Medium: libX11

Issue Overview: A flaw was found in libX11. An integer overflow leading to a heap-buffer overflow occurs when setuid programs call XIM client functions while running with elevated privileges. The highest threat from this vulnerability are to data confidentiality and integrity as well as system...

SUSE: Security Advisory (SUSE-SU-2012:0682-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2020:0547-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

libX11: Heap overflow in the X input method client

A flaw was found in libX11. An integer overflow leading to a heap-buffer overflow occurs when setuid programs call XIM client functions while running with elevated privileges. The highest threat from this vulnerability are to data confidentiality and integrity as well as system vulnerability...

bash: when effective UID is not equal to its real UID the saved UID is not dropped

A privilege escalation vulnerability was found in bash in the way it dropped privileges when started with an effective user id not equal to the real user id. Bash may be vulnerable to this flaw if the setuid permission is set and the owner of the bash program itself is a non-root user. A local...

CVE-2020-28010

Exim 4 before 4.94.2 allows Out-of-bounds Write because the main function, while setuid root, copies the current working directory pathname into a buffer that is too small on some common platforms...

Design/Logic Flaw

Exim 4 before 4.94.2 allows Out-of-bounds Write because the main function, while setuid root, copies the current working directory pathname into a buffer that is too small on some common platforms...

CVE-2020-28010

Exim 4 before 4.94.2 allows Out-of-bounds Write because the main function, while setuid root, copies the current working directory pathname into a buffer that is too small on some common platforms...

UBUNTU-CVE-2020-28010

Exim 4 before 4.94.2 allows Out-of-bounds Write because the main function, while setuid root, copies the current working directory pathname into a buffer that is too small on some common platforms...

CVE-2020-28010

Exim 4 before 4.94.2 allows Out-of-bounds Write because the main function, while setuid root, copies the current working directory pathname into a buffer that is too small on some common platforms...

Privilege Escalation

Bubblewrap bwrap is vulnerable to privilege escalation. If installed in setuid mode and the kernel supports unprivileged user namespaces, then the bwrap --userns2 option can be used to make the setuid process keep running as root while being traceable. This can in turn be used to gain root...

CVE-2021-0255

A local privilege escalation vulnerability in ethtraceroute of Juniper Networks Junos OS may allow a locally authenticated user with shell access to escalate privileges and write to the local filesystem as root. ethtraceroute is shipped with setuid permissions enabled and is owned by the root use...

Information disclosure

A sensitive information disclosure vulnerability in the mosquitto message broker of Juniper Networks Junos OS may allow a locally authenticated user with shell access the ability to read portions of sensitive files, such as the master.passwd file. Since mosquitto is shipped with setuid permission...

CVE-2021-28250

CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a setuid and/or setgid file. When a component is run as an argument of the runpicEhealth executable, the script code will be executed as the ehealth user. NOTE: This vulnerability only affects products that ar...

Privilege escalation

UNSUPPORTED WHEN ASSIGNED CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a setuid and/or setgid file. When a component is run as an argument of the runpicEhealth executable, the script code will be executed as the ehealth user. NOTE: This vulnerability onl...

CVE-2021-28250

CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a setuid and/or setgid file. When a component is run as an argument of the runpicEhealth executable, the script code will be executed as the ehealth user. NOTE: This vulnerability only affects products that ar...

Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2021-1676)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MGASA-2021-0123 Updated glib2.0 packages fix security vulnerabilities

Fix various instances within GLib where gmemdup was vulnerable to a silent integer truncation and heap overflow problem discovered by Kevin Backhouse, work by Philip Withnall 2319 Fix some issues with handling over-long invalid input when parsing for GDate !1824 Don't load GIO modules or parse...

Updated glib2.0 packages fix security vulnerabilities

Fix various instances within GLib where gmemdup was vulnerable to a silent integer truncation and heap overflow problem discovered by Kevin Backhouse, work by Philip Withnall 2319 Fix some issues with handling over-long invalid input when parsing for GDate !1824 Don't load GIO modules or parse...

Security Bulletin: The Elastic Storage Server and the GPFS Storage Server are affected by a vulnerability in IBM Spectrum Scale (CVE-2016-2985 and CVE-2016-2984)

Summary There are vulnerabilities in IBM Spectrum Scale packaged with IBM Spectrum Scale RAID for the Elastic Storage Server and the GPFS Storage Server. Vulnerability Details CVEID: CVE-2016-2985 DESCRIPTION: A security vulnerability has been identified in IBM Spectrum Scale and IBM GPFS that...