ktsuss versions 1.4 and prior has the uid set to root and does not drop privileges prior to exe…

AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 have an error in privilege droppin…

libuv before 0.10.34 does not properly drop group privileges, which allows context-dependent at…

An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By de…

In Apache Ozone versions prior to 1.2.0, Initially generated block tokens are persisted to the …

sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, a…

Grafana is an open-source platform for monitoring and observability. When fine-grained access c…

SNMPTT before 1.4.2 allows attackers to execute shell code via EXEC, PREXEC, or unknown_trap_ex…

Bitlbee does not drop extra group privileges correctly in unix.c

masqmail 0.2.21 through 0.2.30 improperly calls seteuid() in src/log.c and src/masqmail.c that …

An issue in Ignite Realtime Openfire v.4.9.0 and before allows a remote attacker to escalate pr…

.NET and Visual Studio Elevation of Privilege Vulnerability

Apache Superset up to 1.5.1 allowed for authenticated users to access metadata information rela…

An incorrect permission check in Jenkins Matrix Authorization Strategy Plugin 2.6.5 and earlier…

An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Serv…

A flaw was discovered in Elasticsearch 7.17.0’s upgrade assistant, in which upgrading from vers…

An issue in Atomix v3.1.5 allows a malicious Atomix node to remove states of ONOS storage via a…

Play With Docker < 0.0.2 has an insecure CAP_SYS_ADMIN privileged mode causing the docker conta…

Internal browser event interfaces were exposed to web content when privileged EventHandler list…

In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_ct: skip ex…

In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no…

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4…

The docker packages version docker-1.13.1-108.git4ef4b30.el7 as released for Red Hat Enterprise…

artswrapper in aRts, when running setuid root on Linux 2.6.0 or later versions, does not check …

A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation. Th…

The version of docker as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 advi…

A flaw was found in Keycloak. This issue occurs due to improperly enforcing token types when va…

Linux distributions using CAP_SYS_NICE for gnome-shell may be exposed to a privilege escalation…

In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_rbtree:…

For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be…

A potential vulnerability has been identified in HP Anyware Agent for Linux which might allow f…

Mastodon is a free, open-source social network server based on ActivityPub. In versions before …

Authentication modules in Netatalk 1.5.0 through 4.4.2 fail to check the return value of seteui…

Before correction, the copy_file_range system call checked only for the CAP_READ and CAP_WRITE …

xrdp is an open source RDP server. In versions through 0.10.5, the session execution component …

An issue was discovered in WatchGuard EPDR 8.0.21.0002. Due to a weak implementation of a passw…

In getLocationCache of GeoLocation.java, there is a possible way to send a mock location during…

In onNullBinding of HostEmulationManager.java, there is a possible way to launch an activity fr…