OPENSUSE-SU-2026:20888-1 Security update for apptainer

This update for apptainer fixes the following issues: Changes in apptainer: - CVE-2026-39821: Update golang.org/x/net to 0.55.0. bsc1266656 - Add improved handling of suid-starter: Add system group apptainer Make sure, only users belonging to this group are able to run the application. Document...

Exploit for CVE-2026-43494

SLEY — PinTheft PoC CVE-2026-43494 Proof o...

Exploit for CVE-2026-31431

CVE-2026-31431 "Copy Fail" — Universal LPE Exploit Linux...

PT-2026-34185

Name of the Vulnerable Software and Affected Versions NTFS-3G versions 2022.10.3 through 2026.2.24 Description A heap buffer overflow exists in the ntfs build permissions posix function within acls.c. This issue allows an attacker to corrupt heap memory in the SUID-root ntfs-3g binary by using a...

CVE-2026-29123 Multiple SUID Root Binaries in `xd` User Home Directory Leading to Potential Local Privilege Escalation

A SUID root-owned binary in /home/xd/terminal/XDTerminal in International Data Casting IDC SFX2100 on Linux allows a local actor to potentially preform local privilege escalation depending on conditions of the system via execution of the affected SUID binary. This can be via PATH hijacking, symli...

CVE-2026-29123 Multiple SUID Root Binaries in `xd` User Home Directory Leading to Potential Local Privilege Escalation

A SUID root-owned binary in /home/xd/terminal/XDTerminal in International Data Casting IDC SFX2100 on Linux allows a local actor to potentially preform local privilege escalation depending on conditions of the system via execution of the affected SUID binary. This can be via PATH hijacking, symli...

CVE-2022-31594

A highly privileged user can exploit SUID-root program to escalate his privileges to root on a local Unix system...

TencentOS Server 4: udisks2 (TSSA-2025:0480)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0480 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

EulerOS 2.0 SP13 : libblockdev (EulerOS-SA-2025-2266)

According to the versions of the libblockdev packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A Local Privilege Escalation LPE vulnerability was found in libblockdev. Generally, the 'allowactive' setting in Polkit permits a physically...

EulerOS 2.0 SP13 : udisks2 (EulerOS-SA-2025-2312)

According to the versions of the udisks2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A Local Privilege Escalation LPE vulnerability was found in libblockdev. Generally, the 'allowactive' setting in Polkit permits a physically...

EulerOS 2.0 SP11 : libblockdev (EulerOS-SA-2025-2200)

According to the versions of the libblockdev packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A Local Privilege Escalation LPE vulnerability was found in libblockdev. Generally, the 'allowactive' setting in Polkit permits a physically...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: udisks2 (UTSA-2025-984808)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-984808 advisory. A Local Privilege Escalation LPE vulnerability was found in libblockdev. Generally, the allowactive setting in Polkit permits a physically present user to take certa...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: udisks2 (UTSA-2025-587571)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-587571 advisory. A Local Privilege Escalation LPE vulnerability was found in libblockdev. Generally, the allowactive setting in Polkit permits a physically present user to take certa...

EUVD-2022-53048

Malicious code in bioql PyPI...

EulerOS 2.0 SP12 : udisks2 (EulerOS-SA-2025-2030)

According to the versions of the udisks2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A Local Privilege Escalation LPE vulnerability was found in libblockdev. Generally, the 'allowactive' setting in Polkit permits a physically...

EulerOS 2.0 SP12 : udisks2 (EulerOS-SA-2025-2061)

According to the versions of the udisks2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A Local Privilege Escalation LPE vulnerability was found in libblockdev. Generally, the 'allowactive' setting in Polkit permits a physically...

Linux Distros Unpatched Vulnerability : CVE-2025-6019

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Local Privilege Escalation LPE vulnerability was found in libblockdev. Generally, the allowactive setting in Polkit permits a physically present user to take...

CLSA-2025-1754340109 libblockdev: Fix of CVE-2025-6019

CVE-2025-6019: fix local privilege escalation vulnerability by updating libblockdev to prevent mounting of user-provided filesystem images with SUID- root shell...

libblockdev: LPE from allow_active to root in libblockdev via udisks

A Local Privilege Escalation LPE vulnerability was found in libblockdev. Generally, the "allowactive" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the udisks daemon, an "allowactive" user on a syst...

MGASA-2025-0188 Updated udisks2 & libblockdev packages fix security vulnerabilities

A Local Privilege Escalation LPE vulnerability was found in libblockdev. Generally, the "allowactive" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the udisks daemon, an "allowactive" user on a syst...