Oracle Linux 8 : sudo (ELSA-2023-0284)

The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2023-0284 advisory. 1.8.29.8.1 RHEL 8.7.0.Z ERRATUM - CVE-2023-22809 sudo: arbitrary file write with privileges of the RunAs user Resolves: rhbz2161220 Tenable has extracted the...

AlmaLinux 8 : sudo (ALSA-2023:0284)

The remote AlmaLinux 8 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2023:0284 advisory. - In Sudo before 1.9.12p2, the sudoedit aka -e feature mishandles extra arguments passed in the user- provided environment variables SUDOEDITOR, VISUAL, and EDITOR...

Oracle Linux 9 : sudo (ELSA-2023-0282)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-0282 advisory. 1.9.5p2-7.1 RHEL 9.1.0.Z ERRATUM - CVE-2023-22809 sudo: arbitrary file write with privileges of the RunAs user Resolves: rhbz2161224 Tenable has extracted the...

sudo: arbitrary file write with privileges of the RunAs user

A vulnerability was found in sudo. Exposure in how sudoedit handles user-provided environment variables leads to arbitrary file writing with privileges of the RunAs user usually root. The prerequisite for exploitation is that the current user must be authorized by the sudoers policy to edit a fil...

sudo: arbitrary file write with privileges of the RunAs user

A vulnerability was found in sudo. Exposure in how sudoedit handles user-provided environment variables leads to arbitrary file writing with privileges of the RunAs user usually root. The prerequisite for exploitation is that the current user must be authorized by the sudoers policy to edit a fil...

sudo: arbitrary file write with privileges of the RunAs user

A vulnerability was found in sudo. Exposure in how sudoedit handles user-provided environment variables leads to arbitrary file writing with privileges of the RunAs user usually root. The prerequisite for exploitation is that the current user must be authorized by the sudoers policy to edit a fil...

sudo: arbitrary file write with privileges of the RunAs user

A vulnerability was found in sudo. Exposure in how sudoedit handles user-provided environment variables leads to arbitrary file writing with privileges of the RunAs user usually root. The prerequisite for exploitation is that the current user must be authorized by the sudoers policy to edit a fil...

sudo: arbitrary file write with privileges of the RunAs user

A vulnerability was found in sudo. Exposure in how sudoedit handles user-provided environment variables leads to arbitrary file writing with privileges of the RunAs user usually root. The prerequisite for exploitation is that the current user must be authorized by the sudoers policy to edit a fil...

RHEL 7 : rh-postgresql10-postgresql (RHSA-2020:5316)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:5316 advisory. PostgreSQL is an advanced object-relational database management system DBMS. The following packages have been upgraded to a later upstream...

Amazon Linux 2 : golist (ALAS-2023-1913)

The version of golist installed on the remote host is prior to 0.10.1-10. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-1913 advisory. Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to...

openSUSE 15 Security Update : cacti, cacti-spine (openSUSE-SU-2023:0025-1)

The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2023:0025-1 advisory. - Cacti is an open source platform which provides a robust and extensible operational monitoring and fault management framework for users. In affected...

RHEL 8 : sudo (RHSA-2023:0283)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:0283 advisory. The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged...

The vulnerability of the Go programming language lies in the improper elimination of special elements in the output data, allowing attackers to set arbitrary environment variables in Windows.

The vulnerability of the Go programming language is related to incorrect elimination of special elements in the output data. Exploiting this vulnerability allows a malicious actor to remotely install arbitrary environments on Windows systems...

Privilege Escalation

sudo is vulnerable to Privilege Escalation. The vulnerability exists due to mishandled extra arguments passed in the user-provided environment variables. which allows to attacker to append arbitrary entries to the list of files to process, leading to accessing user information...

Galaxy Technologies GNS3 安全漏洞

Galaxy Technologies GNS3 is a suite of network software emulators from Galaxy Technologies, USA. A security vulnerability exists in Galaxy Technologies GNS3 dynamips version 0.2.21, which originates from the use of uninitialized variables in the function genethrecv...

The vulnerability of the sudoedit function in the system administration program Sudo, which allows a hacker to escalate their privileges.

The vulnerability of the sudoedit function in the system administration program Sudo is related to errors in processing additional arguments in the environment variables. Exploiting this vulnerability allows a malicious actor to increase their privileges remotely...

CVE-2022-45925

An issue was discovered in OpenText Content Suite Platform 22.1 16.2.19.1803. The action xmlexport accepts the parameter requestContext. If this parameter is present, the response includes most of the HTTP headers sent to the server and some of the CGI variables like remoteadde and servername,...

Information disclosure

An issue was discovered in OpenText Content Suite Platform 22.1 16.2.19.1803. The action xmlexport accepts the parameter requestContext. If this parameter is present, the response includes most of the HTTP headers sent to the server and some of the CGI variables like remoteadde and servername,...

AZL-13030 CVE-2023-22809 affecting package sudo for versions less than 1.9.12p2-1

In Sudo before 1.9.12p2, the sudoedit aka -e feature mishandles extra arguments passed in the user-provided environment variables SUDOEDITOR, VISUAL, and EDITOR, allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected...

DEBIAN-CVE-2023-22809

In Sudo before 1.9.12p2, the sudoedit aka -e feature mishandles extra arguments passed in the user-provided environment variables SUDOEDITOR, VISUAL, and EDITOR, allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected...