CVE-2025-58713 Rhpam: privilege escalation via excessive /etc/passwd permissions

A container privilege escalation flaw was found in certain Red Hat Process Automation Manager images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected containe...

CVE-2025-57851

A container privilege escalation flaw was found in certain Multicluster Engine for Kubernetes images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected containe...

CVE-2025-57851 Mce: privilege escalation via excessive /etc/passwd permissions

A container privilege escalation flaw was found in certain Multicluster Engine for Kubernetes images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected containe...

CVE-2025-57849

A container privilege escalation flaw was found in certain Fuse images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, ca...

CVE-2025-57849 Fuse: privilege escalation via excessive /etc/passwd permissions

A container privilege escalation flaw was found in certain Fuse images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, ca...

CVE-2025-8766

A container privilege escalation flaw was found in certain Multi-Cloud Object Gateway Core images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container,...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004239)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004239 advisory. In the Linux kernel before 5.4.2, the iouring feature leads to requests that inadvertently have UID 0 and full capabilities, aka CID-181e448d8709. This is related to...

CVE-2025-57850

A container privilege escalation flaw was found in certain CodeReady Workspaces images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a...

CVE-2025-57848 Container-native-virtualization: privilege escalation via excessive /etc/passwd permissions

A container privilege escalation flaw was found in certain Container-native Virtualization images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container,...

CVE-2025-57848

A container privilege escalation flaw was found in certain Container-native Virtualization images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container,...

CVE-2025-58712

CVE-2025-58712 affects Red Hat AMQ Broker container images. The root cause is that the /etc/passwd file is created with group-writable permissions during build time. In vulnerable conditions, a non-root caller inside an affected container who is in the root group can modify /etc/passwd to add a n...

CVE-2025-58712 Amq: privilege escalation via excessive /etc/passwd permissions

A container privilege escalation flaw was found in certain AMQ Broker images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root...

EUVD-2008-1669

Malware in sbrugna...

EUVD-1999-0084

Malware in sbrugna...

CVE-2025-57852

A container privilege escalation flaw was found in KServe ModelMesh container images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a...

AZL-29702 CVE-2023-41915 affecting package pmix for versions less than 4.1.3-1

OpenPMIx PMIx before 4.2.6 and 5.0.x before 5.0.1 allows attackers to obtain ownership of arbitrary files via a race condition during execution of library code with UID 0...

DEBIAN-CVE-2023-1076

A flaw was found in the Linux Kernel. The tun/tap sockets have their socket UID hardcoded to 0 due to a type confusion in their initialization function. While it will be often correct, as tuntap devices require CAPNETADMIN, it may not always be the case, e.g., a non-root user only having that...

CVE-2019-19241

In the Linux kernel before 5.4.2, the iouring feature leads to requests that inadvertently have UID 0 and full capabilities, aka CID-181e448d8709. This is related to fs/io-wq.c, fs/iouring.c, and net/socket.c. For example, an attacker can bypass intended restrictions on adding an IPv4 address to...

DSR-wmapm.sh

/bin/sh Pretty useless, we can mess up /etc/dumpdates or run shutdown on FreeBSD systems with wmapm from ports. If wmapm is installed from source we get root instead, so I suppose this might be worth somethinguid 0 on linux. kokanin@dtors pkginfo | grep -i wmapm wmapm-3.1 Laptop battery status...

Cisco IOS - using hping Remote Denial of Service

!/bin/tcsh -f Remote DoS exploit against the recent Cisco IOS vuln. Cisco doc. 44020 Vulnerable versions - all Cisco devices running IOS. Requirements : tcsh, and hping. Get hping @ www.hping.org And you know the best part? This script actually works! Unlike the few .c's floating around the net...