CVE-2024-6714

An issue was discovered in provd before version 0.1.5 with a setuid binary, which allows a local attacker to escalate their privilege...

CVE-2024-6714

An issue was discovered in provd before version 0.1.5 with a setuid binary, which allows a local attacker to escalate their privilege...

CVE-2024-6714

An issue was discovered in provd before version 0.1.5 with a setuid binary, which allows a local attacker to escalate their privilege...

PT-2024-37817 · Provd +2 · Provd +2

Name of the Vulnerable Software and Affected Versions: provd versions prior to 0.1.5 Description: An issue was discovered in provd with a setuid binary, which allows a local attacker to escalate their privilege. Recommendations: For versions prior to 0.1.5, update to version 0.1.5 or later to...

CVE-2024-38531

Nix is a package manager for Linux and other Unix systems that makes package management reliable and reproducible. A build process has access to and can change the permissions of the build directory. After creating a setuid binary in a globally accessible location, a malicious local user can assu...

CVE-2024-38531

Nix is a package manager for Linux and other Unix systems that makes package management reliable and reproducible. A build process has access to and can change the permissions of the build directory. After creating a setuid binary in a globally accessible location, a malicious local user can assu...

UBUNTU-CVE-2024-38531

Nix is a package manager for Linux and other Unix systems that makes package management reliable and reproducible. A build process has access to and can change the permissions of the build directory. After creating a setuid binary in a globally accessible location, a malicious local user can assu...

CVE-2024-38531

CVE-2024-38531 affects the Nix package manager. A build process can access and modify the permissions of the build directory, and after a setuid binary is created in a globally accessible location, a local attacker could assume the permissions of a Nix daemon worker and hijack all future builds. ...

CVE-2024-38531 Nix sandbox escape

Nix is a package manager for Linux and other Unix systems that makes package management reliable and reproducible. A build process has access to and can change the permissions of the build directory. After creating a setuid binary in a globally accessible location, a malicious local user can assu...

CVE-2024-38531

Nix is a package manager for Linux and other Unix systems that makes package management reliable and reproducible. A build process has access to and can change the permissions of the build directory. After creating a setuid binary in a globally accessible location, a malicious local user can assu...

IBM Corporation AIX invscout SetUID Binary OS Command Injection Vulnerability

Talos Vulnerability Report TALOS-2023-1691 IBM Corporation AIX invscout SetUID Binary OS Command Injection Vulnerability April 24, 2023 CVE Number CVE-2023-28528 SUMMARY An OS command injection vulnerability exists in the invscout setUID binary functionality of IBM Corporation AIX 7.2. A...

PT-2023-13547 · Amanda +2 · Amanda +2

Name of the Vulnerable Software and Affected Versions: Amanda version 3.5.1 Description: The issue allows privilege escalation from a regular user backup to root. A SUID binary located at /lib/amanda/rundump executes /usr/sbin/dump as root with controlled arguments from the attacker, which may le...

CVE-2023-24039

CVE-2023-24039 affects Common Desktop Environment 1.6, specifically the ParseColors function in libXm. A stack-based buffer overflow can be exploited by local, low-privilege users via the dtprintinfo setuid binary to escalate to root on Solaris 10. Several connected sources confirm the issue and ...

CVE-2021-3020

An issue was discovered in ClusterLabs Hawk aka HA Web Konsole through 2.3.0-15. It ships the binary hawkinvoke built from tools/hawkinvoke.c, intended to be used as a setuid program. This allows the hacluster user to invoke certain commands as root with an attempt to limit this to safe...

The vulnerability of the ImageCast X ballot marking device’s software, related to access control errors, allows a violator to execute arbitrary code.

The vulnerability of the ImageCast X ballot marking device’s software is related to access control errors. Exploiting this vulnerability could allow a perpetrator to execute arbitrary code using a specially created binary file with the setuid flag...

PT-2022-3261

Name of the Vulnerable Software and Affected Versions Dominion Voting Systems ImageCast X affected versions not specified Description The issue is related to errors in access control, allowing an attacker to execute arbitrary code with elevated privileges by exploiting a system-level service. Thi...

ROS-20220128-01

The vulnerability in the Polkit library for UNIX-like operating systems is related to improper handling of the number of call parameters in the pkexec setuid binary, which causes the binary to executes environment variables as commands. Exploitation of the vulnerability could allow an attacker to...

The vulnerability of the PAM module’s Python interpreter allows attackers to increase their privileges.

The vulnerability of the PAM module’s Python interpreter involves insecure management of privileges. Exploiting this vulnerability allows attackers to elevate their privileges using a specially created binary file with a setuid flag...

[SECURITY] Fedora 32 Update: bubblewrap-0.4.1-1.fc32

Bubblewrap /usr/bin/bwrap is a core execution engine for unprivileged containers that works as a setuid binary on kernels without user namespaces...

CVE-2019-19544

CA Automic Dollar Universe 5.3.3 contains a vulnerability, related to the uxdqmsrv binary being setuid root, that allows local attackers to elevate privileges. This vulnerability was reported to CA several years after CA Automic Dollar Universe 5.3.3 reached End of Life EOL status on April 1, 201...