CVE-2021-4034

Polkit pkexec (setuid) contains a local privilege escalation flaw where pkexec fails to validate the calling parameter count and may treat crafted environment variables as commands, enabling unprivileged users to execute arbitrary code with root privileges. This has been reported across multiple ...

CVE-2019-20807

CVE-2019-20807 affects Vim prior to 8.1.0881, where a user can bypass the rvim restricted mode and run arbitrary OS commands via scripting interfaces (e.g., Python, Ruby, Lua). Affected product: Vim (Unix/Linux environments). Root cause: restricted-mode bypass enabling execution of external comma...

CVE-2020-25704

CVE-2020-25704 describes a memory leak in the Linux kernel perf subsystem when using PERF_EVENT_IOC_SET_FILTER, enabling a local user to exhaust resources and cause a denial of service. The vulnerability is reiterated across multiple advisories (e.g., ALAS2KERNEL, ALAS-2020-1566, Debian/AlmaLinux...

CVE-2022-23858

The CVE-2022-23858 issue affects StarWind Command Center (REST API) where an improperly handled REST call allows any logged-in user to elevate privileges to the system account. Affected: StarWind Command Center build 6003 v2. Root cause: improper handling of REST API calls leading to privilege es...