CVE-2026-46333: Local Root Privilege Escalation and Credential Disclosure in the Linux Kernel ptrace Path

The Qualys Threat Research Unit TRU has discovered and published the full advisory for CVE-2026-46333, a logic flaw in the Linux kernel's ptracemayaccess function that permits an unprivileged local user to disclose sensitive files and execute arbitrary commands as root on default installations of...

CVE-2025-1038

CVE-2025-1038 affects Hitachi TropOS 4th Gen: the Diagnostics Tools page of the web-based configuration utility fails to properly validate input, enabling an authenticated high-privilege user to inject shell commands. Exploitation can lead to execution of set-uid applications and full root access...

CVE-2025-1038

The “Diagnostics Tools” page of the web-based configuration utility does not properly validate user-controlled input, allowing an authenticated user with high privileges to inject commands into the command shell of the TropOS 4th Gen device. The injected commands can be exploited to execute sever...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: mm: avoid overflows in dirty throttling logic CVE-2024-42131 In the Linux kernel, the following vulnerability has been resolved: tipc: Return non-zero value from tipcudpaddr2str on error CVE-2024-42284 In the Linu...

exec: Fix ToCToU between perm check and set-uid/gid usage

...

SUSE-SU-2024:3499-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-48791: Fix use-after-free for aborted TMF sastask bsc1228002 - CVE-2024-44947: Initialize beyond-EOF page contents before setting uptodate bsc1229454. -...

CVE-2024-43882 exec: Fix ToCToU between perm check and set-uid/gid usage

In the Linux kernel, the following vulnerability has been resolved: exec: Fix ToCToU between perm check and set-uid/gid usage When opening a file for exec via dofilpopen, permission checking is done against the file's metadata at that moment, and on success, a file pointer is passed back. Much...

ALPINE-CVE-2022-40284

A buffer overflow was discovered in NTFS-3G before 2022.10.3. Crafted metadata in an NTFS image can cause code execution. A local attacker can exploit this if the ntfs-3g binary is setuid root. A physically proximate attacker can exploit this if NTFS-3G software is configured to execute upon...

Haserl Arbitrary File Reader

This module exploits haserl prior to 0.9.36 to read arbitrary files. The most widely accepted exploitation vector is reading /etc/shadow, which will reveal root's hash for cracking. Module Options msf use post/linux/gather/haserlread msf posthaserlread show actions ...actions... msf posthaserlrea...

Linux systemd Symlink Dereference Via chown_one() Exploit

Linux suffers from an issue with systemd where chownone can dereference symlinks. systemd: chownone can dereference symlinks CVE-2018-15687 I am sending this bug report to Ubuntu, even though it's an upstream bug, as requested at...

UBUNTU-CVE-2013-6876

The 1 ptyinitterminal and 2 pipeinitterminal functions in main.c in s3dvt 0.2.2 and earlier allows local users to gain privileges by leveraging setuid permissions and usage of bash 4.3 and earlier. NOTE: this vulnerability was fixed with commit ad732f00b411b092c66a04c359da0f16ec3b387, but the...

NfSen < 1.3.7 / AlienVault OSSIM < 5.3.6 - Local Privilege Escalation

Exploit Title: Local root exploit affecting NfSen = 1.3.7, AlienVault USM/OSSIM = 5.3.6 Version: NfSen 1.3.7 Version: AlienVault 5.3.6 Date: 2017-07-10 Vendor Homepage: http://nfsen.sourceforge.net/ Vendor Homepage: http://www.alienvault.com/ Software Link:...

GLSA-201607-12 : Exim: Arbitrary code execution

The remote host is affected by the vulnerability described in GLSA-201607-12 Exim: Arbitrary code execution Vulnerabilities have been discovered in Exims implementation of set-uid root and when using perlstartup. These vulnerabilities require a user account on the Exim server and a configuration...

Exim: Arbitrary code execution

Background Exim is a message transfer agent MTA designed to be a a highly configurable, drop-in replacement for sendmail. Description Vulnerabilities have been discovered in Exim’s implementation of set-uid root and when using ‘perlstartup’. These vulnerabilities require a user account on the Exi...

exim -- local privillege escalation

The Exim development team reports: All installations having Exim set-uid root and using 'perlstartup' are vulnerable to a local privilege escalation. Any user who can start an instance of Exim and this is normally any user can gain root privileges. If you do not use 'perlstartup' you should be sa...

ShellShock attack lab-vulnerability warning-the black bar safety net

A, experimental description 2 0 1 4 year 9 month 2 4 day Bash discovered a serious vulnerability shellshock, the vulnerability can be used in many systems, and both can be remote can also be in the local trigger. In this experiment, students need to personally reproduce the attack to understand t...

Format string vulnerability lab-vulnerability warning-the black bar safety net

A, experimental description Format string vulnerability is by like printfuserinputof such code is caused, where userinput is the user input data, having a Set-UID root privileges of such programs at run time, the printf statement will become very dangerous, because it may lead to the following...

Symantec Veritas File System qiomkfile本地信息泄露漏洞

BUGTRAQ ID: 31678 CVECAN ID: CVE-2008-3248 VERITAS File System（VxFS）是Symantec Storage Foundation套件中的文件系统组件。 VxFS的set-uid root程序qiomkfile用于管理帮助提供事件处理效率的特殊文件，qiomkfile将未初始化的数据写入到点文件。如果在命令行通过-s和-h标记向qiomkfile传送了各种数字值的话，就会导致向点文件写入文件系统内存的块。 Symantec Veritas File System 5.x Symantec Veritas File System...

IBM DB2数据库db2dasrrm缓冲区溢出和文件创建漏洞

BUGTRAQ ID: 27870 CVECAN ID: CVE-2007-5758,CVE-2007-5664 IBM DB2是一个大型的商业关系数据库系统，面向电子商务、商业资讯、内容管理、客户关系管理等应用，可运行于AIX、HP-UX、Linux、Solaris、Windows等系统。...

IBM DB2数据库db2db本地权限提升漏洞

BUGTRAQ ID: 27680 CVECAN ID: CVE-2007-5757 IBM DB2是一个大型的商业关系数据库系统，面向电子商务、商业资讯、内容管理、客户关系管理等应用，可运行于AIX、HP-UX、Linux、Solaris、Windows等系统。 在设置DB2INSTANCE环境变量的时候，libdb2库会使用相关用户的目录而不是DB2例程目录，这会允许本地非特权用户控制一些set-uid root二进制程序所操作的目录结构。...