23 matches found
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: timers/migration: Fixed an issue where a “off-by-one” root connection error occurred. Before attaching a new root to the old root, the number of children in the new root was checked to ensure that only the top-level groups of the...
EUVD-2026-25016
A vulnerability exists in the chroot utility of uutils coreutils when using the --userspec option. The utility resolves the user specification via getpwnam after entering the chroot but before dropping root privileges. On glibc-based systems, this can trigger the Name Service Switch NSS to load...
CVE-2026-35368 uutils coreutils chroot Local Privilege Escalation and chroot Escape in via Name Service Switch (NSS) Injection
A vulnerability exists in the chroot utility of uutils coreutils when using the --userspec option. The utility resolves the user specification via getpwnam after entering the chroot but before dropping root privileges. On glibc-based systems, this can trigger the Name Service Switch NSS to load...
CVE-2026-35368
CVE-2026-35368 describes a local privilege-escalation in the chroot utility of the uutils coreutils when using the --userspec option. The issue arises because the utility resolves the user via getpwnam() after entering the chroot but before dropping root privileges. On glibc-based systems, this c...
PT-2026-34504
Name of the Vulnerable Software and Affected Versions uutils coreutils affected versions not specified Description A flaw in the chroot utility occurs when the --userspec option is used. The utility calls the getPwnam function to resolve user specifications after entering the chroot environment b...
MAL-2025-189486 Malicious code in sigma-class-new-root-reject (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 77fbeea5b52e1afb7cd1f89ed2cce35cb4dcb3522c66c0a9d069daa9a5422c99 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-176389
Malicious code in sigma-class-new-root-reject npm...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-986411)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986411 advisory. In the Linux kernel, the following vulnerability has been resolved: dm btree remove: assign newroot only when removal succeeds removeraw in dmbtreeremove may fail du...
EUVD-2025-31743
Malicious code in bioql PyPI...
SUSE CVE-2025-21813
In the Linux kernel, the following vulnerability has been resolved: timers/migration: Fix off-by-one root mis-connection Before attaching a new root to the old root, the children counter of the new root is checked to verify that only the upcoming CPU's top group have been connected to it. However...
Security update for ca-certificates-mozilla
This update for ca-certificates-mozilla fixes the following issues: Updated to 2.68 state of Mozilla SSL root CAs bsc1227525 Added: FIRMAPROFESIONAL CA ROOT-A WEB Distrust: GLOBALTRUST 2020 Updated to 2.66 state of Mozilla SSL root CAs bsc1220356 Added: CommScope Public Trust ECC Root-01 CommScop...
PT-2024-41007 · Mozilla · Ca-Certificates-Mozilla
Name of the Vulnerable Software and Affected Versions: ca-certificates-mozilla affected versions not specified Description: The update for ca-certificates-mozilla fixes issues related to the Mozilla SSL root CAs. It updates to the 2.68 state of Mozilla SSL root CAs and adds new root certificates,...
CLSA-2024-1705941083 Update of alt-php
Update ca-certificates database to 20231207: - mozilla/certdata.txt,nssckbi.h: Update Mozilla certificate authority bundle of the version 2.64. - The following certificares were updated: Certificate "Autoridad de Certificacion Firmaprofesional CIF A62634068" - The following certificates authoriti...
CLSA-2023-1691083341 Update of alt-php
Update ca-certificates database to 20230629: - mozilla/certdata.txt,nssckbi.h: Update Mozilla certificate authority bundle of the version 2.62. - The following certificate authorities were added: Certificate "AC RAIZ FNMT-RCM SERVIDORES SEGUROS" Certificate "ANF Secure Server Root CA" Certificate...
GHSA-R7VQ-6425-J94W Python-TUF vulnerable to incorrect threshold signature computation for new root metadata
Impact The function verifyrootselfsigned, introduced in v0.14.0, and which verifies self-signatures in a new root metadata file, counted multiple signatures by any new root key towards the new threshold. That is, any single new root key could theoretically provide enough signatures to meet the...
PT-2022-28275 · Tuf · Tuf
Name of the Vulnerable Software and Affected Versions: TUF versions 0.14.0 through 0.15.x Description: The issue concerns the verify root self signed function, which verifies self-signatures in new root metadata files. This function counted multiple signatures by any new root key towards the new...
CLSA-2022-1646935759 Update of ca-certificates
remove old certificate - Removing: - Certificate "DST Root CA X3" - Update to CKBI 2.50 from NSS 3.67 - Update to CKBI 2.48 from NSS 3.66 - Removing: - Certificate "Verisign Class 3 Public Primary Certification Authority - G3" - Certificate "GeoTrust Global CA" - Certificate "GeoTrust Universal...
GSD-2021-1001287 dm btree remove: assign new_root only when removal succeeds
dm btree remove: assign newroot only when removal succeeds This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.51 by commit...
Ubiquiti airOS Arbitrary File Upload
This module exploits a pre-auth file upload to install a new root user to /etc/passwd and an SSH key to /etc/dropbear/authorizedkeys. FYI, /etc/passwd,dropbear/authorizedkeys will be overwritten. /etc/persistent/rc.poststart will be overwritten if PERSISTETC is true. This method is used by the "m...
PROLiNK H5004NK Cross Site Request Forgery
Exploit Title: PROLiNK H5004NK Multiple Vulnerabilities Date: 16-04-2015 Firmware: R76S Slt 4WNE1 6.1R Tested on: Windows 8 64-bit Exploit Author: Osanda Malith Jayathissa @OsandaMalith Disclaimer: Use this for educational purposes only! 1| Admin Password Manipulation XSRF...