3246 matches found
Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel
Vulnerability Overview | Item | Content...
Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: openssh (UTSA-2026-016496)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016496 advisory. In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as...
sudo: Sudo: Privilege escalation due to failure in privilege drop calls
A flaw was found in Sudo. A local user could exploit a failure in the setuid, setgid, or setgroups calls, which are used to drop privileges before running the mailer. This oversight allows for privilege escalation, enabling the user to gain elevated access on the system...
CLSA-2026-1778073563 sudo: Fix of CVE-2026-35535
CVE-2026-35535: drop group privileges and supplementary groups before running the mailer in execmailer, make setuid/setgid/setgroups failures fatal, and pass user gid alongside uid when NOROOTMAILER is defined...
sudo: Sudo: Privilege escalation due to failure in privilege drop calls
A flaw was found in Sudo. A local user could exploit a failure in the setuid, setgid, or setgroups calls, which are used to drop privileges before running the mailer. This oversight allows for privilege escalation, enabling the user to gain elevated access on the system...
sudo: Sudo: Privilege escalation due to failure in privilege drop calls
A flaw was found in Sudo. A local user could exploit a failure in the setuid, setgid, or setgroups calls, which are used to drop privileges before running the mailer. This oversight allows for privilege escalation, enabling the user to gain elevated access on the system...
sudo: Sudo: Privilege escalation due to failure in privilege drop calls
A flaw was found in Sudo. A local user could exploit a failure in the setuid, setgid, or setgroups calls, which are used to drop privileges before running the mailer. This oversight allows for privilege escalation, enabling the user to gain elevated access on the system...
sudo: Sudo: Privilege escalation due to failure in privilege drop calls
A flaw was found in Sudo. A local user could exploit a failure in the setuid, setgid, or setgroups calls, which are used to drop privileges before running the mailer. This oversight allows for privilege escalation, enabling the user to gain elevated access on the system...
sudo: Sudo: Privilege escalation due to failure in privilege drop calls
A flaw was found in Sudo. A local user could exploit a failure in the setuid, setgid, or setgroups calls, which are used to drop privileges before running the mailer. This oversight allows for privilege escalation, enabling the user to gain elevated access on the system...
Unity Linux 20.1060e / 20.1070e Security Update: openssh (UTSA-2026-016484)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016484 advisory. In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as...
JLSEC-2026-453
ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable...
CLSA-2026-1777976917 openssh: Fix of CVE-2026-35385
CVE-2026-35385: when downloading files as root in legacy -O mode and without the -p preserve modes flag, scp1 did not clear setuid/setgid bits from downloaded files. Backport upstream commit 487e8ac1 to mask out the setuid/setgid bits in this case...
Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel
CVE-2026-31431 - Copy Fail - Script de detection Script Pytho...
CLSA-2026-1777941528 openssh: Fix of CVE-2026-35385
CVE-2026-35385: fix scp legacy protocol receiver to clear setuid/setgid bits from downloaded files when -p preserve mode is not set...
OpenSSH: OpenSSH: Privilege escalation via scp legacy protocol when not preserving file mode
A flaw was found in OpenSSH. When the scp command is used by a root user to download a file with the legacy protocol option -O and without preserving original file permissions -p, the downloaded file can be installed with elevated privileges setuid or setgid. This unexpected behavior could allow ...
Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel
CVE-2026-31431 — Copy Fail Linux kernel local privilege esc...
Copy Fail AF_ALG + authencesn Page-Cache Write
CVE-2026-31431 is a logic flaw in the Linux kernel's authencesn AEAD template that, when reached via the AFALG socket interface combined with splice, allows an unprivileged local user to perform a controlled 4-byte write into the page cache of any readable file. Because the corrupted pages are...
Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel
This is a public Proof-of-Concept PoC for CVE-2026-31431 "Cop...
CLSA-2026-1777586245 Fix CVE(s): CVE-2026-35385
SECURITY UPDATE: scp1 downloading as root in legacy mode without -p did not clear setuid/setgid bits on downloaded files. - debian/patches/CVE-2026-35385.patch: clear setuid/setgid bits from umask in sink when -p is not set - CVE-2026-35385...
Exploit for CVE-2026-31431
CVE-2026-31431-Copy-Fail---Vulnerability-Detection-Script Dete...