12 matches found
EUVD-2009-2651
Malware in sbrugna...
EUVD-2013-6693
Malware in sbrugna...
CVE-2009-2657
nilfs-utils before 2.0.14 installs multiple programs with unnecessary setuid privileges, which allows local users to execute arbitrary commands via the device string in a -c command line option to mkfs.nilfs2...
Debian dla-3895 : puredata - security update
The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-3895 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3895-1 [email protected] https://www.debian.org/lts/security/...
nodejs: setuid() does not drop all privileges due to io_uring
A flaw was found in Node.js, where the setuid does not affect libuv's internal iouring operations if initialized before the call to setuid. This issue allows the process to perform privileged operations despite presumably having dropped such privileges through a call to setuid...
Node.js Security Vulnerabilities
Node.js is an open source, cross-platform JavaScript runtime environment. A security vulnerability exists in Node.js versions 18.18.x, 20.4.x, and 21.x, which stems from the fact that setuid does not relinquish all privileges as a result of iouring, allowing the process to perform privileged...
SUSE CVE-2009-0360
Russ Allbery pam-krb5 before 3.13, when linked against MIT Kerberos, does not properly initialize the Kerberos libraries for setuid use, which allows local users to gain privileges by pointing an environment variable to a modified Kerberos configuration file, and then launching a PAM-based setuid...
ALPINE-CVE-2020-14344
An integer overflow leading to a heap-buffer overflow was found in The X Input Method XIM client was implemented in libX11 before version 1.6.10. As per upstream this is security relevant when setuid programs call XIM client functions while running with elevated privileges. No such programs are...
UBUNTU-CVE-2020-14344
An integer overflow leading to a heap-buffer overflow was found in The X Input Method XIM client was implemented in libX11 before version 1.6.10. As per upstream this is security relevant when setuid programs call XIM client functions while running with elevated privileges. No such programs are...
CVE-2013-6891
lppasswd in CUPS before 1.7.1, when running with setuid privileges, allows local users to read portions of arbitrary files via a modified HOME environment variable and a symlink attack involving .cups/client.conf...
HP Tru64 UNIX "msgchk" contains buffer overflow (SSRT2275)
Overview msgchk, a part of the MH mail system, reportedly suffers from a buffer overflow with respect to the name of the inbox to be checked for new mail. This overflow would allow the user of msgchk to execute arbitrary code. Description msgchk is the portion of the MH mail system that checks fo...
Luca Deri ntop 1.2 a7-91.3.1 - Remote Buffer Overflow
Luca Deri ntop 1.2 a7-91.3.1 - Remote Buffer Overflow // source: https://www.securityfocus.com/bid/1576/info ntop is a network usage monitoring tool for unix systems. It can be invoked at the console or as a server daemon, presenting statistics information via http with the -w parameter. In this...