156 matches found
UBUNTU-CVE-2026-42617
In NTFS-3G through 2026.2.25, a heap buffer overflow exists in ntfsirtoib in index.c that allows an attacker to corrupt heap memory in the SUID-root ntfs-3g binary by crafting a malicious NTFS image. The overflow is triggered by extending a directory, e.g., by creating a file...
UBUNTU-CVE-2026-46569
In NTFS-3G through 2026.2.25, a heap buffer overflow exists in ntfsibcopytail, in libntfs-3g/index.c, that allows an attacker to corrupt heap memory in the SUID-root ntfs-3g binary by crafting a malicious NTFS image. The overflow is triggered by extending a directory, e.g., by creating a file...
UBUNTU-CVE-2026-56135
In NTFS-3G through 2026.2.25, a heap-based buffer overflow exists in the function buildinheritedid in libntfs-3g/security.c that allows an attacker to corrupt heap memory in the SUID-root ntfs-3g binary by crafting a malicious NTFS image. The overflow is triggered by creating a file in a crafted...
OPENSUSE-SU-2026:20888-1 Security update for apptainer
This update for apptainer fixes the following issues: Changes in apptainer: - CVE-2026-39821: Update golang.org/x/net to 0.55.0. bsc1266656 - Add improved handling of suid-starter: Add system group apptainer Make sure, only users belonging to this group are able to run the application. Document...
Exploit for CVE-2026-43494
SLEY — PinTheft PoC CVE-2026-43494 Proof o...
Exploit for CVE-2026-31431
CVE-2026-31431 "Copy Fail" — Universal LPE Exploit Linux...
PT-2026-34185
Name of the Vulnerable Software and Affected Versions NTFS-3G versions 2022.10.3 through 2026.2.24 Description A heap buffer overflow exists in the ntfs build permissions posix function within acls.c. This issue allows an attacker to corrupt heap memory in the SUID-root ntfs-3g binary by using a...
CVE-2026-40706
In NTFS-3G 2022.10.3 before 2026.2.25, a heap buffer overflow exists in ntfsbuildpermissionsposix in acls.c that allows an attacker to corrupt heap memory in the SUID-root ntfs-3g binary by crafting a malicious NTFS image. The overflow is triggered on the READ path stat, readdir, open when...
CVE-2026-29123 Multiple SUID Root Binaries in `xd` User Home Directory Leading to Potential Local Privilege Escalation
A SUID root-owned binary in /home/xd/terminal/XDTerminal in International Data Casting IDC SFX2100 on Linux allows a local actor to potentially preform local privilege escalation depending on conditions of the system via execution of the affected SUID binary. This can be via PATH hijacking, symli...
CVE-2026-29123 Multiple SUID Root Binaries in `xd` User Home Directory Leading to Potential Local Privilege Escalation
A SUID root-owned binary in /home/xd/terminal/XDTerminal in International Data Casting IDC SFX2100 on Linux allows a local actor to potentially preform local privilege escalation depending on conditions of the system via execution of the affected SUID binary. This can be via PATH hijacking, symli...
CVE-2022-31594
A highly privileged user can exploit SUID-root program to escalate his privileges to root on a local Unix system...
TencentOS Server 4: udisks2 (TSSA-2025:0480)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0480 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
EulerOS 2.0 SP13 : libblockdev (EulerOS-SA-2025-2266)
According to the versions of the libblockdev packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A Local Privilege Escalation LPE vulnerability was found in libblockdev. Generally, the 'allowactive' setting in Polkit permits a physically...
EulerOS 2.0 SP13 : udisks2 (EulerOS-SA-2025-2312)
According to the versions of the udisks2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A Local Privilege Escalation LPE vulnerability was found in libblockdev. Generally, the 'allowactive' setting in Polkit permits a physically...
EulerOS 2.0 SP11 : libblockdev (EulerOS-SA-2025-2200)
According to the versions of the libblockdev packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A Local Privilege Escalation LPE vulnerability was found in libblockdev. Generally, the 'allowactive' setting in Polkit permits a physically...
Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: udisks2 (UTSA-2025-984808)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-984808 advisory. A Local Privilege Escalation LPE vulnerability was found in libblockdev. Generally, the allowactive setting in Polkit permits a physically present user to take certa...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: udisks2 (UTSA-2025-587571)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-587571 advisory. A Local Privilege Escalation LPE vulnerability was found in libblockdev. Generally, the allowactive setting in Polkit permits a physically present user to take certa...
EUVD-2022-53048
Malicious code in bioql PyPI...
EulerOS 2.0 SP12 : udisks2 (EulerOS-SA-2025-2061)
According to the versions of the udisks2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A Local Privilege Escalation LPE vulnerability was found in libblockdev. Generally, the 'allowactive' setting in Polkit permits a physically...
EulerOS 2.0 SP12 : udisks2 (EulerOS-SA-2025-2030)
According to the versions of the udisks2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A Local Privilege Escalation LPE vulnerability was found in libblockdev. Generally, the 'allowactive' setting in Polkit permits a physically...