293 matches found
EulerOS Virtualization 2.10.0 : util-linux (EulerOS-SA-2026-1568)
According to the versions of the util-linux packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifical...
EulerOS Virtualization 2.10.1 : util-linux (EulerOS-SA-2026-1548)
According to the versions of the util-linux packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifical...
CVE-2026-29123
A SUID root-owned binary in /home/xd/terminal/XDTerminal in International Data Casting IDC SFX2100 on Linux allows a local actor to potentially preform local privilege escalation depending on conditions of the system via execution of the affected SUID binary. This can be via PATH hijacking, symli...
EUVD-2026-9516
Multiple SUID root-owned binaries are found in /home/monitor/terminal, /home/monitor/kore-terminal, /home/monitor/IDE-DPack/terminal-dpack, and /home/monitor/IDE-DPack/terminal-dpack2 in International Data Casting IDC SFX2100 Satellite Receiver, which may lead to local privlidge escalation from t...
EUVD-2026-9515
A SUID root-owned binary in /home/xd/terminal/XDTerminal in International Data Casting IDC SFX2100 on Linux allows a local actor to potentially preform local privilege escalation depending on conditions of the system via execution of the affected SUID binary. This can be via PATH hijacking, symli...
CVE-2026-29123
A SUID root-owned binary in /home/xd/terminal/XDTerminal in International Data Casting IDC SFX2100 on Linux allows a local actor to potentially preform local privilege escalation depending on conditions of the system via execution of the affected SUID binary. This can be via PATH hijacking, symli...
CVE-2026-29121 `/sbin/ip` Binary given SETUID Permissions on IDC SFX2100 Leading to Potential LPE
International Data Casting IDC SFX2100 satellite receiver comes with the /sbin/ip utility installed with the setuid bit set. This configuration grants elevated privileges to any local user who can execute the binary. A local actor is able to use the GTFObins resource to preform privileged file...
International Datacasting SFX2100 SuperFlex Satellite Receiver 安全漏洞
The International Datacasting SFX2100 SuperFlex Satellite Receiver is a professional broadcast-grade satellite signal receiving device from the International Datacasting company. The International Datacasting SFX2100 SuperFlex Satellite Receiver has a security vulnerability, which stems from the...
linux-privilege-escalation-oscp-guide
🔥 Cyber Public School – Linux Privilege Escalation Ultra Guide...
LinuxPrivEscToolkit
🛡️ Linux Privilege Escalation Toolkit !Pythonhttps://img.s...
util-linux: util-linux: Heap buffer overread in setpwnam() when processing 256-byte usernames
A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the setpwnam function, affecting SUID Set User ID login-utils utilities writing to the password database...
SUID_Trust_Exploiter
SU...
Unity Linux 20.1070e Security Update: screen (UTSA-2026-005209)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005209 advisory. A minor information leak when running Screen with setuid-root privileges allows unprivileged users to deduce information about a path that would otherwise not be...
Astra Linux – Vulnerability in Systemd
A vulnerability was discovered in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary, thereby gaining access to the original’s privileged process core dump. This enables the attacker to read sensitive data, such as the contents of...
CVE-2026-23754
D-Link D-View 8 versions 2.0.1.107 and below contain an improper access control vulnerability in backend API endpoints. Any authenticated user can supply an arbitrary userid value to retrieve sensitive credential data belonging to other users, including super administrators. The exposed credentia...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004403)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004403 advisory. A race condition in perfeventopen allows local attackers to leak sensitive data from setuid programs. As no relevant locks in particular the credguardmutex are held...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000900)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000900 advisory. The movepages system call in mm/migrate.c in the Linux kernel before 4.12.9 doesn't check the effective uid of the target process, enabling a local attacker to learn...
CVE-2023-4404
The Donation Forms by Charitable plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.7.0.12 due to insufficient restriction on the 'updatecoreuser' function. This makes it possible for unauthenticated attackers to specify their user role by supplying the...
Unity Linux 20.1070e Security Update: util-linux (UTSA-2025-993327)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993327 advisory. A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the setpwnam function,...
Linux Distros Unpatched Vulnerability : CVE-2023-54168
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RDMA/mlx4: Prevent shift wrapping in setusersqsize The ucmd-logsqbbcount variable is controlled by the user so this shift can wrap. Fix it by using...