CVE-2025-57847

A container privilege escalation flaw was found in certain Ansible Automation Platform images. This issue arises from the /etc/passwd file being created with group-writable permissions during the build process. In certain conditions, an attacker who can execute commands within an affected...

CVE-2025-57851 Mce: privilege escalation via excessive /etc/passwd permissions

A container privilege escalation flaw was found in certain Multicluster Engine for Kubernetes images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected containe...

CVE-2025-57849

A container privilege escalation flaw was found in certain Fuse images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, ca...

CVE-2025-8766

CVE-2025-8766 affects Noobaa-core container images (Multi-Cloud Object Gateway Core). The root cause is that /etc/passwd is created with group-writable permissions during build, allowing a non-root attacker with membership in the root group to modify /etc/passwd and create a user with any UID (in...

CVE-2026-23741

CVE-2026-23741 affects Asterisk prior to specific patched versions (20.7-cert9, 20.18.2, 21.12.1, 22.8.2, 23.2.2). The ast_coredumper script runs as root and sources /etc/asterisk/ast_debug_tools.conf, which is located in a folder writable by the asterisk user:group. Because the file is sourced w...

PT-2025-44730

Name of the Vulnerable Software and Affected Versions BLU-IC2 versions through 1.19.5 BLU-IC4 versions through 1.19.5 Description The /etc/timezone file can be written to arbitrarily. This allows for potential modification of system-wide timezone settings. Recommendations Update BLU-IC2 to a...

CVE-2025-58712

CVE-2025-58712 affects Red Hat AMQ Broker container images. The root cause is that the /etc/passwd file is created with group-writable permissions during build time. In vulnerable conditions, a non-root caller inside an affected container who is in the root group can modify /etc/passwd to add a n...

CVE-2025-58712 Amq: privilege escalation via excessive /etc/passwd permissions

A container privilege escalation flaw was found in certain AMQ Broker images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root...

EUVD-2025-31743

Malicious code in bioql PyPI...

EUVD-2024-32481

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2017-20147

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the ebuild package through smokeping-2.7.3-r1 for SmokePing on Gentoo, the initscript uses a PID file that is writable by the smokeping user. By writing...

Race condition

In Combodo iTop 2.2.0 through 2.6.0, if the configuration file is writable, then execution of arbitrary code can be accomplished by calling ajax.dataloader with a maliciously crafted payload. Many conditions can place the configuration file into a writable state: during installation; during...

getpop3.txt

what?: =-getpop3 exploit-= who?: - by r3p3nt of the DHC - where?: - http://dhc1.cjb.net - contact?: - [email protected] greets: all of DHC, duke, f0rpaxe, artech, and eli up for some raceball? thanks: jwb [email protected] You are wondering "hmm..what is getpop3, mister r3p3nt". Well,...