RLSA-2026:19067 Important: sudo security update

The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fixes: sudo: Sudo: Privilege escalation due to failu...

TencentOS Server 2: sudo (TSSA-2026:0298)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0298 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:...

CBL Mariner 2.0 Security Update: CBL-Mariner Releases (CVE-2026-35535)

The version of CBL-Mariner Releases installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2026-35535 advisory. - In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call,...

Azure Linux 3.0 Security Update: CBL-Mariner Releases (CVE-2026-35535)

The version of CBL-Mariner Releases installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2026-35535 advisory. - In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call,...

CVE-2026-35535

In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not a fatal error and can lead to privilege escalation...

EUVD-2025-7398

Malicious code in bioql PyPI...

Exploit for Inclusion of Functionality from Untrusted Control Sphere in Sudo_Project Sudo

CVE-2025-32463chwoot English documenthttps://github.com/Yu...

Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-20230302.103068)

The version of AHV installed on the remote host is prior to 20230302.103068. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-20230302.103068 advisory. - The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17,...

Exploit for Inclusion of Functionality from Untrusted Control Sphere in Sudo_Project Sudo

CVE-2025-32463 Exploit Tool This repository contains a Go-bas...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.12.79 bug fix and security update

Red Hat OpenShift Container Platform release 4.12.79 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a...

sudo: LPE via host option

A privilege escalation vulnerability was found in Sudo. In certain configurations, unauthorized users can gain elevated system privileges via the Sudo host option -h or --host. When using the default sudo security policy plugin sudoers, the host option is intended to be used in conjunction with t...

sudo: LPE via host option

A privilege escalation vulnerability was found in Sudo. In certain configurations, unauthorized users can gain elevated system privileges via the Sudo host option -h or --host. When using the default sudo security policy plugin sudoers, the host option is intended to be used in conjunction with t...

DEBIAN-CVE-2025-32463

Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option...

CVE-2024-29967

In Brocade SANnav before Brocade SANnav v2.31 and v2.3.0a, it was observed that Docker instances inside the appliance have insecure mount points, allowing reading and writing access to sensitive files. The vulnerability could allow a sudo privileged user on the host OS to read and write access to...

CVE-2025-46718 sudo-rs Allows Low Privilege Users to Enumerate Privileges of Others

sudo-rs is a memory safe implementation of sudo and su written in Rust. Prior to version 0.2.6, users with limited sudo privileges e.g. execution of a single command can list sudo privileges of other users using the -U flag. This vulnerability allows users with limited sudo privileges to enumerat...

CVE-2025-1425

A Sudo privilege misconfiguration vulnerability in PocketBook InkPad Color 3 on Linux, ARM allows attackers to read file contents on the device.This issue affects InkPad Color 3: U743k3.6.8.3671...

CVE-2025-1425

The CVE-2025-1425 case concerns a sudo privilege misconfiguration in PocketBook InkPad Color 3 (Linux, ARM; affected build U743k3.6.8.3671). The issue enables an attacker to read file contents on the device due to improper sudo permissions. Documented impacts are confined to confidentiality expos...

CVE-2025-1425 File Read Through Improper Sudo Privilege Management

A Sudo privilege misconfiguration vulnerability in PocketBook InkPad Color 3 on Linux, ARM allows attackers to read file contents on the device.This issue affects InkPad Color 3: U743k3.6.8.3671...

za-internet C-MOR Video Surveillance 安全漏洞

za-internet C-MOR Video Surveillance is a network video surveillance system from the German company za-internet. A security vulnerability exists in za-internet C-MOR Video Surveillance version 5.2401, which stems from improper privilege management of the sudo privilege...

Progress Flowmon Local sudo privilege escalation

This module abuses a feature of the sudo command on Progress Flowmon. Certain binary files are allowed to automatically elevate with the sudo command. This is based off of the file name. This includes executing a PHP command with a specific file name. If the file is overwritten with PHP code it c...