10 matches found
GLSA-202305-19 : Firejail: Local Privilege Escalation
The remote host is affected by the vulnerability described in GLSA-202305-19 Firejail: Local Privilege Escalation - A Privilege Context Switching issue was discovered in join.c in Firejail 0.9.68. By crafting a bogus Firejail container that is accepted by the Firejail setuid-root program as a joi...
CVE-2022-31214
A Privilege Context Switching issue was discovered in join.c in Firejail 0.9.68. By crafting a bogus Firejail container that is accepted by the Firejail setuid-root program as a join target, a local attacker can enter an environment in which the Linux user namespace is still the initial user...
SUSE-SU-2020:1712-1 Security update for xawtv
This update for xawtv fixes the following issues: - CVE-2020-13696: Fixed an issue in setuid-root program that which could have allowed arbitrary file existence tests and open with ORDWR bsc1171655...
OPENSUSE-SU-2020:0787-1 Security update for xawtv
This update for xawtv fixes the following issues: - CVE-2020-13696: Fixed an issue in setuid-root program that which could have allowed arbitrary file existence tests and open with ORDWR boo1171655. This update was imported from the openSUSE:Leap:15.1:Update update project...
Security update for xawtv (moderate)
openSUSE Security Update: Security update for xawtv Announcement ID: openSUSE-SU-2020:0787-1 Rating: moderate References: 1171655 Cross-References: CVE-2020-13696 Affected Products: openSUSE Backports SLE-15-SP1 An update that fixes one vulnerability is now available. Description: This update for...
CVE-2020-13696
An issue was discovered in LinuxTV xawtv before 3.107. The function devopen in v4l-conf.c does not perform sufficient checks to prevent an unprivileged caller of the program from opening unintended filesystem paths. This allows a local attacker with access to the v4l-conf setuid-root program to...
HP-UX 10/11 NLSPATH Environment Variable Format String Vulnerability (2)
No description provided by source. source: http://www.securityfocus.com/bid/8985/info HP-UX allows the NLSPATH to be set for setuid root programs, which use catopen3C and may be executed by other local users. This could result in privilege escalation as an attacker could specify an arbitrary path...
SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 4186)
This kernel update fixes the following security problems : - The IPv6 protocol allows remote attackers to cause a denial of service via crafted IPv6 type 0 route headers IPV6RTHDRTYPE0 that create network amplification between two routers. CVE-2007-2242 The default is that RH0 is disabled now. To...
CVE-2009-2669
A certain debugging component in IBM AIX 5.3 and 6.1 does not properly handle the 1 LIBINITDBG and 2 LIBINITDBGFILE environment variables, which allows local users to gain privileges by leveraging a setuid-root program to create an arbitrary root-owned file with world-writable permissions, relate...
HP-UX 10.x/11.x - Aserver PATH
source: https://www.securityfocus.com/bid/1929/info Aserver is a server program that ships with HP-UX versions 10.x and above that is used to interface client applications with the audio hardware. Because it talks to hardware, it is installed setuid root by default. During normal execution, Aserv...