sudo: Sudo: Privilege escalation due to failure in privilege drop calls

A flaw was found in Sudo. A local user could exploit a failure in the setuid, setgid, or setgroups calls, which are used to drop privileges before running the mailer. This oversight allows for privilege escalation, enabling the user to gain elevated access on the system...

sudo: Sudo: Privilege escalation due to failure in privilege drop calls

A flaw was found in Sudo. A local user could exploit a failure in the setuid, setgid, or setgroups calls, which are used to drop privileges before running the mailer. This oversight allows for privilege escalation, enabling the user to gain elevated access on the system...

SUSE SLED15 / SLES15 Security Update : openssh (SUSE-SU-2026:1876-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1876-1 advisory. This update for openssh fixes the following issues - CVE-2026-35385: a file downloaded by scp may be installed...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: openssh (UTSA-2026-016496)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016496 advisory. In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as...

Astra Linux - уязвимость в containerd

Containerd is a container runtime. A bug was discovered in containerd versions prior to 1.4.8 and 1.5.4, where pulling and extracting a specially crafted container image could result in changes to Unix file permissions for existing files in the host’s filesystem. Changes to file permissions could...

CLSA-2026-1777567687 Fix CVE(s): CVE-2026-35385

SECURITY UPDATE: scp setuid/setgid bit handling - debian/patches/CVE-2026-35385.patch: when downloading files as root in legacy -O mode and without the -p preserve modes flag, mask out setuid/setgid bits in scp1 sink. - CVE-2026-35385...

CLSA-2026-1777547626 openssh: Fix of CVE-2026-35385

CVE-2026-35385: clear setuid/setgid bits when downloading files as root in scp legacy -O mode without the -p flag...

Important: openssh

Issue Overview: In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O legacy scp protocol and without -p preserve mode. CVE-2026-35385 Affected Packages: openssh Note: This...

sudo: Sudo: Privilege escalation due to failure in privilege drop calls

A flaw was found in Sudo. A local user could exploit a failure in the setuid, setgid, or setgroups calls, which are used to drop privileges before running the mailer. This oversight allows for privilege escalation, enabling the user to gain elevated access on the system...

CVE-2026-35350 uutils coreutils cp Unexpected Privileged Executable Creation with -p

The cp utility in uutils coreutils fails to properly handle setuid and setgid bits when ownership preservation fails. When copying with the -p preserve flag, the utility applies the source mode bits even if the chown operation is unsuccessful. This can result in a user-owned copy retaining origin...

SUSE-SU-2026:21369-1 Security update for sudo

This update for sudo fixes the following issues: - CVE-2026-35535: unhandled failure of setuid, setgid or setgroups calls during a mailer privilege drop allows for local privilege escalation bsc1261420...

SUSE-SU-2026:21252-1 Security update for sudo

This update for sudo fixes the following issues: - CVE-2026-35535: unhandled failure of setuid, setgid or setgroups calls during a mailer privilege drop allows for local privilege escalation bsc1261420...

CVE-2026-35535

CVE-2026-35535 affects Sudo up to 1.9.17p2, before the patch identified as 3e474c2. A failure in a setuid/setgid/setgroups call during privilege drop prior to invoking the mailer is not fatal and can lead to local privilege escalation. The vulnerability is restricted to local attackers with exist...

Ubuntu: Security Advisory (USN-7978-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003323)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003323 advisory. The archpickmmaplayout function in arch/x86/mm/mmap.c in the Linux kernel through 4.5.2 does not properly randomize the legacy base address, which makes it easier fo...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002649)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002649 advisory. The archpickmmaplayout function in arch/x86/mm/mmap.c in the Linux kernel through 4.5.2 does not properly randomize the legacy base address, which makes it easier fo...

EUVD-2001-0170

Malware in sbrugna...

EUVD-2005-2542

Malware in sbrugna...

EUVD-2001-0084

Malware in sbrugna...

EUVD-2016-4697

Malware in sbrugna...