Lucene search
K

72 matches found

NVD
NVD
added 6 days ago7 views

CVE-2026-49413

The Linuxulator determined whether a binary was set-user-ID or set-group-ID by checking the PSUGID process flag. During execve2, this flag is not yet set at the point where the auxiliary vector is constructed, so ATSECURE was incorrectly set to zero for set-user-ID and set-group-ID executables. A...

7.1CVSS0.00098EPSS
Exploits1References1
Cvelist
Cvelist
added 6 days ago34 views

CVE-2026-49413 Flaw in Linuxulator execution of setugid binaries

The Linuxulator determined whether a binary was set-user-ID or set-group-ID by checking the PSUGID process flag. During execve2, this flag is not yet set at the point where the auxiliary vector is constructed, so ATSECURE was incorrectly set to zero for set-user-ID and set-group-ID executables. A...

0.00098EPSS
Exploits1References1
CVE
CVE
added 6 days ago111 views

CVE-2026-49413

The CVE-2026-49413 issue affects the Linuxulator in FreeBSD, where the runtime determines set-user-ID/set-group-ID status by the P_SUGID flag. During execve, P_SUGID is not yet set when the ELF auxiliary vector is constructed, causing AT_SECURE to be incorrectly set to zero for setuid/setgid exec...

7.1CVSS5.8AI score0.00098EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/06/17 10:51 a.m.4 views

SUSE-SU-2026:2430-1 Security update for openssh8.4

This update for openssh8.4 fixes the following issues - CVE-2026-3497: Information disclosure or denial of service due to uninitialized variables bsc1259642. - CVE-2026-35385: a file downloaded by scp may be installed setuid or setgid bsc1261427. - CVE-2026-35388: omitted connection multiplexing...

8.2CVSS7.1AI score0.0218EPSS
Exploits0References10
Packet Storm News
Packet Storm News
added 2026/06/09 12:0 a.m.8 views

FreeBSD Security Advisory - FreeBSD-SA-26:30.linux

FreeBSD Security Advisory - The Linuxulator determined whether a binary was set-user-ID or set-group-ID by checking the PSUGID process flag. During execve2, this flag is not yet set at the point where the auxiliary vector is constructed, so ATSECURE was incorrectly set to zero for set-user-ID and...

5.5AI score0.00098EPSS
Exploits1
FreeBSD Advisory
FreeBSD Advisory
added 2026/06/09 12:0 a.m.7 views

FreeBSD-SA-26:30.linux

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-26:30.linux Security Advisory The FreeBSD Project Topic: Flaw in Linuxulator execution of setugid binaries Category: core Module: linux Announced: 2026-06-09...

7.1CVSS6AI score0.00098EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2026/06/01 6:51 p.m.11 views

OpenSSH: OpenSSH: Privilege escalation via scp legacy protocol when not preserving file mode

A flaw was found in OpenSSH. When the scp command is used by a root user to download a file with the legacy protocol option -O and without preserving original file permissions -p, the downloaded file can be installed with elevated privileges setuid or setgid. This unexpected behavior could allow ...

8.1CVSS5.8AI score0.00419EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/05/04 10:5 a.m.8 views

OpenSSH: OpenSSH: Privilege escalation via scp legacy protocol when not preserving file mode

A flaw was found in OpenSSH. When the scp command is used by a root user to download a file with the legacy protocol option -O and without preserving original file permissions -p, the downloaded file can be installed with elevated privileges setuid or setgid. This unexpected behavior could allow ...

8.1CVSS5.8AI score0.00419EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/04/30 3:53 p.m.10 views

sudo: Sudo: Privilege escalation due to failure in privilege drop calls

A flaw was found in Sudo. A local user could exploit a failure in the setuid, setgid, or setgroups calls, which are used to drop privileges before running the mailer. This oversight allows for privilege escalation, enabling the user to gain elevated access on the system...

