nodejs:20 security update

An update is available for module.nodejs-nodemon, nodejs-packaging, module.nodejs-packaging, nodejs-nodemon. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list...

CVE-2023-29403 Unsafe behavior in setuid/setgid binaries in runtime

On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file descriptors. If a setuid/setgid binary is executed with standard I...

CVE-2011-2910

The AX.25 daemon ax25d in ax25-tools before 0.0.8-13 does not check the return value of a setuid call. The setuid call is responsible for dropping privileges but if the call fails the daemon would continue to run with root privileges which can allow possible privilege escalation...

CVE-2006-3084

The 1 ftpd and 2 ksu programs in a MIT Kerberos 5 krb5 up to 1.5, and 1.4.x before 1.4.4, and b Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which might allow local users to gain privileges by causing setuid to fail to drop privileges. NOTE: as of 20060808, it is not kno...

OpenBSD kernel fails to properly check closed file descriptors "0-2" when running setuid program

Overview The OpenBSD kernel does not adequately check file descriptors 0-2 prior to execing setuid binaries. Other OS kernels may be vulnerable as well. Description The OpenBSD kernel does not adequately check file descriptors 0-2 prior to execing setuid binaries. As a result, an attacker may be...

Seyon buffer overflow exploit.

Dear, Vuln-Dev I am posting this here since I do not know if the attached buffer overflow exploit will work on any distribution where seyon comes as setgid/setuid by default. Seyon which is a telecommunications package for the X Window System, is not intended to run as setuid/setgid, however, I...