EUVD-2026-17067

A Privilege Dropping / Lowering Errors/Time-of-check Time-of-use TOCTOU Race Condition vulnerability in cosmic-greeter can allow an attacker to regain privileges that should have been dropped and abuse them in the racy checking logic. This issue affects cosmic-greeter before...

CVE-2026-25704

A Privilege Dropping / Lowering Errors/Time-of-check Time-of-use TOCTOU Race Condition vulnerability in cosmic-greeter can allow an attacker to regain privileges that should have been dropped and abuse them in the racy checking logic. This issue affects cosmic-greeter before...

PT-2026-28805

Name of the Vulnerable Software and Affected Versions cosmic-greeter versions prior to https://github.Com/pop-os/cosmic-greeter/pull/426 Description A Time-of-check Time-of-use TOCTOU race condition exists in cosmic-greeter. This condition can allow an attacker to regain privileges that should ha...

CVE-2026-21882

theshit is a command-line utility that automatically detects and fixes common mistakes in shell commands. Prior to version 0.2.0, improper privilege dropping allows local privilege escalation via command re-execution. This issue has been patched in version 0.2.0...

CVE-2026-21882

CVE-2026-21882 affects theshit, a command-line utility that detects and fixes shell command mistakes. In versions prior to 0.2.0, improper privilege dropping enables local privilege escalation via command re-execution. The issue is demonstrated as a local attack with high impact on confidentialit...

CVE-2026-21882 theshit's Improper Privilege Dropping Allows Local Privilege Escalation via Command Re-execution

theshit is a command-line utility that automatically detects and fixes common mistakes in shell commands. Prior to version 0.2.0, improper privilege dropping allows local privilege escalation via command re-execution. This issue has been patched in version 0.2.0...

CVE-2026-21882 theshit's Improper Privilege Dropping Allows Local Privilege Escalation via Command Re-execution

theshit is a command-line utility that automatically detects and fixes common mistakes in shell commands. Prior to version 0.2.0, improper privilege dropping allows local privilege escalation via command re-execution. This issue has been patched in version 0.2.0...

PT-2026-22690

Name of the Vulnerable Software and Affected Versions theshit versions prior to 0.2.0 Description theshit is a command-line utility designed to detect and correct common errors in shell commands. A flaw in privilege handling prior to version 0.2.0 allows for local privilege escalation through...

MiracleLinux 7 : zsh-5.0.2-34.el7.2 (AXSA:2020-4510:02)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2020-4510:02 advisory. zsh: insecure dropping of privileges when unsetting PRIVILEGED option CVE-2019-20044 Tenable has extracted the preceding description block directly from the...

EUVD-2011-3314

Malware in sbrugna...

EUVD-2010-3428

Malware in sbrugna...

EUVD-2010-3429

Malware in sbrugna...

EUVD-2021-9472

Malicious code in bioql PyPI...

CVE-2021-22326

A component of the HarmonyOS has a Privilege Dropping / Lowering Errors vulnerability. Local attackers may exploit this vulnerability to obtain Kernel space read/write capability...

CVE-2011-3350

masqmail 0.2.21 through 0.2.30 improperly calls seteuid in src/log.c and src/masqmail.c that results in improper privilege dropping...

[SECURITY] [DSA 5896-1] trafficserver security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5896-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 05, 2025 https://www.debian.org/security/faq -...

RHEL 4 : krb5 (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - krb5, krb5-appl: ftpd incorrect group privilege dropping MITKRB5-SA-2011-005 CVE-2011-1526 - krb5: SPNEGO...

USN-6656-2: PostgreSQL vulnerability

USN-6656-1 fixed several vulnerabilities in PostgreSQL. This update provides the corresponding updates for Ubuntu 16.04 LTS Original advisory details: It was discovered that PostgreSQL incorrectly handled dropping privileges when handling REFRESH MATERIALIZED VIEW CONCURRENTLY commands. If a user...

Ubuntu: Security Advisory (USN-6656-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Privilege Dropping

github.com/apptainer/apptainer is vulnerable to Privilege Dropping. The vulnerability exists because the library does not restore the old syscall setresuid behavior when escalating or dropping privileges, which allows an attacker to provide a maliciously crafted starter config to delete any...