Solaris 2.4 before kernel jumbo patch -35 allows set-gid programs to dump core even if the real user id is not in the set-gid group, which allows loca...
vold in Solaris 2.x allows local users to gain root access.
fm_fls license server for Adobe Framemaker allows local users to overwrite arbitrary files and gain root access.
Expreserve, as used in vi and ex, allows local users to overwrite arbitrary files and gain root access.
Buffer overflow in rwhod on AIX and other operating systems allows remote attackers to execute arbitrary code via a UDP packet with a long hostname.
Pine before version 3.94 allows local users to gain privileges via a symlink attack on a lockfile that is created when a user receives new mail.
Sendmail before 8.6.7 allows local users to gain root access via a large value in the debug (-d) command line option.