39 matches found
SUSE-SU-2021:0685-1 Security update for grub2
This update for grub2 fixes the following issues: grub2 now implements the new 'SBAT' method for SHIM based secure boot revocation. bsc1182057 Following security issues are fixed that can violate secure boot constraints: - CVE-2020-25632: Fixed a use-after-free in rmmod command bsc1176711 -...
[SECURITY] Fedora 32 Update: sudo-1.9.0-0.1.b1.fc32
Sudo superuser do allows a system administrator to give certain users or groups of users the ability to run some or all commands as root while logging all commands and arguments. Sudo operates on a per-command basis. It is not a replacement for the shell. Features include: the ability to restrict...
SUSE-SU-2019:2656-1 Security update for sudo
This update for sudo fixes the following issue: - CVE-2019-14287: Fixed an issue where a user with sudo privileges that allowed them to run commands with an arbitrary uid, could run commands as root, despite being forbidden to do so in sudoers bsc1153674...
CVE-2018-15327
In BIG-IP 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1 or Enterprise Manager 3.1.1, when authenticated administrative users run commands in the Traffic Management User Interface TMUI, also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced...
CVE-2018-5523
Summary of CVE-2018-5523 (F5 BIG-IP TMUI command restriction bypass) This issue affects BIG-IP TMUI (BIG-IP Configuration utility) on multiple versions, where authenticated administrative users can run commands without enforcement of restrictions. A privilege-escalation path exists for authentica...
CVE-2016-7032
sudonoexec.so in Sudo before 1.8.15 on Linux might allow local users to bypass intended noexec command restrictions via an application that calls the 1 system or 2 popen function...
CVE-2015-2756
QEMU, as used in Xen 3.3.x through 4.5.x, does not properly restrict access to PCI command registers, which might allow local HVM guest users to cause a denial of service non-maskable interrupt and host crash by disabling the 1 memory or 2 I/O decoding for a PCI Express device and then accessing...
CVE-2015-2150
Xen 3.3.x through 4.5.x and the Linux kernel through 3.19.1 do not properly restrict access to PCI command registers, which might allow local guest OS users to cause a denial of service non-maskable interrupt and host crash by disabling the 1 memory or 2 I/O decoding for a PCI Express device and...
Accellion Secure File Transfer Appliance Multiple Command Restriction Weakness Local Privilege Escalation
No description provided by source. source: http://www.securityfocus.com/bid/38176/info Accellion File Transfer Appliance is prone to multiple remote vulnerabilities, including: - Multiple privilege-escalation issues - A directory-traversal issue - An HTML-injection issue - A remote...
CVE-2012-0920
Use-after-free vulnerability in Dropbear SSH Server 0.52 through 2012.54, when command restriction and public key authentication are enabled, allows remote authenticated users to execute arbitrary code and bypass command restrictions via multiple crafted command requests, related to "channels...
Design/Logic Flaw
Use-after-free vulnerability in Dropbear SSH Server 0.52 through 2012.54, when command restriction and public key authentication are enabled, allows remote authenticated users to execute arbitrary code and bypass command restrictions via multiple crafted command requests, related to "channels...
CVE-2012-0920
Dropbear SSH Server 0.52–2012.54 is affected by a use-after-free (UAF) vulnerability when command restriction and public key authentication are enabled, exploitable by remote authenticated users via crafted command requests related to channels concurrency. Impact per sources includes arbitrary co...
CVE-2012-0920
Use-after-free vulnerability in Dropbear SSH Server 0.52 through 2012.54, when command restriction and public key authentication are enabled, allows remote authenticated users to execute arbitrary code and bypass command restrictions via multiple crafted command requests, related to "channels...
[SECURITY] Fedora 17 Update: sudo-1.8.3p1-7.fc17
Sudo superuser do allows a system administrator to give certain users or groups of users the ability to run some or all commands as root while logging all commands and arguments. Sudo operates on a per-command basis. It is not a replacement for the shell. Features include: the ability to restrict...
Dropbear SSH Server Channel Concurrency Use-after-free Remote Code Execution
According to its self-reported banner, the remote host is running a version of Dropbear SSH before 2012.55. As such, it reportedly contains a flaw that might allow an attacker to run arbitrary code on the remote host with root privileges if they are authenticated using a public key and command...
[SECURITY] Fedora 13 Update: sudo-1.7.4p5-1.fc13
Sudo superuser do allows a system administrator to give certain users or groups of users the ability to run some or all commands as root while logging all commands and arguments. Sudo operates on a per-command basis. It is not a replacement for the shell. Features include: the ability to restrict...
[SECURITY] Fedora 12 Update: sudo-1.7.2p6-2.fc12
Sudo superuser do allows a system administrator to give certain users or groups of users the ability to run some or all commands as root while logging all commands and arguments. Sudo operates on a per-command basis. It is not a replacement for the shell. Features include: the ability to restrict...
Accellion Secure File Transfer Appliance - Multiple Command Restriction Privilege Escalations
Accellion Secure File Transfer Appliance - Multiple Command Restriction Privilege Escalations source: https://www.securityfocus.com/bid/38176/info Accellion File Transfer Appliance is prone to multiple remote vulnerabilities, including: - Multiple privilege-escalation issues - A directory-travers...
CVE-2007-4174
Tor before 0.1.2.16, when ControlPort is enabled, does not properly restrict commands to localhost port 9051, which allows remote attackers to modify the torrc configuration file, compromise anonymity, and have other unspecified impact via HTTP POST data containing commands without valid...