have root access to a container with an attached custom storage volume that has the security.shifted property set to true...

8.6CVSS5.8AI score0.00164EPSS
Exploits1References5
Rows per page
Query Builder