28 matches found
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001952)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001952 advisory. The overlayfs implementation in the Linux kernel through 4.5.2 does not properly restrict the mount namespace, which allows local users to gain privileges by mountin...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000948)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000948 advisory. The XFS implementation in the Linux kernel before 3.15 improperly uses an old size value during remote attribute replacement, which allows local users to cause a...
CVE-2025-65199
A command injection vulnerability exists in Windscribe for Linux Desktop App that allows a local user who is a member of the windscribe group to execute arbitrary commands as root via the 'adapterName' parameter of the 'changeMTU' function. Fixed in Windscribe v2.18.3-alpha and v2.18.8...
EUVD-2001-0753
Malware in sbrugna...
EUVD-2019-5606
Malware in sbrugna...
EUVD-2024-25915
Malicious code in bioql PyPI...
CVE-2025-8941
A flaw was found in linux-pam. The pamnamespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020...
CVE-2025-20017
Intel’s CVE-2025-20017 describes an uncontrolled search path vulnerability in some Intel® oneAPI Toolkit and component software installers that could enable privilege escalation via local access for an authenticated user. The issue is discussed in the Intel advisory and is grouped with other rela...
CVE-2019-19726
OpenBSD through 6.6 allows local users to escalate to root because a check for LDLIBRARYPATH in setuid programs can be defeated by setting a very small RLIMITDATA resource limit. When executing chpass or passwd which are setuid root, dlsetupenv in ld.so tries to strip LDLIBRARYPATH from the...
CVE-2025-0131
An incorrect privilege management vulnerability in the OPSWAT MetaDefender Endpoint Security SDK used by the Palo Alto Networks GlobalProtect™ app on Windows devices allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\SYSTEM. However,...
Linux Distros Unpatched Vulnerability : CVE-2022-2961
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A use-after-free flaw was found in the Linux kernel's PLP Rose functionality in the way a user triggers a race condition by calling bind while simultaneously...
UBUNTU-CVE-2024-22029
Insecure permissions in the packaging of tomcat allow local users that win a race during package installation to escalate to root...
RHEL 8 : kpatch-patch (RHSA-2024:0937)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:0937 advisory. This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Security Fixe...
kernel: tun: bugs for oversize packet when napi frags enabled in tun_napi_alloc_frags
An out-of-bounds memory access flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user generates a malicious too big networking packet when napi frags is enabled. This flaw allows a local user to crash or potentially escalate their privileges on the system...
CVE-2023-36623
The root password of the Loxone Miniserver Go Gen.2 before 14.2 is calculated using hard-coded secrets and the MAC address. This allows a local user to calculate the root password and escalate privileges...
kernel: stack overflow in do_proc_dointvec and proc_skip_spaces
A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system...
CVE-2022-26052
Uncontrolled search path element in the IntelR MPI Library before version 2021.6 for IntelR oneAPI HPC Toolkit may allow an authenticated user to potentially enable escalation of privilege via local access...
SUSE CVE-2021-25321
A UNIX Symbolic Link Symlink Following vulnerability in arpwatch of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Factory, Leap 15.2 allows local attackers with control of the runtime user to run arpwatch as to escalate to root upon th...
hw: vt-d related privilege escalation
A flaw was found in Intel® VT-d products. Entries from the context cache on some types of context cache invalidations may not be properly invalidated which may allow an authenticated user to potentially enable escalation of privilege via local access. The highest threat from this vulnerability is...
sudo: Heap buffer overflow in argument parsing
A flaw was found in sudo. A heap-based buffer overflow was found in the way sudo parses command line arguments. This flaw is exploitable by any local user who can execute the sudo command by default, any local user can execute sudo without authentication. Successful exploitation of this flaw coul...