9 matches found
CVE-2021-4034
Polkit pkexec (setuid) contains a local privilege escalation flaw where pkexec fails to validate the calling parameter count and may treat crafted environment variables as commands, enabling unprivileged users to execute arbitrary code with root privileges. This has been reported across multiple ...
CVE-2026-31431
CVE-2026-31431 is a local privilege escalation in the Linux kernel’s algif_aead/AF_ALG path. The root cause is an in-place operation bug in the AEAD handling, which can be exercised via AF_ALG sockets with the authencesn algorithm and splice() to corrupt the kernel page cache of readable files wi...
CVE-2022-27239
CVE-2022-27239 affects cifs-utils up to version 6.14, due to a stack-based buffer overflow when parsing the mount.cifs ip= argument, enabling local attackers to gain root privileges. A patched version is available (e.g., cifs-utils 6.14-2 and later per advisories). Remediation is to update to a f...
CVE-2024-46956
CVE-2024-46956 affects Artifex Ghostscript (psi/zfile.c) with an out-of-bounds data access in filenameforall that can lead to arbitrary code execution on Ghostscript versions up to 10.04.0. Connected advisories confirm this vulnerability and provide patch guidance; mitigation is to update Ghostsc...
CVE-2024-46951
CVE-2024-46951 is an issue in Artifex Ghostscript (Pattern color space) where an unchecked Implementation pointer could lead to arbitrary code execution. Connected advisories confirm this affects Ghostscript’s PostScript/PDF interpreter and note a developer-identified fix in ghostpdl-10.04.0, add...
CVE-2024-46953
CVE-2024-46953 concerns Ghostscript before 10.04.0, where an integer overflow while parsing the output filename format string in base/gsdevice.c can cause path truncation, enabling path traversal and potential code execution. Affected: Ghostscript PS/PDF interpreter, notably ghostpdl-10.04.0 and ...
CVE-2024-46955
CVE-2024-46955 : Ghostscript contains an out-of-bounds read in psi/zcolor.c when reading color in Indexed color space, before version 10.04.0. Impact is a local issue with user interaction required (per CVSS details: AV:L, UI:R, Availability:A:H). The fix is indicated by the ghostpdl-10.04.0 comm...
CVE-2020-8025
CVE-2020-8025 affects the pcp permissions handling in SUSE/openSUSE packages. Affected: SLES 12-SP4, SLES 15-LTSS, SLES for SAP 15; openSUSE Leap 15.1, openSUSE Tumbleweed. Affected component: permissions for some directories under the pcp package due to Incorrect Execution-Assigned Permissions. ...
CVE-2023-32182
CVE-2023-32182 describes an improper Link Resolution Before File Access in postfix used by SUSE/OpenSUSE packages (SUSE SLED15/SLES15 SP5 and openSUSE Leap 15.5). The root cause is a link-following issue in the related config_postfix handling that could involve potentially unsafe /tmp usage. Affe...