JLSEC-2026-65

sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with...

EulerOS 2.0 SP11 : proftpd (EulerOS-SA-2026-1587)

According to the versions of the proftpd package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In ProFTPD through 1.3.8b before cec01cc, supplemental group inheritance grants unintended access to GID 0 because of the lack of supplemental...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000539)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000539 advisory. The Linux kernel through 3.17.4 does not properly restrict dropping of supplemental group memberships in certain namespace scenarios, which allows local users to...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002304)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002304 advisory. The Linux kernel through 3.17.4 does not properly restrict dropping of supplemental group memberships in certain namespace scenarios, which allows local users to...

EulerOS 2.0 SP12 : proftpd (EulerOS-SA-2026-1077)

According to the versions of the proftpd package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In ProFTPD through 1.3.8b before cec01cc, supplemental group inheritance grants unintended access to GID 0 because of the lack of supplemental...

EulerOS 2.0 SP13 : proftpd (EulerOS-SA-2025-2528)

According to the versions of the proftpd package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In ProFTPD through 1.3.8b before cec01cc, supplemental group inheritance grants unintended access to GID 0 because of the lack of supplemental...

EulerOS 2.0 SP13 : proftpd (EulerOS-SA-2025-2507)

According to the versions of the proftpd package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In ProFTPD through 1.3.8b before cec01cc, supplemental group inheritance grants unintended access to GID 0 because of the lack of supplemental...

EUVD-2017-9569

Malware in sbrugna...

CVE-2017-18453

cPanel before 64.0.21 does not preserve supplemental groups across account renames SEC-260...

OESA-2024-2508 proftpd security update

ProFTPD is an enhanced FTP server with a focus toward simplicity, security, and ease of configuration. It features a very Apache-like configuration syntax, and a highly customizable server infrastructure, including support for multiple 'virtual' FTP servers, anonymous FTP, and permission-based...

SUSE CVE-2024-48651

In ProFTPD through 1.3.8b before cec01cc, supplemental group inheritance grants unintended access to GID 0 because of the lack of supplemental groups from modsql...

[SECURITY] [DLA 3975-1] proftpd-dfsg security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3975-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès November 29, 2024 https://wiki.debian.org/LTS -...

DEBIAN-CVE-2024-48651

In ProFTPD through 1.3.8b before cec01cc, supplemental group inheritance grants unintended access to GID 0 because of the lack of supplemental groups from modsql...

UBUNTU-CVE-2024-48651

In ProFTPD through 1.3.8b before cec01cc, supplemental group inheritance grants unintended access to GID 0 because of the lack of supplemental groups from modsql...

USN-6565-1 openssh vulnerabilities

It was discovered that OpenSSH incorrectly handled supplemental groups when running helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand as a different user. An attacker could possibly use this issue to escalate privileges. This issue only affected Ubuntu 20.04 LTS...

SUSE CVE-2014-8989

The Linux kernel through 3.17.4 does not properly restrict dropping of supplemental group memberships in certain namespace scenarios, which allows local users to bypass intended file permissions by leveraging a POSIX ACL containing an entry for the group category that is more restrictive than the...

Buildah 安全漏洞

Buildah is a tool that supports building OCI container images. A security vulnerability exists in the Buildah container engine, which stems from the fact that if an attacker has direct access to an affected container where a supplemental group is used to set access permissions and is able to...

CRI-O 安全漏洞

CRI-O is a lightweight container runtime environment for the Kubernetes system. CRI-O suffers from a security vulnerability that stems from the fact that if an attacker has direct access to an affected container where a supplemental group is used to set access permissions and is able to execute...

NewStart CGSL MAIN 6.02 : openssh Vulnerability (NS-SA-2022-0070)

The remote NewStart CGSL host, running version MAIN 6.02, has openssh packages installed that are affected by a vulnerability: - sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialize...

NewStart CGSL MAIN 4.05 : openssh-latest Vulnerability (NS-SA-2022-0001)

The remote NewStart CGSL host, running version MAIN 4.05, has openssh-latest packages installed that are affected by a vulnerability: - sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not...