Lucene search
K

90 matches found

Metasploit
Metasploit
added 2024/05/29 7:55 p.m.283 views

Progress Flowmon Local sudo privilege escalation

This module abuses a feature of the sudo command on Progress Flowmon. Certain binary files are allowed to automatically elevate with the sudo command. This is based off of the file name. This includes executing a PHP command with a specific file name. If the file is overwritten with PHP code it c...

10CVSS8.4AI score0.93901EPSS
Exploits7
Positive Technologies
Positive Technologies
added 2024/05/01 12:0 a.m.5 views

PT-2024-13349 · Teledyne Flir · Teledyne Flir M300

Name of the Vulnerable Software and Affected Versions: Teledyne FLIR M300 versions 2.00 through 2.00-19 Description: An issue was discovered in the web server of the affected software, allowing unauthenticated remote code execution. This can be exploited by sending a POST request to the vulnerabl...

9.8CVSS8.1AI score0.00882EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2024/04/28 12:0 a.m.18 views

RHEL 5 : sudo (RHSA-2019:4191)

The remote Redhat Enterprise Linux 5 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2019:4191 advisory. The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged...

9CVSS7.6AI score0.63917EPSS
Exploits10References4
OSV
OSV
added 2024/02/08 3:6 p.m.42 views

GHSA-7C6P-848J-WH5H Composer code execution and possible privilege escalation via compromised InstalledVersions.php or installed.php

Impact Several files within the local working directory are included during the invocation of Composer and in the context of the executing user. As such, under certain conditions arbitrary code execution may lead to local privilege escalation, provide lateral user movement or malicious code...

8.8CVSS8.4AI score0.00273EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/01/16 2:36 p.m.30 views

Moderate: Red Hat Security Advisory: Red Hat OpenStack Platform 17.1 (openstack-tripleo-common) security update

An update for openstack-tripleo-common is now available for Red Hat OpenStack Platform 17.1 Wallaby. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

8.8CVSS7.3AI score0.00211EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2024/01/16 2:33 p.m.35 views

Moderate: Red Hat Security Advisory: Red Hat OpenStack Platform 17.1 (openstack-tripleo-common) security update

An update for openstack-tripleo-common is now available for Red Hat OpenStack Platform 17.1 Wallaby. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

8.8CVSS7.3AI score0.00211EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/01/16 12:0 a.m.17 views

EulerOS Virtualization 2.11.0 : dmidecode (EulerOS-SA-2023-2751)

According to the versions of the dmidecode package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of...

7.1CVSS6.3AI score0.00523EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2023/12/25 2:13 a.m.3 views

SUSE CVE-2023-7090

A flaw was found in sudo in the handling of ipahostname, where ipahostname from /etc/sssd/sssd.conf was not propagated in sudo. Therefore, it leads to privilege mismanagement vulnerability in applications, where client hosts retain privileges even after retracting them...

8.8CVSS6.7AI score0.00687EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/10/18 12:0 a.m.22 views

Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-20220304.10055)

The version of AHV installed on the remote host is prior to 20220304.10055. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-20220304.10055 advisory. - BIND 9.11.0 - 9.11.36 9.12.0 - 9.16.26 9.17.0 - 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 - 9.11.36-S...

8.8CVSS8.6AI score0.55367EPSS
Exploits26References6
Tenable Nessus
Tenable Nessus
added 2023/04/10 12:0 a.m.28 views

Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-20220304.385)

The version of AHV installed on the remote host is prior to 20220304.385. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-20220304.385 advisory. - BIND 9.11.0 - 9.11.36 9.12.0 - 9.16.26 9.17.0 - 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 - 9.11.36-S1...

8.8CVSS8.6AI score0.55367EPSS
Exploits26References6
Tenable Nessus
Tenable Nessus
added 2023/03/23 12:0 a.m.175 views

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.5.2.6)

The version of AOS installed on the remote host is prior to 6.5.2.6. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.5.2.6 advisory. - BIND 9.11.0 - 9.11.36 9.12.0 - 9.16.26 9.17.0 - 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 - 9.11.36-S1 9.16.8-S1 -...

7.8CVSS7.1AI score0.55367EPSS
Exploits20References8
SUSE CVE
SUSE CVE
added 2023/02/15 6:16 a.m.3 views

SUSE CVE-2006-0151

sudo 1.6.8 and other versions does not clear the PYTHONINSPECT environment variable, which allows limited local users to gain privileges via a Python script, a variant of CVE-2005-4158...

7.2CVSS7.1AI score0.00612EPSS
Exploits1References6
SUSE CVE
SUSE CVE
added 2023/02/15 6:11 a.m.7 views

SUSE CVE-2007-3149

sudo, when linked with MIT Kerberos 5 krb5, does not properly check whether a user can currently authenticate to Kerberos, which allows local users to gain privileges, in a manner unintended by the sudo security model, via certain KRB5 environment variable settings. NOTE: another researcher...

7.2CVSS6.8AI score0.00363EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:57 a.m.5 views

SUSE CVE-2010-2956

Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not properly handle use of the -u option in conjunction with the -g option, which allows local users to gain privileges via a command line containing a "-u root" sequence...

6.2CVSS9.3AI score0.00362EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2023/02/06 12:0 a.m.35 views

Amazon Linux AMI : sudo, sudo-devel (ALAS-2023-1682)

It is, therefore, affected by a vulnerability as referenced in the ALAS-2023-1682 advisory. In Sudo before 1.9.12p2, the sudoedit aka -e feature mishandles extra arguments passed in the user- provided environment variables SUDOEDITOR, VISUAL, and EDITOR, allowing a local attacker to append...

7.8CVSS8.2AI score0.55367EPSS
Exploits20References3
Tenable Nessus
Tenable Nessus
added 2023/01/30 12:0 a.m.391 views

CentOS 7 : sudo (RHSA-2023:0291)

The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:0291 advisory. - In Sudo before 1.9.12p2, the sudoedit aka -e feature mishandles extra arguments passed in the user- provided environment variables SUDOEDITOR, VISUAL, and...

7.8CVSS8.2AI score0.55367EPSS
Exploits20References2
Talos
Talos
added 2022/12/20 12:0 a.m.41 views

OpenStack Kolla sudo privilege escalation vulnerability

Talos Vulnerability Report TALOS-2022-1589 OpenStack Kolla sudo privilege escalation vulnerability December 20, 2022 CVE Number CVE-2022-38060 SUMMARY A privilege escalation vulnerability exists in the sudo functionality of OpenStack Kolla git master 05194e7618. A misconfiguration in /etc/sudoers...

8.8CVSS8.5AI score0.00211EPSS
Exploits0
Huntr
Huntr
added 2022/07/22 6:42 p.m.467 views

Privilege Escalation admin user to root user

Description "admin" user has sudo rights and can gain root access. By default sudo installation "admin" group has root rights. "admin" user created by hestia installation and this user is also in "admin" group. if the attackers access "admin" user, can gain root access. Proof of Concept...

5.8CVSS0.8AI score0.01035EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2021/11/02 12:0 a.m.21 views

EulerOS 2.0 SP8 : sssd (EulerOS-SA-2021-2646)

According to the versions of the sssd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs- fetch and cache-expire subcommands. Thi...

9.3CVSS6.7AI score0.02524EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2021/06/10 12:0 a.m.32 views

OracleVM 3.4 : sudo (OVMSA-2021-0012)

The remote OracleVM system is missing necessary patches to address security updates: - Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via sudoedit -s and a command-line argument that ends with a single...

7.8CVSS7.6AI score0.99295EPSS
Exploits81References3
Rows per page
Query Builder