Lucene search
K

23 matches found

AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: timers/migration: Fixed an issue where a “off-by-one” root connection error occurred. Before attaching a new root to the old root, the number of children in the new root was checked to ensure that only the top-level groups of the...

5.5CVSS6.2AI score0.00179EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/22 6:31 p.m.5 views

EUVD-2026-25016

A vulnerability exists in the chroot utility of uutils coreutils when using the --userspec option. The utility resolves the user specification via getpwnam after entering the chroot but before dropping root privileges. On glibc-based systems, this can trigger the Name Service Switch NSS to load...

7.8CVSS6.1AI score0.00136EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/04/22 4:8 p.m.29 views

CVE-2026-35368 uutils coreutils chroot Local Privilege Escalation and chroot Escape in via Name Service Switch (NSS) Injection

A vulnerability exists in the chroot utility of uutils coreutils when using the --userspec option. The utility resolves the user specification via getpwnam after entering the chroot but before dropping root privileges. On glibc-based systems, this can trigger the Name Service Switch NSS to load...

7.8CVSS0.00136EPSS
Exploits1References1
CVE
CVE
added 2026/04/22 4:8 p.m.18 views

CVE-2026-35368

CVE-2026-35368 describes a local privilege-escalation in the chroot utility of the uutils coreutils when using the --userspec option. The issue arises because the utility resolves the user via getpwnam() after entering the chroot but before dropping root privileges. On glibc-based systems, this c...

7.8CVSS6.1AI score0.00136EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.8 views

PT-2026-34504

Name of the Vulnerable Software and Affected Versions uutils coreutils affected versions not specified Description A flaw in the chroot utility occurs when the --userspec option is used. The utility calls the getPwnam function to resolve user specifications after entering the chroot environment b...

7.8CVSS6.2AI score0.00136EPSS
Exploits1References4
OSV
OSV
added 2025/11/13 3:23 a.m.3 views

MAL-2025-189486 Malicious code in sigma-class-new-root-reject (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 77fbeea5b52e1afb7cd1f89ed2cce35cb4dcb3522c66c0a9d069daa9a5422c99 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
EUVD
EUVD
added 2025/11/13 3:23 a.m.2 views

EUVD-2025-176389

Malicious code in sigma-class-new-root-reject npm...

6.6AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/10/07 12:0 a.m.3 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-986411)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986411 advisory. In the Linux kernel, the following vulnerability has been resolved: dm btree remove: assign newroot only when removal succeeds removeraw in dmbtreeremove may fail du...

5.5CVSS5.8AI score0.00259EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-31743

Malicious code in bioql PyPI...

5.2CVSS6.3AI score0.00147EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2025/03/01 2:52 a.m.4 views

SUSE CVE-2025-21813

In the Linux kernel, the following vulnerability has been resolved: timers/migration: Fix off-by-one root mis-connection Before attaching a new root to the old root, the children counter of the new root is checked to verify that only the upcoming CPU's top group have been connected to it. However...

5.5CVSS6.5AI score0.00179EPSS
Exploits0References3
SUSE Linux
SUSE Linux
added 2025/02/03 8:49 a.m.2 views

Security update for ca-certificates-mozilla

This update for ca-certificates-mozilla fixes the following issues: Updated to 2.68 state of Mozilla SSL root CAs bsc1227525 Added: FIRMAPROFESIONAL CA ROOT-A WEB Distrust: GLOBALTRUST 2020 Updated to 2.66 state of Mozilla SSL root CAs bsc1220356 Added: CommScope Public Trust ECC Root-01 CommScop...

7.3AI score
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/08/09 12:0 a.m.3 views

PT-2024-41007 · Mozilla · Ca-Certificates-Mozilla

Name of the Vulnerable Software and Affected Versions: ca-certificates-mozilla affected versions not specified Description: The update for ca-certificates-mozilla fixes issues related to the Mozilla SSL root CAs. It updates to the 2.68 state of Mozilla SSL root CAs and adds new root certificates,...

7AI score
Exploits0References4
OSV
OSV
added 2024/01/22 4:31 p.m.5 views

CLSA-2024-1705941083 Update of alt-php

Update ca-certificates database to 20231207: - mozilla/certdata.txt,nssckbi.h: Update Mozilla certificate authority bundle of the version 2.64. - The following certificares were updated: Certificate "Autoridad de Certificacion Firmaprofesional CIF A62634068" - The following certificates authoriti...

5.8AI score
Exploits0References1
OSV
OSV
added 2023/08/03 5:22 p.m.6 views

CLSA-2023-1691083341 Update of alt-php

Update ca-certificates database to 20230629: - mozilla/certdata.txt,nssckbi.h: Update Mozilla certificate authority bundle of the version 2.62. - The following certificate authorities were added: Certificate "AC RAIZ FNMT-RCM SERVIDORES SEGUROS" Certificate "ANF Secure Server Root CA" Certificate...

5.8AI score
Exploits0References1
OSV
OSV
added 2022/09/15 3:35 a.m.21 views

GHSA-R7VQ-6425-J94W Python-TUF vulnerable to incorrect threshold signature computation for new root metadata

Impact The function verifyrootselfsigned, introduced in v0.14.0, and which verifies self-signatures in a new root metadata file, counted multiple signatures by any new root key towards the new threshold. That is, any single new root key could theoretically provide enough signatures to meet the...

7.1AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/09/15 12:0 a.m.3 views

PT-2022-28275 · Tuf · Tuf

Name of the Vulnerable Software and Affected Versions: TUF versions 0.14.0 through 0.15.x Description: The issue concerns the verify root self signed function, which verifies self-signatures in new root metadata files. This function counted multiple signatures by any new root key towards the new...

7.3AI score
Exploits0References6
OSV
OSV
added 2022/03/10 6:9 p.m.7 views

CLSA-2022-1646935759 Update of ca-certificates

remove old certificate - Removing: - Certificate "DST Root CA X3" - Update to CKBI 2.50 from NSS 3.67 - Update to CKBI 2.48 from NSS 3.66 - Removing: - Certificate "Verisign Class 3 Public Primary Certification Authority - G3" - Certificate "GeoTrust Global CA" - Certificate "GeoTrust Universal...

5.8AI score
Exploits0References1
OSV
OSV
added 2021/08/03 1:57 a.m.12 views

GSD-2021-1001287 dm btree remove: assign new_root only when removal succeeds

dm btree remove: assign newroot only when removal succeeds This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.51 by commit...

7.2AI score
Exploits0
Metasploit
Metasploit
added 2016/05/19 7:50 p.m.48 views

Ubiquiti airOS Arbitrary File Upload

This module exploits a pre-auth file upload to install a new root user to /etc/passwd and an SSH key to /etc/dropbear/authorizedkeys. FYI, /etc/passwd,dropbear/authorizedkeys will be overwritten. /etc/persistent/rc.poststart will be overwritten if PERSISTETC is true. This method is used by the "m...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2015/04/21 12:0 a.m.27 views

PROLiNK H5004NK Cross Site Request Forgery

Exploit Title: PROLiNK H5004NK Multiple Vulnerabilities Date: 16-04-2015 Firmware: R76S Slt 4WNE1 6.1R Tested on: Windows 8 64-bit Exploit Author: Osanda Malith Jayathissa @OsandaMalith Disclaimer: Use this for educational purposes only! 1| Admin Password Manipulation XSRF...

0.6AI score
Exploits0
Rows per page
Query Builder