CVE-1999-0555

A Unix account with a name other than "root" has UID 0, i.e. root privileges...

EUVD-2019-8867

Malware in sbrugna...

CVE-2025-57852 Openshift-ai: privilege escalation via excessive /etc/passwd permissions

A container privilege escalation flaw was found in KServe ModelMesh container images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a...

Do Not Allow Non-root Users with UID 0

The user with UID 0 is the super administrator user in the Linux system. By convention, the user name is root. The UID of a non-root user cannot be 0. If the UID of the root user is changed to another value and the UID of another user for example, the test user is changed to 0, the test user is...

ROS-20240402-01

A vulnerability in the PMIx process control interface is related to the execution of library code with UID 0. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to sensitive data...

Fedora 39 : openmpi / pmix / prrte / slurm (2023-1185eca900)

The remote Fedora 39 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-1185eca900 advisory. Security fix for CVE-2023-41915 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...

Debian DSA-5547-1 : pmix - security update

The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5547 advisory. Francois Diakhate reported that a race condition in pmix, a library implementing Process Management Interface PMI Exascale API, could allow a malicious user to obtain...

Debian dla-3643 : libpmi-pmix-dev - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3643 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3643-1 [email protected] https://www.debian.org/lts/security/...

Fedora 37 : openmpi / pmix / prrte / slurm (2023-155d2f22f1)

The remote Fedora 37 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-155d2f22f1 advisory. Security fix for CVE-2023-41915 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...

Amazon Linux 2023 : pmix, pmix-devel, pmix-pmi (ALAS2023-2023-363)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-363 advisory. OpenPMIx PMIx before 4.2.6 and 5.0.x before 5.0.1 allows attackers to obtain ownership of arbitrary files via a race condition during execution of library code with UID 0. CVE-2023-41915 Tenable has...

SUSE SLES15 / openSUSE 15 Security Update : pmix (SUSE-SU-2023:3859-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:3859-1 advisory. - OpenPMIx PMIx before 4.2.6 and 5.0.x before 5.0.1 allows attackers to obtain ownership of arbitrary files via a race condition during...

CVE-2023-41915

OpenPMIx PMIx is vulnerable to a race condition during execution of library code with UID 0, which allows attackers to obtain ownership of arbitrary files...

CVE-2023-41915

OpenPMIx PMIx before 4.2.6 and 5.0.x before 5.0.1 allows attackers to obtain ownership of arbitrary files via a race condition during execution of library code with UID 0...

CVE-2023-41915

OpenPMIx PMIx before 4.2.6 and 5.0.x before 5.0.1 allows attackers to obtain ownership of arbitrary files via a race condition during execution of library code with UID 0...

CVE-2023-41915

OpenPMIx PMIx before 4.2.6 and 5.0.x before 5.0.1 allows attackers to obtain ownership of arbitrary files via a race condition during execution of library code with UID 0...

Exploit for Out-of-bounds Write in Polkit_Project Polkit

ez-pwnkit A pure-Go implementation of the CVE-2021-4034 Pwn...

VMware Fusion USB Arbitrator Setuid Privilege Escalation

This exploits an improper use of setuid binaries within VMware Fusion 10.1.3 - 11.5.3. The Open VMware USB Arbitrator Service can be launched outide of its standard path which allows loading of an attacker controlled binary. By creating a payload in the user home directory in a specific folder, a...

CVE-2019-19241

In the Linux kernel before 5.4.2, the iouring feature leads to requests that inadvertently have UID 0 and full capabilities, aka CID-181e448d8709. This is related to fs/io-wq.c, fs/iouring.c, and net/socket.c. For example, an attacker can bypass intended restrictions on adding an IPv4 address to...

CVE-2019-19241

In the Linux kernel before 5.4.2, the iouring feature leads to requests that inadvertently have UID 0 and full capabilities, aka CID-181e448d8709. This is related to fs/io-wq.c, fs/iouring.c, and net/socket.c. For example, an attacker can bypass intended restrictions on adding an IPv4 address to...

Design/Logic Flaw

In the Linux kernel before 5.4.2, the iouring feature leads to requests that inadvertently have UID 0 and full capabilities, aka CID-181e448d8709. This is related to fs/io-wq.c, fs/iouring.c, and net/socket.c. For example, an attacker can bypass intended restrictions on adding an IPv4 address to...