Lucene search
K

744 matches found

Tenable Nessus
Tenable Nessus
added 5 days ago5 views

EulerOS 2.0 SP15 : sudo (EulerOS-SA-2026-2468)

According to the versions of the sudo packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not...

7.8CVSS5.8AI score0.00173EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 5 days ago7 views

EulerOS 2.0 SP15 : sudo (EulerOS-SA-2026-2509)

According to the versions of the sudo packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not...

7.8CVSS5.8AI score0.00173EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Containerd

Containerd is a container runtime. A bug was discovered in containerd versions prior to 1.4.8 and 1.5.4, where pulling and extracting a specially crafted container image could result in changes to Unix file permissions for existing files in the host’s filesystem. Changes to file permissions could...

6.8CVSS6.3AI score0.01608EPSS
Exploits2References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Systemd

It was discovered that a Systemd service that uses the DynamicUser property can obtain new privileges by executing SUID binaries. This allows the service to create binaries belonging to the transient group, with the setgid bit set. A local attacker could exploit this flaw to access resources that...

7.8CVSS6.1AI score0.00888EPSS
Exploits2References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Qemu

A flaw was discovered in the implementation of the QEMU virtio-fs shared file system daemon virtiofsd. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in directories shared by virtio-fs, with unintended group ownership. This occurs in a scenario where a...

7.8CVSS7.1AI score0.00332EPSS
Exploits0References2
OSV
OSV
added 2026/06/15 3:56 p.m.3 views

MGASA-2026-0211 Updated sudo packages fix security vulnerability

In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not a fatal error and can lead to privilege escalation. CVE-2026-35535...

7.8CVSS5.3AI score0.00173EPSS
Exploits0References5
OSV
OSV
added 2026/06/15 2:34 p.m.3 views

SUSE-SU-2026:2395-1 Security update for openssh

This update for openssh fixes the following issues - CVE-2026-3497: information disclosure or denial of service due to uninitialized variables bsc1259642. - CVE-2026-35385: a file downloaded by scp may be installed setuid or setgid bsc1261427. - CVE-2026-35414: mishandling of authorizedkeys...

8.2CVSS5.3AI score0.0218EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/06/14 12:0 a.m.6 views

SUSE SLED15 / SLES15 Security Update : openssh (SUSE-SU-2026:2371-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2371-1 advisory. This update for openssh fixes the following issues - CVE-2026-3497: information disclosure or denial of servic...

8.2CVSS7.2AI score0.0218EPSS
Exploits0References14
SUSE Linux
SUSE Linux
added 2026/06/11 4:6 p.m.8 views

Security update for openssh

This update for openssh fixes the following issues CVE-2026-3497: information disclosure or denial of service due to uninitialized variables bsc1259642. CVE-2026-35385: a file downloaded by scp may be installed setuid or setgid bsc1261427. CVE-2026-35388: omitted connection multiplexing...

7.5CVSS7.1AI score0.0218EPSS
Exploits0References18
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.4 views

FreeBSD : FreeBSD -- Flaw in Linuxulator execution of setugid binaries (fa5289e4-6473-11f1-958d-bc241121aa0a)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the fa5289e4-6473-11f1-958d-bc241121aa0a advisory. The Linuxulator determined whether a binary was set-user-ID or set-group-ID by checking the PSUGID...

7.1CVSS5.4AI score0.00098EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2026/05/19 6:46 p.m.7 views

sudo: Sudo: Privilege escalation due to failure in privilege drop calls

A flaw was found in Sudo. A local user could exploit a failure in the setuid, setgid, or setgroups calls, which are used to drop privileges before running the mailer. This oversight allows for privilege escalation, enabling the user to gain elevated access on the system...

7.8CVSS5.8AI score0.00173EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/05/19 1:41 p.m.10 views

sudo: Sudo: Privilege escalation due to failure in privilege drop calls

A flaw was found in Sudo. A local user could exploit a failure in the setuid, setgid, or setgroups calls, which are used to drop privileges before running the mailer. This oversight allows for privilege escalation, enabling the user to gain elevated access on the system...

7.8CVSS5.8AI score0.00173EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/05/19 1:38 p.m.25 views

OpenSSH: OpenSSH: Privilege escalation via scp legacy protocol when not preserving file mode

A flaw was found in OpenSSH. When the scp command is used by a root user to download a file with the legacy protocol option -O and without preserving original file permissions -p, the downloaded file can be installed with elevated privileges setuid or setgid. This unexpected behavior could allow ...

8.1CVSS5.8AI score0.00419EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/05/19 12:0 a.m.11 views

SUSE SLED15 / SLES15 Security Update : openssh (SUSE-SU-2026:1876-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1876-1 advisory. This update for openssh fixes the following issues - CVE-2026-35385: a file downloaded by scp may be installed...

8.1CVSS6.1AI score0.00419EPSS
Exploits0References7
OSV
OSV
added 2026/05/12 10:11 a.m.9 views

SUSE-SU-2026:21634-1 Security update for openssh

This update for openssh fixes the following issues - CVE-2026-35385: a file downloaded by scp may be installed setuid or setgid bsc1261427. - CVE-2026-35414: mishandling of authorizedkeys principals option bsc1261430...

8.1CVSS6AI score0.00419EPSS
Exploits0References5
CloudLinux
CloudLinux
added 2026/05/07 4:59 p.m.12 views

openssh: Fix of CVE-2026-35385

CVE-2026-35385: fix scp legacy protocol receiver to clear setuid/setgid bits from downloaded files when -p preserve mode is not set...

8.1CVSS5.8AI score0.00419EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/05/07 12:0 a.m.7 views

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: openssh (UTSA-2026-016496)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016496 advisory. In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as...

8.1CVSS5.8AI score0.00419EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/05/06 5:20 p.m.8 views

sudo: Sudo: Privilege escalation due to failure in privilege drop calls

A flaw was found in Sudo. A local user could exploit a failure in the setuid, setgid, or setgroups calls, which are used to drop privileges before running the mailer. This oversight allows for privilege escalation, enabling the user to gain elevated access on the system...

7.8CVSS5.8AI score0.00173EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/05/06 1:0 a.m.9 views

sudo: Sudo: Privilege escalation due to failure in privilege drop calls

A flaw was found in Sudo. A local user could exploit a failure in the setuid, setgid, or setgroups calls, which are used to drop privileges before running the mailer. This oversight allows for privilege escalation, enabling the user to gain elevated access on the system...

7.8CVSS5.8AI score0.00173EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/05/06 12:52 a.m.9 views

sudo: Sudo: Privilege escalation due to failure in privilege drop calls

A flaw was found in Sudo. A local user could exploit a failure in the setuid, setgid, or setgroups calls, which are used to drop privileges before running the mailer. This oversight allows for privilege escalation, enabling the user to gain elevated access on the system...

7.8CVSS5.8AI score0.00173EPSS
Exploits0References8
Rows per page
Query Builder