131 matches found
CVE-2025-38696
CVE-2025-38696 (Linux kernel, MIPS) : The issue occurs in stack_top() for tasks without an ABI or vDSO mapping (e.g., kthreads). If such a task calls stack_top(), it can dereference a NULL ABI pointer and crash. Affected area is the MIPS support in the Linux kernel; the advisory notes the crash c...
Malicious PyPI and npm Packages Discovered Exploiting Dependencies in Supply Chain Attacks
Cybersecurity researchers have discovered a malicious package in the Python Package Index PyPI repository that introduces malicious behavior through a dependency that allows it to establish persistence and achieve code execution. The package, named termncolor , realizes its nefarious functionalit...
Linux Distros Unpatched Vulnerability : CVE-2023-26785
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - MariaDB v10.5 was discovered to contain a remote code execution RCE vulnerability via UDF Code in a Shared Object File, followed by a create function statement...
BIT-MYSQL-CLIENT-2023-26785
MariaDB v10.5 was discovered to contain a remote code execution RCE vulnerability via UDF Code in a Shared Object File, followed by a "create function" statement. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed...
BIT-MARIADB-MIN-2023-26785
MariaDB v10.5 was discovered to contain a remote code execution RCE vulnerability via UDF Code in a Shared Object File, followed by a "create function" statement. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed...
BIT-MARIADB-2023-26785
MariaDB v10.5 was discovered to contain a remote code execution RCE vulnerability via UDF Code in a Shared Object File, followed by a "create function" statement. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed...
📄 Automic Automation Agent Unix Privilege Escalation
An agent configured to run in privileged mode using the SetUID-Bit can be used to escalate privileges, by supplying an ini file with the "authentication" option set to "PAM" and the "libName" option set to a shared object file controlled by the attacker. The shared object will be loaded in an...
GL.iNet Router 安全漏洞
GL.iNet Router is a series of routers from China's Guanglian Zhitong GL.iNet company. A security vulnerability exists in GL.iNet Router that originates from a buffer overflow in the plugins.so file of the RPC Handler component...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel, which originates in the LoongArch architecture, where a task may call the stacktop function without a vDSO mapping, which...
SUSE CVE-2023-26785
MariaDB v10.5 was discovered to contain a remote code execution RCE vulnerability via UDF Code in a Shared Object File, followed by a "create function" statement. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed...
CVE-2023-26785
MariaDB v10.5 was discovered to contain a remote code execution RCE vulnerability via UDF Code in a Shared Object File, followed by a "create function" statement. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed...
CVE-2023-26785
MariaDB v10.5 was discovered to contain a remote code execution RCE vulnerability via UDF Code in a Shared Object File, followed by a "create function" statement. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed...
UBUNTU-CVE-2023-26785
MariaDB v10.5 was discovered to contain a remote code execution RCE vulnerability via UDF Code in a Shared Object File, followed by a "create function" statement. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed...
PT-2024-33216 · Wanxing Technology · Wanxing Technology Yitu Project Management Kirin Edition
Name of the Vulnerable Software and Affected Versions: Wanxing Technology Yitu Project Management Kirin Edition version 2.3.6 Description: The issue allows a remote attacker to execute arbitrary code via a specially constructed so file in /opt/EdrawProj-2/plugins/imageformat. This enables the...
USN-6945-1: wpa_supplicant and hostapd vulnerability
Rory McNamara discovered that wpasupplicant could be made to load arbitrary shared objects by unprivileged users that have access to the control interface. An attacker could use this to escalate privileges to root...
Exploit for Out-of-bounds Write in Polkit_Project Polkit
PoC exploit for CVE-2021-4034, a Local Privilege Escalation Vulnerability in polkit’s pkexec. The exploit is implemented in Python and utilizes the PwnKit vulnerability to gain elevated privileges. The code creates a malicious shared object SO that, when loaded by pkexec, executes a setuid0 and...
[SECURITY] Fedora 38 Update: netconsd-0.4-1.fc38
This is a daemon for receiving and processing logs from the Linux Kernel, as emitted over a network by the kernel's netconsole module. It supports both the old "legacy" text-only format, and the new extended format added in v4.4. The core of the daemon does nothing but process messages and drop...
[SECURITY] Fedora 37 Update: netconsd-0.4-1.fc37
This is a daemon for receiving and processing logs from the Linux Kernel, as emitted over a network by the kernel's netconsole module. It supports both the old "legacy" text-only format, and the new extended format added in v4.4. The core of the daemon does nothing but process messages and drop...
SUSE CVE-2010-3847
elf/dl-load.c in ld.so in the GNU C Library aka glibc or libc6 through 2.11.2, and 2.12.x through 2.12.1, does not properly handle a value of $ORIGIN for the LDAUDIT environment variable, which allows local users to gain privileges via a crafted dynamic shared object DSO located in an arbitrary...
nbdkit bug fix update
An update is available for nbdkit. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Network Block Device NBD is a protocol for accessing hard disks and other...