MiracleLinux 8 : nodejs:20 (AXSA:2024-7668:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7668:01 advisory. nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS1 v1.5 padding Marvin CVE-2023-46809 nodejs: reading unprocessed HTTP...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000809)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000809 advisory. The archpickmmaplayout function in arch/x86/mm/mmap.c in the Linux kernel through 4.5.2 does not properly randomize the legacy base address, which makes it easier fo...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003619)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003619 advisory. The Linux kernel before 4.8 allows local users to bypass ASLR on setuid programs such as /bin/su because installexeccreds is called too late in loadelfbinary in...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003650)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003650 advisory. The Linux kernel before 4.8 allows local users to bypass ASLR on setuid programs such as /bin/su because installexeccreds is called too late in loadelfbinary in...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001273)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001273 advisory. The Linux kernel before 4.8 allows local users to bypass ASLR on setuid programs such as /bin/su because installexeccreds is called too late in loadelfbinary in...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001241)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001241 advisory. A race condition in perfeventopen allows local attackers to leak sensitive data from setuid programs. As no relevant locks in particular the credguardmutex are held...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-004104)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004104 advisory. A race condition in perfeventopen allows local attackers to leak sensitive data from setuid programs. As no relevant locks in particular the credguardmutex are held...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-004801)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004801 advisory. A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernels OverlayFS...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002530)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002530 advisory. Race condition in the preparebinprm function in fs/exec.c in the Linux kernel before 3.19.6 allows local users to gain privileges by executing a setuid program at a...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003127)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003127 advisory. The overlayfs implementation in the Linux kernel through 4.5.2 does not properly restrict the mount namespace, which allows local users to gain privileges by mountin...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003059)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003059 advisory. The movepages system call in mm/migrate.c in the Linux kernel before 4.12.9 doesn't check the effective uid of the target process, enabling a local attacker to learn...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003323)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003323 advisory. The archpickmmaplayout function in arch/x86/mm/mmap.c in the Linux kernel through 4.5.2 does not properly randomize the legacy base address, which makes it easier fo...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002649)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002649 advisory. The archpickmmaplayout function in arch/x86/mm/mmap.c in the Linux kernel through 4.5.2 does not properly randomize the legacy base address, which makes it easier fo...

MiracleLinux 9 : glibc-2.34-168.el9_6.19 (AXSA:2025-10672:12)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10672:12 advisory. glibc: static setuid binary dlopen may incorrectly search LDLIBRARYPATH CVE-2025-4802 Tenable has extracted the preceding description block directly from th...

CVE-2021-28250

CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a setuid and/or setgid file. When a component is run as an argument of the runpicEhealth executable, the script code will be executed as the ehealth user. NOTE: This vulnerability only affects products that ar...

CVE-2016-10323

Synology Photo Station before 6.3-2958 allows local users to gain privileges by leveraging setuid execution of a "synophotodsmuser --copy-no-ea" command...

CVE-2019-18862

maidag in GNU Mailutils before 3.8 is installed setuid and allows local privilege escalation in the url mode...

PT-2026-28661

Name of the Vulnerable Software and Affected Versions polkit affected versions not specified Description A flaw exists in polkit where a local user can trigger a denial of service. This occurs by providing a specially crafted, excessively long input to the polkit-agent-helper-1 setuid binary via...

VAPT-Task-3-PTES

VAPT Task-3 – Advanced Exploitation & PTES Report 👤 Author...

Oracle Linux 8 : glibc (ELSA-2025-28054)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-28054 advisory. - CVE-2025-8058: Double free in regcomp RHEL-105326 - CVE-2025-4802: static setuid dlopen may search LDLIBRARYPATH RHEL-92685 Tenable has extracted the precedi...