CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1061 matches found

SUSE CVE•added 2023/02/15 3:51 a.m.•1 views

SUSE CVE-2020-28924

An issue was discovered in Rclone before 1.53.3. Due to the use of a weak random number generator, the password generator has been producing weak passwords with much less entropy than advertised. The suggested passwords depend deterministically on the time the second rclone was started. This limi...

7.5CVSS7.5AI score0.00352EPSS

Exploits1References7

SUSE CVE•added 2023/02/15 3:22 a.m.•2 views

SUSE CVE-2022-43995

Sudo 1.8.0 through 1.9.12, with the crypt password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer...

7.1CVSS7.1AI score0.00095EPSS

Exploits0References25

Tenable Nessus•added 2023/02/14 12:0 a.m.•29 views

Wago PFC100/200 Web-Based Management Authentication Timing Information Disclosure (CVE-2019-5135)

An exploitable timing discrepancy vulnerability exists in the authentication functionality of the Web-Based Management WBM web application on WAGO PFC100/200 controllers. The WBM application makes use of the PHP crypt function which can be exploited to disclose hashed user credentials. This affec...

5.3CVSS5.8AI score0.00164EPSS

Exploits1References2

NVD•added 2023/01/26 9:18 p.m.•8 views

CVE-2023-24022

Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB devices with firmware through RTS/RTD 3.7.11.3 have hardcoded credentials that are easily discovered and can be used by remote attackers to authenticate via ssh. The credentials are stored in the firmware, encrypted by the crypt function...

10CVSS9.5AI score0.00833EPSS

Exploits0References3

Veracode•added 2023/01/25 8:13 p.m.•21 views

Heap-Based Buffer Over-Read

sudo is vulnerable to Heap-Based Buffer Over-Read. The vulnerability exists in crypt password backend, which contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that may result in a heap-based buffer over-read, that can be triggered by arbitrary local users with access to Sudo by...

7.1CVSS7.1AI score0.00095EPSS

Exploits0References7Affected Software1

OpenVAS•added 2023/01/09 12:0 a.m.•13 views

Huawei EulerOS: Security Advisory for sudo (EulerOS-SA-2023-1113)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.1CVSS7.1AI score0.00095EPSS

Exploits0References2

Tenable Nessus•added 2023/01/06 12:0 a.m.•30 views

EulerOS 2.0 SP9 : sudo (EulerOS-SA-2023-1113)

According to the versions of the sudo package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Sudo 1.8.0 through 1.9.12, with the crypt password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a...

7.1CVSS7.6AI score0.00095EPSS

Exploits0References2

OSV•added 2022/12/08 2:28 a.m.•14 views

GSD-2022-1007724 dm-crypt: provide dma_alignment limit in io_hints

dm-crypt: provide dmaalignment limit in iohints This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.10 by commit...

7.2AI score

Exploits0

Positive Technologies•added 2022/12/08 12:0 a.m.•2 views

PT-2022-35979 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.10 Description: The issue is related to dm-crypt, where the dma alignment limit is not provided in io hints. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux...

7.1AI score

Exploits0References1

Tenable Nessus•added 2022/11/22 12:0 a.m.•26 views

GLSA-202211-08 : sudo: Heap-Based Buffer Overread

The remote host is affected by the vulnerability described in GLSA-202211-08 sudo: Heap-Based Buffer Overread - Sudo 1.8.0 through 1.9.12, with the crypt password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can...

7.1CVSS7.6AI score0.00095EPSS

Exploits0References3

OSV•added 2022/11/11 11:4 a.m.•1 views

OESA-2022-2079 sudo security update

Sudo is a program designed to allow a sysadmin to give limited root privileges to users and log root activity. The basic philosophy is to give as few privileges as possible but still allow people to get their work done. Security Fixes: Sudo 1.8.0 through 1.9.12, with the crypt password backend,...

7.1CVSS7AI score0.00095EPSS

Exploits0References2

Microsoft CVE•added 2022/11/09 8:0 a.m.•2 views

Sudo 1.8.0 through 1.9.12 with the crypt() password backend contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer. The impact could vary depending on the system libraries compiler and processor architecture.

...

7.1CVSS6.6AI score0.00095EPSS

Exploits0

FreeBSD•added 2022/11/07 12:0 a.m.•44 views

sudo -- Potential out-of-bounds write for small passwords

CVE.org reports: Sudo 1.8.0 through 1.9.12, with the crypt password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to sudo by entering a password of seven...

7.1CVSS6.7AI score0.00095EPSS

Exploits0References1