13 matches found
UBUNTU-CVE-2026-35350
The cp utility in uutils coreutils fails to properly handle setuid and setgid bits when ownership preservation fails. When copying with the -p preserve flag, the utility applies the source mode bits even if the chown operation is unsuccessful. This can result in a user-owned copy retaining origin...
CVE-2026-35385
In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O legacy scp protocol and without -p preserve mode...
MiracleLinux 9 : nodejs:20 (AXSA:2024-7667:01)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7667:01 advisory. nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS1 v1.5 padding Marvin CVE-2023-46809 nodejs: reading unprocessed HTTP...
EUVD-2005-2181
Malware in sbrugna...
EUVD-2005-0581
Malware in sbrugna...
EUVD-2004-0186
Malware in sbrugna...
SUSE CVE-2006-4124
The libXm library in LessTif 0.95.0 and earlier allows local users to gain privileges via the DEBUGFILE environment variable, which is used to create world-writable files when libXm is run from a setuid program...
DEBIAN-CVE-2013-6825
1 movescu.cc and 2 storescp.cc in dcmnet/apps/, 3 dcmnet/libsrc/scp.cc, 4 dcmwlm/libsrc/wlmactmg.cc, 5 dcmprscp.cc and 6 dcmpsrcv.cc in dcmpstat/apps/, 7 dcmpstat/tests/msgserv.cc, and 8 dcmqrdb/apps/dcmqrscp.cc in DCMTK 3.6.1 and earlier does not check the return value of the setuid system call,...
GLSA-200502-30 : cmd5checkpw: Local password leak vulnerability
The remote host is affected by the vulnerability described in GLSA-200502-30 cmd5checkpw: Local password leak vulnerability Florian Westphal discovered that cmd5checkpw is installed setuid cmd5checkpw but does not drop privileges before calling execvp, so the invoked program retains the cmd5check...
[SECURITY] glibc update for Debian GNU/Linux 2.1 (update)
Package: glibc Vulnerability: local exploit Debian-specific: no Recently two problems have been found in the glibc suite, which could be used to trick setuid applications to run arbitrary code. An earlier advisory listed the updates for Debian 2.2/potato. This advisory contains updates for Debian...
Дырка в gpm
при запуске пользовательского приложения из gmp-root сначала выполняется setuid и только потом setgid, который не срабатывает. В результате, пользовательское приложение запускается с gid wheel...
xtvscreen.suse6.txt
Date: Thu, 18 Feb 1999 15:54:24 +0000 From: Andre Cruz To: [email protected] Subject: xtvscreen and suse 6 You can use xtvscreen to overwrite any file on the system. Xtvscreen has a function to capture a snapshot and will write it as pic000.pnm, pic001.pnm, etc in it's working directory. It...
FreeBSD-SA-96:11.man
-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-96:11 Security Advisory Revised: Wed May 22 00:11:46 PDT 1996 FreeBSD, Inc. Topic: security compromise from man page utility Category: core Module: man Announced: 1996-05-21...