Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
suid vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2009-1786
The malloc subsystem in libc in IBM AIX 5.3 and 6.1 allows local users to create or overwrite arbitrary files via a symlink attack on the log file associated with the MALLOCDEBUG environment variable.
Ibm Aix 5.3
Ibm Aix 6.1
1 EDB exploit
NA
CVE-2011-0649
Multiple unspecified vulnerabilities in TIBCO Rendezvous 8.2.1 up to and including 8.3.0, Enterprise Message Service (EMS) 5.1.0 up to and including 6.0.0, Runtime Agent (TRA) 5.6.2 up to and including 5.7.0, Silver BPM Service prior to 1.0.4, Silver CAP Service veprior to 1.0.2,...
Tibco Rendezvous 8.3.0
Tibco Rendezvous 8.2.1
Tibco Enterprise Message Service 5.1.0
Tibco Enterprise Message Service 5.1.1
Tibco Enterprise Message Service 6.0.0
Tibco Runtime Agent 5.6.2
Tibco Runtime Agent 5.7.0
Tibco Silver Bpm Service 1.0.1
Tibco Silver Bpm Service
Tibco Silver Cap Service 1.0.0
Tibco Silver Cap Service
Tibco Silver Businessworks Service 1.0.0
NA
CVE-2024-33522
In vulnerable versions of Calico (v3.27.2 and below), Calico Enterprise (v3.19.0-1, v3.18.1, v3.17.3 and below), and Calico Cloud (v19.2.0 and below), an attacker who has local access to the Kubernetes node, can escalate their privileges by exploiting a vulnerability in the Calic...
7.8
CVSSv3
CVE-2017-1000253
Linux distributions that have not patched their long-term kernels with https://git.kernel.org/linus/a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (committed on April 14, 2015). This kernel vulnerability was fixed in April 2015 by commit a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (backpo...
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 6.0
Redhat Enterprise Linux 7.2
Redhat Enterprise Linux 7.1
Redhat Enterprise Linux 6.7
Redhat Enterprise Linux 7.3
Centos Centos 6.0
Centos Centos 6.1
Centos Centos 6.2
Centos Centos 6.3
Centos Centos 6.4
Centos Centos 6.5
Centos Centos 6.6
Centos Centos 6.7
Centos Centos 6.8
Centos Centos 6.9
Centos Centos 7.1611
Centos Centos 7.1511
Centos Centos 7.1503
Centos Centos 7.1406
Redhat Enterprise Linux 6.1
Redhat Enterprise Linux 6.2
1 EDB exploit
1 Article
NA
CVE-2014-3215
seunshare in policycoreutils 2.2.5 is owned by root with 4755 permissions, and executes programs in a way that changes the relationship between the setuid system call and the getresuid saved set-user-ID value, which makes it easier for local users to gain privileges by leveraging...
Selinuxproject Policycoreutils 2.2.5
NA
CVE-2014-3074
The runtime linker in IBM AIX 6.1 and 7.1 and VIOS 2.2.x allows local users to create a mode-666 root-owned file, and consequently gain privileges, by setting crafted MALLOCOPTIONS and MALLOCBUCKETS environment-variable values and then executing a setuid program.
Ibm Vios 2.2.0.12
Ibm Vios 2.2.0.13
Ibm Vios 2.2.1.9
Ibm Vios 2.2.2.0
Ibm Vios 2.2.1.3
Ibm Vios 2.2.1.4
Ibm Vios 2.2.3.2
Ibm Vios 2.2.3.3
Ibm Vios 2.2.1.0
Ibm Vios 2.2.1.1
Ibm Vios 2.2.2.4
Ibm Vios 2.2.2.5
Ibm Vios 2.2.3.0
Ibm Vios 2.2.0.10
Ibm Vios 2.2.0.11
Ibm Vios 2.2.1.8
Ibm Aix 7.1
Ibm Aix 6.1
6.7
CVSSv3
CVE-2022-37705
A privilege escalation flaw was found in Amanda 3.5.1 in which the backup user can acquire root privileges. The vulnerable component is the runtar SUID program, which is a wrapper to run /usr/bin/tar with specific arguments that are controllable by the attacker. This program mish...
Zmanda Amanda 3.5.1
1 Github repository
7.8
CVSSv3
CVE-2019-3843
It exists that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. A local attacker may use this flaw to access resources that will be owned by a potenti...
Systemd Project Systemd
Fedoraproject Fedora 30
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.10
Netapp Solidfire -
Netapp Hci Management Node -
Netapp Snapprotect -
Netapp Cn1610 Firmware -
1 EDB exploit
3.3
CVSSv3
CVE-2023-29383
In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \n is in the block list), it is possible to misrepresent the /etc...
Shadow Project Shadow 4.13
7.8
CVSSv3
CVE-2023-30549
Apptainer is an open source container platform for Linux. There is an ext4 use-after-free flaw that is exploitable through versions of Apptainer < 1.1.0 and installations that include apptainer-suid < 1.1.8 on older operating systems where that CVE has not been patched. Tha...
Lfprojects Apptainer
Sylabs Singularity
Redhat Enterprise Linux 7.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »