PT-2025-21753

Name of the Vulnerable Software and Affected Versions GNU C Library versions 2.27 through 2.38 Description An issue exists in the GNU C Library where the LD LIBRARY PATH environment variable is incorrectly searched to determine which library to load when a statically linked setuid binary calls th...

kernel: exec: Fix ToCToU between perm check and set-uid/gid usage

A vulnerability was found in the Linux kernel. The fix addresses a race condition during file execution exec, where a file’s permissions could change between an initial check and execution, potentially allowing unauthorized privilege escalation. Specifically, a non-privileged user could gain root...

SUSE CVE-2025-23395

Screen 5.0.0 when it runs with setuid-root privileges does not drop privileges while operating on a user supplied path. This allows unprivileged users to create files in arbitrary locations with root ownership, the invoking user's real group ownership and file mode 0644. All data written to the...

SUSE CVE-2025-46804

A minor information leak when running Screen with setuid-root privileges allows unprivileged users to deduce information about a path that would otherwise not be available. Affected are older Screen versions, as well as version 5.0.0...

SUSE CVE-2025-46805

Screen version 5.0.0 and older version 4 releases have a TOCTOU race potentially allowing to send SIGHUP, SIGCONT to privileged processes when installed setuid-root...

CVE-2025-46804

A minor information leak when running Screen with setuid-root privileges allows unprivileged users to deduce information about a path that would otherwise not be available. Affected are older Screen versions, as well as version 5.0.0...

UBUNTU-CVE-2025-46805

Screen version 5.0.0 and older version 4 releases have a TOCTOU race potentially allowing to send SIGHUP, SIGCONT to privileged processes when installed setuid-root...

CVE-2025-46805

Screen version 5.0.0 and older version 4 releases have a TOCTOU race potentially allowing to send SIGHUP, SIGCONT to privileged processes when installed setuid-root...

CVE-2025-23395

Screen 5.0.0 when it runs with setuid-root privileges does not drop privileges while operating on a user supplied path. This allows unprivileged users to create files in arbitrary locations with root ownership, the invoking user's real group ownership and file mode 0644. All data written to the...

UBUNTU-CVE-2025-46804

A minor information leak when running Screen with setuid-root privileges allows unprivileged users to deduce information about a path that would otherwise not be available. Affected are older Screen versions, as well as version 5.0.0...

Linux Distros Unpatched Vulnerability : CVE-2023-29403

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as...

Linux Distros Unpatched Vulnerability : CVE-2015-3339

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Race condition in the preparebinprm function in fs/exec.c in the Linux kernel before 3.19.6 allows local users to gain privileges by executing a setuid program ...

CLSA-2025-1739387560 ncurses: Fix of CVE-2023-29491

CVE-2023-29491: fix triggering memory corruption via malformed terminfo database file when used by a setuid application...

CVE-2024-6714

An issue was discovered in provd before version 0.1.5 with a setuid binary, which allows a local attacker to escalate their privilege...

Cloudflare OctoRPKI 安全漏洞

Cloudflare OctoRPKI is an RPKI toolkit for the Cloudflare platform from Cloudflare Inc. in the United States. A security vulnerability exists in Cloudflare OctoRPKI versions prior to v1.4.0, which stems from the use of the -a flag to 0 when copying files with rsync, which forces rsync to copy...

PT-2025-37452

Name of the Vulnerable Software and Affected Versions: GNU Guix versions prior to 1618ca7 Description: A content-addressed-mirrors file can be written to create a setuid program. This allows a regular user to gain the privileges of the build user, even after the build process has completed...

BIT-NODE-MIN-2024-22017

setuid does not affect libuv's internal iouring operations if initialized before the call to setuid. This allows the process to perform privileged operations despite presumably having dropped such privileges through a call to setuid. This vulnerability affects all users using version greater or...

kernel: s390/qeth: Fix kernel panic after setting hsuid

In the Linux kernel, the following vulnerability has been resolved: s390/qeth: Fix kernel panic after setting hsuid Symptom: When the hsuid attribute is set for the first time on an IQD Layer3 device while the corresponding network interface is already UP, the kernel will try to execute a napi...

BIT-NODE-2024-22017

setuid does not affect libuv's internal iouring operations if initialized before the call to setuid. This allows the process to perform privileged operations despite presumably having dropped such privileges through a call to setuid. This vulnerability affects all users using version greater or...

CVE-2024-52867

guix-daemon in GNU Guix before 5ab3c4c allows privilege escalation because build outputs are accessible by local users before file metadata concerns e.g., for setuid and setgid programs are properly addressed. The vulnerability can be remediated within the product via certain pull, reconfigure, a...