7.8CVSS5.2AI score0.00173EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2026/04/03 11:24 p.m.8 views

SUSE CVE-2026-35385

In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O legacy scp protocol and without -p preserve mode...

7.5CVSS5.8AI score0.00419EPSS
Exploits0References24
ATTACKERKB
ATTACKERKB
added 2026/04/03 2:21 a.m.2 views

CVE-2026-35535

In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not a fatal error and can lead to privilege escalation...

7.8CVSS5.9AI score0.00173EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.5 views

MiracleLinux 4 : kernel-2.6.32-754.12.1.el6 (AXSA:2019-3870:02)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2019-3870:02 advisory. kernel: Missing check in fs/inode.c:inodeinitowner does not clear SGID bit on non-directories for non-members CVE-2018-13405 Tenable has extracted the...

7.8CVSS6.5AI score0.01018EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.3 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002854)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002854 advisory. The inodeinitowner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where...

7.8CVSS6.4AI score0.01018EPSS
Exploits2References31
SUSE Linux
SUSE Linux
added 2025/05/22 7:34 p.m.2 views

Security update for the Linux Kernel (Live Patch 14 for SLE 15 SP5)

This update for the Linux Kernel 5.14.21-1505005565 fixes several issues. The following security issues were fixed: CVE-2024-53156: wifi: ath9k: add range check for connrspepid in htcconnectservice bsc1234847. CVE-2024-43882: Fixed ToCToU between perm check and set-uid/gid usage bsc1229504...

8.5CVSS8AI score0.00243EPSS
Exploits1References12
SUSE CVE
SUSE CVE
added 2025/03/09 2:26 a.m.5 views

SUSE CVE-2020-5209

In NetHack before 3.6.5, unknown options starting with -de and -i can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to influence command line...

7.8CVSS8.1AI score0.00803EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2025/02/11 7:35 a.m.5 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: exec: Fix for the issue involving the perm check and set-uid/gid usage When opening a file for execution via dofilpopen, permission checking is performed based on the file’s metadata at that moment. If the check succeeds, a file...

8.4CVSS6.5AI score0.00242EPSS
Exploits1References3
OSV
OSV
added 2024/08/21 1:15 a.m.7 views

AZL-48495 CVE-2024-43882 affecting package kernel for versions less than 5.15.167.1-1

In the Linux kernel, the following vulnerability has been resolved: exec: Fix ToCToU between perm check and set-uid/gid usage When opening a file for exec via dofilpopen, permission checking is done against the file's metadata at that moment, and on success, a file pointer is passed back. Much...

7CVSS6.5AI score0.00242EPSS
Exploits1References1
OSV
OSV
added 2023/07/24 4:15 p.m.6 views

AZL-27767 CVE-2023-1386 affecting package qemu 6.2.0-26

A flaw was found in the 9p passthrough filesystem 9pfs implementation in QEMU. When a local user in the guest writes an executable file with SUID or SGID, none of these privileged bits are correctly dropped. As a result, in rare circumstances, this flaw could be used by malicious users in the gue...

7.8CVSS6.3AI score0.00223EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2023/07/24 4:15 p.m.4 views

CVE-2023-1386

A flaw was found in the 9p passthrough filesystem 9pfs implementation in QEMU. When a local user in the guest writes an executable file with SUID or SGID, none of these privileged bits are correctly dropped. As a result, in rare circumstances, this flaw could be used by malicious users in the gue...

7.8CVSS5.9AI score0.00223EPSS
Exploits0References6
OSV
OSV
added 2023/07/24 4:15 p.m.6 views

DEBIAN-CVE-2023-1386

A flaw was found in the 9p passthrough filesystem 9pfs implementation in QEMU. When a local user in the guest writes an executable file with SUID or SGID, none of these privileged bits are correctly dropped. As a result, in rare circumstances, this flaw could be used by malicious users in the gue...

7.8CVSS5.8AI score0.00223EPSS
Exploits0References1
Rows per page
Query Builder