26 matches found
CVE-2026-29126
Incorrect permission assignment world-writable file in /etc/udhcpc/default.script in International Data Casting IDC SFX2100 Satellite Receiver allows a local unprivileged attacker to potentially execute arbitrary commands with root privileges local privilege escalation and persistence via...
CVE-2025-12199
Last updated 29 October 2025 Notes mdeslaur This issue requires replacing the root-owned configuration file. See https://www.openwall.com/lists/oss-security/2025/10/27/1 This CVE is likely to be rejected. Marking as deferred for now...
RockyLinux 9 : nano (RLSA-2024:9430)
The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:9430 advisory. nano: running chmod and chown on the filename allows malicious user to replace the emergency file with a malicious symlink to a root-owned file CVE-2024-5742...
nano: running `chmod` and `chown` on the filename allows malicious user to replace the emergency file with a malicious symlink to a root-owned file
A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing, a file it saves to an emergency file with the permissions of the running user provides a window of opportunity for attackers to escalate privilege...
Rocky Linux 8 : nano (RLSA-2024:6986)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:6986 advisory. nano: running chmod and chown on the filename allows malicious user to replace the emergency file with a malicious symlink to a root-owned file CVE-2024-5742...
Amazon Linux 2023 : graphviz, graphviz-devel, graphviz-gd (ALAS2023-2024-527)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-527 advisory. buffer overflow via a crafted config6a file NOTE: Crosses no security boundary, config files are under local controlNOTE: https://gitlab.com/graphviz/graphviz/-/issues/2441NOTE: Introduced by:...
CVE-2023-46045
CVE-2023-46045 affects Graphviz 2.36.0 through 9.x, before 10.0.1, with an out-of-bounds read triggered by a crafted config6a file. Public details consistently note exploitability may be low since the file is often root-owned. The vulnerability is rated HIGH (CVSS v3.1: AV:L/AC:L/PR:N/UI:R/S:U/C:...
SUSE CVE-2008-2936
Postfix before 2.3.15, 2.4 before 2.4.8, 2.5 before 2.5.4, and 2.6 before 2.6-20080814, when the operating system supports hard links to symlinks, allows local users to append e-mail messages to a file to which a root-owned symlink points, by creating a hard link to this symlink and then sending ...
SUSE CVE-2014-4014
The capabilities implementation in the Linux kernel before 3.14.8 does not properly consider that namespaces are inapplicable to inodes, which allows local users to bypass intended chmod restrictions by first creating a user namespace, as demonstrated by setting the setgid bit on a file with grou...
SUSE CVE-2022-0987
A flaw was found in PackageKit in the way some of the methods exposed by the Transaction interface examines files. This issue allows a local user to measure the time the methods take to execute and know whether a file owned by root or other users exists...
CVE-2022-0987
A flaw was found in PackageKit in the way some of the methods exposed by the Transaction interface examines files. This issue allows a local user to measure the time the methods take to execute and know whether a file owned by root or other users exists...
CVE-2022-22962
VMware Horizon Agent for Linux prior to 22.x contains a local privilege escalation as a user is able to change the default shared folder location due to a vulnerable symbolic link. Successful exploitation can result in linking to a root owned file...
CVE-2021-40348
Spacewalk 2.10, and derivatives such as Uyuni 2021.08, allows code injection. rhn-config-satellite.pl doesn't sanitize the configuration filename used to append Spacewalk-specific key-value pair. The script is intended to be run by the tomcat user account with Sudo, according to the installation...
CVE-2021-40348
Spacewalk 2.10, and derivatives such as Uyuni 2021.08, allows code injection. rhn-config-satellite.pl doesn't sanitize the configuration filename used to append Spacewalk-specific key-value pair. The script is intended to be run by the tomcat user account with Sudo, according to the installation...
Code injection
Spacewalk 2.10, and derivatives such as Uyuni 2021.08, allows code injection. rhn-config-satellite.pl doesn't sanitize the configuration filename used to append Spacewalk-specific key-value pair. The script is intended to be run by the tomcat user account with Sudo, according to the installation...
unbound: symbolic link traversal when writing PID file
A symbolic link traversal vulnerability was found in unbound in the way it writes its PID file while starting up. This flaw allows a local attacker with access to the unbound user to set up a link to another file, owned by root, and make unbound overwrite it during its next restart, destroying th...
DEBIAN-CVE-2021-27851
A security vulnerability that can lead to local privilege escalation has been found in ’guix-daemon’. It affects multi-user setups in which ’guix-daemon’ runs locally. The attack consists in having an unprivileged user spawn a build process, for instance with guix build, that makes its build...
CVE-2021-27851 Local privilege escalation in GNU Guix via guix-daemon and '--keep-failed'
A security vulnerability that can lead to local privilege escalation has been found in ’guix-daemon’. It affects multi-user setups in which ’guix-daemon’ runs locally. The attack consists in having an unprivileged user spawn a build process, for instance with guix build, that makes its build...
CVE-2021-27851
A security vulnerability that can lead to local privilege escalation has been found in ’guix-daemon’. It affects multi-user setups in which ’guix-daemon’ runs locally. The attack consists in having an unprivileged user spawn a build process, for instance with guix build, that makes its build...
Privilege Escalation
bullseye is vulnerable to privilege escalation.The attack consists in having an unprivileged user spawn a build process, for instance with guix build, that makes its build directory world-writable. The user then creates a hardlink to a root-owned file such as /etc/shadow in that build directory. ...