SUSE CVE-2021-3999

A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd in a setuid program could use this flaw to potentially execute...

SUSE CVE-2021-26936

The replay-sorcery program in ReplaySorcery 0.4.0 through 0.5.0, when using the default setuid-root configuration, allows a local attacker to escalate privileges to root by specifying video output paths in privileged locations...

SUSE CVE-2021-41103

containerd is an open source container runtime with an emphasis on simplicity, robustness and portability. A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory...

SUSE CVE-2022-25643

seatd-launch in seatd 0.6.x before 0.6.4 allows removing files with escalated privileges when installed setuid root. The attack vector is a user-supplied socket pathname...

SUSE CVE-2022-31214

A Privilege Context Switching issue was discovered in join.c in Firejail 0.9.68. By crafting a bogus Firejail container that is accepted by the Firejail setuid-root program as a join target, a local attacker can enter an environment in which the Linux user namespace is still the initial user...

SUSE CVE-2022-37706

enlightenmentsys in Enlightenment before 0.25.4 allows local users to gain privileges because it is setuid root, and the system library function mishandles pathnames that begin with a /dev/.. substring...

SUSE CVE-2022-47952

lxc-user-nic in lxc through 5.0.1 is installed setuid root, and may allow local users to infer whether any file exists, even within a protected directory tree, because "Failed to open" often indicates that a file does not exist, whereas "does not refer to a network namespace path" often indicates...

SUSE CVE-2023-24039

A stack-based buffer overflow in ParseColors in libXm in Common Desktop Environment 1.6 can be exploited by local low-privileged users via the dtprintinfo setuid binary to escalate their privileges to root on Solaris 10 systems. NOTE: This vulnerability only affects products that are no longer...

OESA-2023-1076 lxc security update

Containers are insulated areas inside a system, which have their own namespace for filesystem, network, PID, IPC, CPU and memory allocation and which can be created using the Control Group and Namespace features included in the Linux kernel. Security Fixes: lxc-user-nic in lxc through 5.0.1 is...

Amanda 参数注入漏洞

Amanda is an automated network disk archiver organized by the University of Maryland at College Park. It allows IT administrators to set up a single primary backup server to back up multiple hosts to tape drives/converters or disks or optical media over a network. Amanda suffers from a security...

PT-2023-19717

Name of the Vulnerable Software and Affected Versions GNU Screen versions through 4.9.0 Description The issue allows local users to send a privileged SIGHUP signal to any PID, causing a denial of service or disruption of the target process. This occurs when GNU Screen is installed setuid or setgi...

PT-2023-13547 · Amanda +2 · Amanda +2

Name of the Vulnerable Software and Affected Versions: Amanda version 3.5.1 Description: The issue allows privilege escalation from a regular user backup to root. A SUID binary located at /lib/amanda/rundump executes /usr/sbin/dump as root with controlled arguments from the attacker, which may le...

CVE-2018-25078

man-db before 2.8.5 on Gentoo allows local users with access to the man user account to gain root privileges because /usr/bin/mandb is executed by root but not owned by root. Also, the owner can strip the setuid and setgid bits...

CVE-2018-25078

man-db before 2.8.5 on Gentoo allows local users with access to the man user account to gain root privileges because /usr/bin/mandb is executed by root but not owned by root. Also, the owner can strip the setuid and setgid bits...

CVE-2018-25078

man-db before 2.8.5 on Gentoo allows local users with access to the man user account to gain root privileges because /usr/bin/mandb is executed by root but not owned by root. Also, the owner can strip the setuid and setgid bits...

CVE-2023-24039

CVE-2023-24039 affects Common Desktop Environment 1.6, specifically the ParseColors function in libXm. A stack-based buffer overflow can be exploited by local, low-privilege users via the dtprintinfo setuid binary to escalate to root on Solaris 10. Several connected sources confirm the issue and ...

PT-2023-19372 · Oracle · Solaris

Name of the Vulnerable Software and Affected Versions: Common Desktop Environment version 1.6 Description: A stack-based buffer overflow in the ParseColors function in libXm can be exploited by local low-privileged users via the dtprintinfo setuid binary to escalate their privileges to root on...

ALPINE-CVE-2022-47952

lxc-user-nic in lxc through 5.0.1 is installed setuid root, and may allow local users to infer whether any file exists, even within a protected directory tree, because "Failed to open" often indicates that a file does not exist, whereas "does not refer to a network namespace path" often indicates...

DEBIAN-CVE-2022-47952

lxc-user-nic in lxc through 5.0.1 is installed setuid root, and may allow local users to infer whether any file exists, even within a protected directory tree, because "Failed to open" often indicates that a file does not exist, whereas "does not refer to a network namespace path" often indicates...

Path traversal

lxc-user-nic in lxc through 5.0.1 is installed setuid root, and may allow local users to infer whether any file exists, even within a protected directory tree, because "Failed to open" often indicates that a file does not exist, whereas "does not refer to a network namespace path" often indicates...