CVE-2025-64517 sudo-rs doesn't record authenticating user properly in timestamp

sudo-rs is a memory safe implementation of sudo and su written in Rust. With Defaults targetpw or Defaults rootpw enabled, the password of the target account or root account instead of the invoking user is used for authentication. sudo-rs starting in version 0.2.5 and prior to version 0.2.10...

Security Bulletin: IBM Cloud Kubernetes Service is affected by a containerd security vulnerability (CVE-2024-40635)

Summary IBM Cloud Kubernetes Service is affected by a security vulnerability found in containerd where containers launched with a User set as a UID:GID larger than the maximum 32-bit signed integer can cause an overflow condition where the container ultimately runs as root UID 0. This could cause...

Updated docker-containerd packages fix security vulnerability

containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and 2.0.4 where containers launched with a User set as a UID:GID larger than the maximum 32-bit signed integer can cause an overflow condition where the container ultimately runs as roo...

Design/Logic Flaw

OpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior versions have a Kernel memory pool override vulnerability in /dev/mmzuserdev device driver. The impact depends on the privileges of the attacker. The unprivileged process run on the device could disclose sensitive information including kernel...

SUSE-SU-2022:2788-1 Security update for dbus-1

This update for dbus-1 fixes the following issues: - CVE-2020-35512: Fixed a memory safety issue which affected systems with users with the same numeric UID bsc1187105...

Serpico Cross-Site Scripting Vulnerability (CNVD-2020-03851)

Serpico is a penetration test report generation and collaboration tool. A cross-site scripting vulnerability exists in admin/adduser/UID in Serpico version 1.3.0, which stems from the lack of proper validation of client-side data in a WEB application and can be exploited by an attacker to execute...

CVE-2017-10600

ubuntu-image 1.0 before 2017-07-07, when invoked as non-root, creates files in the resulting image with the uid of the invoking user. When the resulting image is booted, a local attacker with the same uid as the image creator has unintended access to cloud-init and snapd directories...

Design/Logic Flaw

ubuntu-image 1.0 before 2017-07-07, when invoked as non-root, creates files in the resulting image with the uid of the invoking user. When the resulting image is booted, a local attacker with the same uid as the image creator has unintended access to cloud-init and snapd directories...

CVE-1999-1299

rcp on various Linux systems including Red Hat 4.0 allows a "nobody" user or other user with UID of 65535 to overwrite arbitrary files, since 65535 is interpreted as -1 by chown and other system calls, which causes the calls to fail to modify the ownership of the file...