15 matches found
EUVD-2003-0019
Malware in sbrugna...
EUVD-2025-16307
Malicious code in bioql PyPI...
CVE-2025-23395
Screen 5.0.0 when it runs with setuid-root privileges does not drop privileges while operating on a user supplied path. This allows unprivileged users to create files in arbitrary locations with root ownership, the invoking user's real group ownership and file mode 0644. All data written to the...
CVE-2025-23395
Screen 5.0.0 when it runs with setuid-root privileges does not drop privileges while operating on a user supplied path. This allows unprivileged users to create files in arbitrary locations with root ownership, the invoking user's real group ownership and file mode 0644. All data written to the...
CVE-2025-23395 Local root exploit via `logfile_reopen()` in screen 5.0.0 with setuid-root bit set
Screen 5.0.0 when it runs with setuid-root privileges does not drop privileges while operating on a user supplied path. This allows unprivileged users to create files in arbitrary locations with root ownership, the invoking user's real group ownership and file mode 0644. All data written to the...
CVE-2025-23395
CVE-2025-23395 affects Screen 5.0.0 when run with setuid-root privileges. The root cause is that logfile_reopen() does not drop privileges while operating on a user-supplied path, allowing an unprivileged user to create files in arbitrary locations with root ownership, the invoking user’s real gr...
CVE-2025-46804
A minor information leak when running Screen with setuid-root privileges allows unprivileged users to deduce information about a path that would otherwise not be available. Affected are older Screen versions, as well as version 5.0.0...
CVE-2025-46804
A minor information leak when running Screen with setuid-root privileges allows unprivileged users to deduce information about a path that would otherwise not be available. Affected are older Screen versions, as well as version 5.0.0...
CVE-2025-46804 Screen 5.0.0 and older versions allow file existence tests when installed setuid-root
A minor information leak when running Screen with setuid-root privileges allows unprivileged users to deduce information about a path that would otherwise not be available. Affected are older Screen versions, as well as version 5.0.0...
CVE-2025-46804 Screen 5.0.0 and older versions allow file existence tests when installed setuid-root
A minor information leak when running Screen with setuid-root privileges allows unprivileged users to deduce information about a path that would otherwise not be available. Affected are older Screen versions, as well as version 5.0.0...
CVE-2025-46804
CVE-2025-46804 describes a local information-leak in GNU Screen when running with setuid-root privileges. The issue allows an unprivileged user to deduce information about a path that would otherwise be inaccessible. Affected are older Screen versions as well as version 5.0.0. The connected advis...
ISDN4Linux 3.1 IPPPD Device String SysLog Format String Vulnerability (2)
No description provided by source. source: http://www.securityfocus.com/bid/5437/info isdn4linux is a freely available, open source package of isdn compatibility tools. It is available for Linux operating systems. isdn4linux contains a format string vulnerability in the ipppd utility. In some...
NVIDIA UNIX driver -- ARGB cursor buffer overflow in "NoScanout" mode
NVIDIA Unix security team reports: When the NVIDIA driver for the X Window System is operated in "NoScanout" mode, and an X client installs an ARGB cursor that is larger than the expected size 64x64 or 256x256, depending on the driver version, the driver will overflow a buffer. This can cause a...
CVE-2003-0019
umlnet in the kernel-utils package for Red Hat Linux 8.0 has incorrect setuid root privileges, which allows local users to modify network interfaces, e.g. by modifying ARP entries or placing interfaces into promiscuous mode...
CVE-2003-0019
umlnet in the kernel-utils package for Red Hat Linux 8.0 has incorrect setuid root privileges, which allows local users to modify network interfaces, e.g. by modifying ARP entries or placing interfaces into promiscuous mode...