61 matches found
EUVD-2026-25018
id: groups= computed from real GID instead of effective GID...
PSF-2026-32
In the Tarfile.extract function, the filter parameter is not passed properly when extracting hardlinks. An affected system that extracts content from untrusted tar files could end up writing files with an unexpected uid/gid despite the user passing filter='data' to the extract function...
CVE-2026-53863 OpenClaw < 2026.4.25 - Unvalidated Group ID Acceptance in Tool Group Policy
OpenClaw before 2026.4.25 contains an input validation vulnerability in tool group policy callers that accept unvalidated group IDs. Attackers who can supply a group ID to the policy resolver could trigger incorrect group-policy decisions for tool invocations, potentially bypassing intended acces...
CVE-2026-54397
MISP CVE-2026-54397 affects the non-REST event editing path. An authenticated user with event edit permissions could tamper with submitted form data to assign an event to a sharing_group_id the user is not authorized to use when distribution is set to sharing group distribution. The non-REST save...
wiki.js 安全漏洞
Wiki.js is a Wiki application open-sourced by requarks.io. Versions of Wiki.js prior to 2.5.313 contained a security vulnerability. This vulnerability stemmed from the GraphQL mutation in users.update, which accepted an arbitrary groups array and applied it directly to the database without...
Unity Linux 20.1060e / 20.1070e Security Update: samba (UTSA-2026-017656)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017656 advisory. A flaw was found in samba. The Samba smbd file server must map Windows group identities SIDs into unix group ids gids. The code that performs this had a flaw that...
GHSA-FG3J-5W9G-HMG7 authd: Primary group ID is incorrectly set to value of UID
authd 0.6.0 contains a bug which can lead to an incorrect primary group ID. It affects users whose primary group ID i.e. the GID in the user record differs from their UID. There are two ways which can lead to this: 1. The user was created with authd &2 continue fi if "$OLDGID"...
Authd 安全漏洞
Authd is a cloud-based identity provider authentication daemon open source in Ubuntu. Versions of Authd prior to 0.6.4 have security vulnerabilities, which stem from errors in the main group ID assignment logic, potentially leading to local privilege escalation...
EUVD-2026-24982
The cp utility in uutils coreutils fails to properly handle setuid and setgid bits when ownership preservation fails. When copying with the -p preserve flag, the utility applies the source mode bits even if the chown operation is unsuccessful. This can result in a user-owned copy retaining origin...
CVE-2026-35371
The id utility in uutils coreutils exhibits incorrect behavior in its "pretty print" output when the real UID and effective UID differ. The implementation incorrectly uses the effective GID instead of the effective UID when performing a name lookup for the effective user. This results in misleadi...
CVE-2026-35370
The id utility in uutils coreutils miscalculates the groups= section of its output. The implementation uses a user's real GID instead of their effective GID to compute the group list, leading to potentially divergent output compared to GNU coreutils. Because many scripts and automated processes...
CVE-2026-35350
The cp utility in uutils coreutils fails to properly handle setuid and setgid bits when ownership preservation fails. When copying with the -p preserve flag, the utility applies the source mode bits even if the chown operation is unsuccessful. This can result in a user-owned copy retaining origin...
PT-2026-34506
Name of the Vulnerable Software and Affected Versions uutils coreutils affected versions not specified Description The id utility miscalculates the groups= section of its output by using a user's real GID instead of their effective GID to compute the group list. This creates a discrepancy compare...
PT-2026-34507
Name of the Vulnerable Software and Affected Versions uutils coreutils affected versions not specified Description The id utility exhibits incorrect behavior in its pretty print output when the real UID and effective UID differ. The implementation incorrectly uses the effective GID instead of the...
Linux Distros Unpatched Vulnerability : CVE-2026-35371
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The id utility in uutils coreutils exhibits incorrect behavior in its pretty print output when the real UID and effective UID differ. The implementation...
HomeBox 安全漏洞
HomeBox is an open-source system developed by SysAdmins Media for home users. Versions of HomeBox prior to 0.25.0 contained security vulnerabilities. These vulnerabilities stemmed from the defaultGroup ID being assigned permanently after a user is invited to a group. Even if the user’s access...
SUSE-RU-2026:1228-1 Recommended update for shadow
This update for shadow fixes the following issues: shadow is updated to 4.17.2 to bring lots of features and bug fixes. - util-linux-2.41 introduced new variable: LOGINENVSAFELIST. Recognize it and update dependencies. - Set SYSUID,GIDMIN to 201: After repeated similar requests to change the ID...
CVE-2025-63238
A Reflected Cross-Site Scripting XSS affects LimeSurvey versions prior to 6.15.11+250909, due to the lack of validation of gid parameter in getInstance function in application/models/QuestionCreate.php. This allows an attacker to craft a malicious URL and compromise the logged in user...
CVE-2026-33062
free5GC is an open source 5G core network. free5GC NRF prior to version 1.4.2 has an Improper Input Validation vulnerability leading to Denial of Service. All deployments of free5GC using the NRF discovery service are affected. The EncodeGroupId function attempts to access array indices 0, 1, 2...
EUVD-2026-9357
Concrete CMS below version 9.4.8 is subject to CSRF by a Rogue Administrator using the Anti-Spam Allowlist Group Configuration via groupid parameter which can leads to a security bypass since changes are saved prior to checking the CSRF token. The Concrete CMS security team gave this vulnerabilit...