CVE-2026-35371

CVE-2026-35371 concerns the id utility in the uutils coreutils package. The vulnerability arises in the pretty print mode, where the tool incorrectly uses the effective GID instead of the effective UID when performing a name lookup for the effective user. This causes the output to misreport the i...

CVE-2012-4443

Monkey HTTP Daemon 0.9.3 uses a real UID of root and a real GID of root during execution of CGI scripts, which might allow local users to gain privileges by leveraging cgi-bin write access...

RHEL 5 : bash (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - bash: Specially crafted SHELLOPTS+PS4 variables allows command substitution CVE-2016-7543 - bash: when...

CLSA-2022-1650910003 Fix of CVE: CVE-2019-18276

CVE-2019-18276: Fix priviledge dropping when running with effective UID not equal to real UID...

CLSA-2022-1650909007 Fixed CVE-2019-18276 in bash

CVE-2019-18276: Fix priviledge dropping when running with effective UID not equal to real UID...

bash security and bug fix update

4.4.19-14 - Fix hang when limit for nproc is very high Resolves: 1890888 4.4.19-13 - Correctly drop saved UID when effective UID is not equal to its real UID Resolves: 1793943...

bash: when effective UID is not equal to its real UID the saved UID is not dropped

A privilege escalation vulnerability was found in bash in the way it dropped privileges when started with an effective user id not equal to the real user id. Bash may be vulnerable to this flaw if the setuid permission is set and the owner of the bash program itself is a non-root user. A local...

Firejail - Local Privilege Escalation

Firejail - Local Privilege Escalation firejail advisory for TOCTOU in --get and --put local root Releasing a brief advisory/writeup about a local root privesc found in firejail that we reported back in Nov, 2016. This is in response to a recent thread on oss-sec where people seem interested in...

SunOS <= 4.1.3 LD_LIBRARY_PATH and LD_OPTIONS Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/43/info There exists a vulnerability involving environment variables and setuid/setgid programs under SunOS 4.0 and higher. A dynamically-linked program that is invoked by a setuid/setgid program has access to the caller'...

kpopup 0.9.x Privileged Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8915/info It has been alleged that it is possible for local attackers to gain root privileges through kpopup, which is is installed setuid root by default. According to the report, kpopup uses the system3 C-library functi...