216 matches found
SUSE CVE-2023-6507
An issue was found in CPython 3.12.0 subprocess module on POSIX platforms. The issue was fixed in CPython 3.12.1 and does not affect other stable releases. When using the extragroups= parameter with an empty list as a value ie extragroups= the logic regressed to not call setgroups0, NULL before...
DEBIAN-CVE-2023-40303
GNU inetutils before 2.5 may allow privilege escalation because of unchecked return values of setid family functions in ftpd, rcp, rlogin, rsh, rshd, and uucpd. This is, for example, relevant if the setuid system call fails when a process is trying to drop privileges before letting an ordinary us...
Privilege Dropping
github.com/apptainer/apptainer is vulnerable to Privilege Dropping. The vulnerability exists because the library does not restore the old syscall setresuid behavior when escalating or dropping privileges, which allows an attacker to provide a maliciously crafted starter config to delete any...
RUSTSEC-2023-0042 Ouroboros is Unsound
Summary Ouroboros has a soundness problem, but a fix has been implemented in 0.16.0. More details: In 0.15.0, Ouroboros works internally by creating a struct where all uses of 'this are replaced by 'static. However, a recent addition to Miri checks that references passed to functions are valid...
PT-2025-25948 · Linux +2 · Linux Kernel +2
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A potential use-after-free bug has been identified in the Linux kernel. The issue arises from the function raid5 release stripesh dropping the reference to sh, which may cause sh to be...
Mozilla Firefox Information Disclosure Vulnerability (CNVD-2023-68439)
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. An information disclosure vulnerability exists in Mozilla Firefox prior to version 110, which originates when dragging and dropping an image, the size of the image may be disclosed, which can be...
K41515225: BIG-IP SSL connection security exposure
Security Advisory Description On a virtual server configured with both Client SSL and Server SSL profiles, when receiving a TCP FIN midstream in an SSL connection, the BIG-IP system immediately proxies the FIN to the remote host on the peer side. If the remote host on the peer side acknowledges t...
SUSE CVE-2012-2653
arpwatch 2.1a15, as used by Red Hat, Debian, Fedora, and possibly others, does not properly drop supplementary groups, which might allow attackers to gain root privileges by leveraging other vulnerabilities in the daemon...
SUSE CVE-2014-9773
modules/chanserv/flags.c in Atheme before 7.2.7 allows remote attackers to modify the Anope FLAGS behavior by registering and dropping the 1 LIST, 2 CLEAR, or 3 MODIFY keyword nicks...
SUSE CVE-2017-6348
The hashbindelete function in net/irda/irqueue.c in the Linux kernel before 4.9.13 improperly manages lock dropping, which allows local users to cause a denial of service deadlock via crafted operations on IrDA devices...
DEBIAN-CVE-2022-42329
Guests can trigger deadlock in Linux netback driver This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packe...
AZL-11584 CVE-2022-42329 affecting package kernel for versions less than 5.15.92.1-1
Guests can trigger deadlock in Linux netback driver This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packe...
CVE-2022-42328
Guests can trigger deadlock in Linux netback driver This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packe...
Ransomware-Simulator - Ransomware Simulator Written In Golang
The goal of this repository is to provide a simple, harmless way to check your AV's protection on ransomware. This tool simulates typical ransomware behaviour, such as: Staging from a Word document macro Deleting Volume Shadow Copies Encrypting documents embedded and dropped by the simulator into...
Ubuntu: Security Advisory (USN-5439-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
GHSA-68P4-PJPF-XWCQ insert_slice_clone can double drop if Clone panics.
Affected versions of this crate used ptr::copy when inserting into the middle of a Vec. When ownership was temporarily duplicated during this copy, it calls the clone method of a user provided element. This issue can result in an element being double-freed if the clone call panics. Commit 20cb73d...
GHSA-F9HX-5JQ4-FGJM phpMyAdmin CSRF Vulnerability
phpMyAdmin versions 4.7.x prior to 4.7.6.1/4.7.7 are vulnerable to a CSRF weakness. By deceiving a user to click on a crafted URL, it is possible to perform harmful database operations such as deleting records, dropping/truncating tables etc...
Fix of CVE: CVE-2019-18276
CVE-2019-18276: Fix priviledge dropping when running with effective UID not equal to real UID...
CLSA-2022-1650910003 Fix of CVE: CVE-2019-18276
CVE-2019-18276: Fix priviledge dropping when running with effective UID not equal to real UID...
CLSA-2022-1650909007 Fixed CVE-2019-18276 in bash
CVE-2019-18276: Fix priviledge dropping when running with effective UID not equal to real UID...