Lucene search
K

23 matches found

OpenVAS
OpenVAS
added 2023/03/08 12:0 a.m.16 views

Debian: Security Advisory (DLA-160-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.6CVSS4.3AI score0.0047EPSS
Exploits3References2
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.14 views

SUSE: Security Advisory (SUSE-SU-2014:0475-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.6CVSS4AI score0.00338EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2016/06/22 12:0 a.m.30 views

OracleVM 3.2 : sudo (OVMSA-2016-0079)

The remote OracleVM system is missing necessary patches to address critical security updates : - added patch for CVE-2014-0106: certain environment variables not sanitized when envreset is disabled Resolves: rhbz1072210 - backported fixes for CVE-2013-1775 CVE-2013-1776 CVE-2013-2776 CVE-2013-277...

6.9CVSS6.1AI score0.03202EPSS
Exploits10References6
OpenVAS
OpenVAS
added 2015/10/13 12:0 a.m.15 views

SUSE: Security Advisory for sudo (SUSE-SU-2014:0475-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.6CVSS5.1AI score0.00338EPSS
Exploits2References1
OpenVAS
OpenVAS
added 2015/10/06 12:0 a.m.16 views

Oracle: Security Advisory (ELSA-2014-0266)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.6CVSS3.8AI score0.00338EPSS
Exploits2References2
OpenVAS
OpenVAS
added 2015/09/29 12:0 a.m.23 views

Gentoo Security Advisory GLSA 201406-30

Gentoo Linux Local Security Checks GLSA 201406-30 SPDX-FileCopyrightText: 2015 Eero Volotinen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...

6.6CVSS5AI score0.00338EPSS
Exploits2References1
Debian
Debian
added 2015/02/27 8:8 p.m.27 views

[SECURITY] [DLA 160-1] sudo security update

Package : sudo Version : 1.7.4p4-2.squeeze.5 CVE ID : CVE-2014-0106 CVE-2014-9680 Debian Bug : 772707 This update fixes the CVEs described below. CVE-2014-0106 Todd C. Miller reported that if the envreset option is disabled in the sudoers file, the envdelete option is not correctly applied to...

6.6CVSS6.2AI score0.0047EPSS
Exploits3
OSV
OSV
added 2015/02/27 12:0 a.m.27 views

DLA-160-1 sudo - security update

Bulletin has no description...

6.6CVSS4.4AI score0.0047EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2014/06/28 12:0 a.m.24 views

GLSA-201406-30 : sudo: Privilege escalation

The remote host is affected by the vulnerability described in GLSA-201406-30 sudo: Privilege escalation When the Sudo envreset option is disabled it is enabled by default, certain environment variables are not blacklisted as expected. Impact : A local attacker, authorized to run commands using...

6.6CVSS6.1AI score0.00338EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2014/04/04 12:0 a.m.28 views

SuSE 11.3 Security Update : sudo (SAT Patch Number 9044)

This collective update for sudo provides fixes for the following issues : - Security policy bypass when envreset is disabled. CVE-2014-0106, bnc866503 - Regression in the previous update that causes a segmentation fault when running 'sudo -s'. bnc868444 - Command 'who -m' prints no output when...

6.6CVSS5.4AI score0.00338EPSS
Exploits2References5
securityvulns
securityvulns
added 2014/03/18 12:0 a.m.51 views

[USN-2146-1] Sudo vulnerabilities

========================================================================== Ubuntu Security Notice USN-2146-1 March 13, 2014 sudo vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubun...

6.6CVSS0.5AI score0.00338EPSS
Exploits2
OpenVAS
OpenVAS
added 2014/03/17 12:0 a.m.26 views

Ubuntu: Security Advisory (USN-2146-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.6CVSS3.8AI score0.00338EPSS
Exploits2References3
Ubuntu
Ubuntu
added 2014/03/13 2:16 p.m.42 views

USN-2146-1: Sudo vulnerabilities

Sebastien Macke discovered that Sudo incorrectly filtered environment variables when the envreset option was disabled. A local attacker could use this issue to possibly run unintended commands by using environment variables that were intended to be blocked. In a default Ubuntu installation, the...

6.6CVSS5.5AI score0.00338EPSS
Exploits2References1
OpenVAS
OpenVAS
added 2014/03/12 12:0 a.m.17 views

RedHat Update for sudo RHSA-2014:0266-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.6CVSS3.8AI score0.00338EPSS
Exploits2References2
OpenVAS
OpenVAS
added 2014/03/12 12:0 a.m.24 views

CentOS Update for sudo CESA-2014:0266 centos5

Check for the Version of sudo OpenVAS Vulnerability Test CentOS Update for sudo CESA-2014:0266 centos5 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

6.6CVSS4.3AI score0.00338EPSS
Exploits2References2
OSV
OSV
added 2014/03/11 7:37 p.m.5 views

CVE-2014-0106

Sudo 1.6.9 before 1.8.5, when envreset is disabled, does not properly check environment variables for the envdelete restriction, which allows local users with sudo permissions to bypass intended command restrictions via a crafted environment variable...

3.6AI score
Exploits0References10
CVE
CVE
added 2014/03/11 3:0 p.m.100 views

CVE-2014-0106

CVE-2014-0106 affects Sudo up to version 1.8.5 where env_reset is disabled, and env_delete checks fail to properly sanitize environment variables. This allows local users with sudo permissions to bypass intended command restrictions via crafted environment variables. The vulnerability is tied to ...

6.6CVSS3.8AI score0.00338EPSS
Exploits2References9Affected Software1
Tenable Nessus
Tenable Nessus
added 2014/03/11 12:0 a.m.34 views

CentOS 5 : sudo (CESA-2014:0266)

An updated sudo package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

6.6CVSS5.7AI score0.00338EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2014/03/11 12:0 a.m.18 views

Scientific Linux Security Update : sudo on SL5.x i386/x86_64 (20140310)

A flaw was found in the way sudo handled its blacklist of environment variables. When the 'envreset' option was disabled, a user permitted to run certain commands via sudo could use this flaw to run such a command with one of the blacklisted environment variables set, allowing them to run an...

6.6CVSS5.7AI score0.00338EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2014/03/11 12:0 a.m.35 views

RHEL 5 : sudo (RHSA-2014:0266)

An updated sudo package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

6.6CVSS5.7AI score0.00338EPSS
Exploits2References3
Rows per page
Query Builder