CVE-2024-45173

An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper privilege management concerning sudo privileges, C-MOR is vulnerable to a privilege escalation attack. The Linux user www-data running the C-MOR web interface can execute some OS commands as root via Sudo...

za-internet C-MOR Video Surveillance 安全漏洞

za-internet C-MOR Video Surveillance is a network video surveillance system from the German company za-internet. A security vulnerability exists in za-internet C-MOR Video Surveillance version 5.2401, which stems from improper privilege management of the sudo privilege...

CVE-2024-45173

The CVE-2024-45173 vulnerability affects za-internet C-MOR Video Surveillance (versions 5.2401 and 6.00PL01 per the various sources). It stems from improper privilege management of sudo privileges, allowing the web interface user (www-data) to execute certain OS commands as root without a root pa...

CVE-2024-45173

An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper privilege management concerning sudo privileges, C-MOR is vulnerable to a privilege escalation attack. The Linux user www-data running the C-MOR web interface can execute some OS commands as root via Sudo...

Exploit for Improper Privilege Management in Sudo_Project Sudo

CVE-2023-22809 Exploiter Scripts Disclaimer This script is pr...

Huawei EulerOS: Security Advisory for sudo (EulerOS-SA-2024-2298)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for dmidecode (EulerOS-SA-2024-2263)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: IBM Storage Ceph is vulnerable to CWE in the RHEL UBI (CVE-2023-28487)

Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. CVE-2023-28487. Vulnerability Details CVEID:CVE-2023-28487 DESCRIPTION: Sudo Project Sudo could allow a remote attacker to obtain...

Clariti Manager – Privilege Escalation Through Sudo

A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. The firmware flaw does not properly implement access controls. The recommendation is to update an impacted device to firmware build 10.12.0.2100 or later. Customers will receive the latest build...

Advisory ROSA-SA-2024-2461

software: grub2 2.06 WASP: ROSA-CHROME packageevrstring: grub2-2.06-20 CVE-ID: CVE-2022-2601 BDU-ID: 2022-06819 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the grubfontconstructglyph function of the Grub2 operating systems loader is related to an operation exceeding buffer boundaries in memory...

Advisory ROSA-SA-2024-2460

software: gnuplot 5.4.10 OS: ROSA-CHROME packageevrstring: gnuplot-5.4.10-1 CVE-ID: CVE-2020-25412 BDU-ID: None CVE-Crit: CRITICAL CVE-DESC.: comline in command.c in gnuplot causes writes outside the memory buffer from strncpy, which may lead to arbitrary code execution. CVE-STATUS: Fixed CVE-REV...

Advisory ROSA-SA-2024-2458

Software: sudo 1.8.29 OS: ROSA Virtualization 2.1 packageevrstring: sudo-1.8.29 CVE-ID: CVE-2022-43995 BDU-ID: 2022-06664 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the implementation of the crypt function of the Sudo system administration program is related to the ability to read outside of...

GHSA-Q623-2J2J-23JJ RaspAP allows an attacker to escalate privileges

RaspAP before 3.1.5 allows an attacker to escalate privileges: the www-data user has write access to the restapi.service file and also possesses Sudo privileges to execute several critical commands without a password...

RaspAP allows an attacker to escalate privileges

RaspAP before 3.1.5 allows an attacker to escalate privileges: the www-data user has write access to the restapi.service file and also possesses Sudo privileges to execute several critical commands without a password...

CVE-2024-41637

RaspAP before 3.1.5 allows an attacker to escalate privileges: the www-data user has write access to the restapi.service file and also possesses Sudo privileges to execute several critical commands without a password...

CVE-2024-41637

RaspAP before 3.1.5 allows an attacker to escalate privileges: the www-data user has write access to the restapi.service file and also possesses Sudo privileges to execute several critical commands without a password...

CVE-2024-41637

RaspAP before 3.1.5 allows an attacker to escalate privileges: the www-data user has write access to the restapi.service file and also possesses Sudo privileges to execute several critical commands without a password...

CVE-2024-41637

RaspAP before 3.1.5 allows an attacker to escalate privileges: the www-data user has write access to the restapi.service file and also possesses Sudo privileges to execute several critical commands without a password...

CVE-2024-41637

CVE-2024-41637 affects the RaspAP project prior to 3.1.5. According to provided sources, the issue arises because the www-data user has write access to the restapi.service file and also possesses sudo privileges to run several critical commands without a password, enabling privilege escalation to...

Photon OS 3.0: Sudo PHSA-2023-3.0-0627

An update of the sudo package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2023-3.0-0627. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...