4723 matches found
Traceroute 2.1.2 Privilege Escalation
Description: In Traceroute 2.0.12 through to 2.1.2 fixed in 2.1.3, the wrapper scripts mishandle shell metacharacters, which can lead to privilege escalation if the wrapper scripts are executed via sudo. The affected wrapper scripts are: tcptraceroute, tracepath, traceproto and traceroute-nanog...
CVE-2023-42465 affecting package sudo for versions less than 1.9.15p5-1
CVE-2023-42465 affecting package sudo for versions less than 1.9.15p5-1. An upgraded version of the package is available that resolves this issue...
Ansible Playbook Error Message File Reader
This module will read the first line of a file based on an error message from ansible-playbook with sudo privileges. ansible-playbook takes a yaml file as input, and if there is an error, such as a non-yaml file, it outputs the line where the error occurs. This can be exploited to read the first...
Moderate: Red Hat Security Advisory: Red Hat OpenStack Platform 17.1 (openstack-tripleo-common) security update
An update for openstack-tripleo-common is now available for Red Hat OpenStack Platform 17.1 Wallaby. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...
Moderate: Red Hat Security Advisory: Red Hat OpenStack Platform 17.1 (openstack-tripleo-common) security update
An update for openstack-tripleo-common is now available for Red Hat OpenStack Platform 17.1 Wallaby. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...
Important Photon OS Security Update - PHSA-2024-3.0-0713
Updates of 'linux-aws', 'linux-rt', 'linux-esx', 'linux-secure', 'nss', 'sudo', 'linux' packages of Photon OS have been released...
EulerOS 2.0 SP11 : sudo (EulerOS-SA-2023-2712)
According to the versions of the sudo package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Sudo before 1.9.13 does not escape control characters in log messages. CVE-2023-28486 - Sudo before 1.9.13 does not escape control characters in...
EulerOS Virtualization 3.0.6.6 : dmidecode (EulerOS-SA-2023-3396)
According to the versions of the dmidecode package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of...
EulerOS Virtualization 2.11.0 : sudo (EulerOS-SA-2023-2775)
According to the versions of the sudo package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Sudo before 1.9.13 does not escape control characters in log messages. CVE-2023-28486 - Sudo before 1.9.13 does not escape control...
EulerOS Virtualization 2.11.1 : sudo (EulerOS-SA-2023-2744)
According to the versions of the sudo package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Sudo before 1.9.13 does not escape control characters in log messages. CVE-2023-28486 - Sudo before 1.9.13 does not escape control...
EulerOS Virtualization 2.11.0 : dmidecode (EulerOS-SA-2023-2751)
According to the versions of the dmidecode package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of...
EulerOS 2.0 SP11 : sudo (EulerOS-SA-2023-2670)
According to the versions of the sudo package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Sudo before 1.9.13 does not escape control characters in log messages. CVE-2023-28486 - Sudo before 1.9.13 does not escape control characters in...
OESA-2024-1071 sudo security update
Sudo is a program designed to allow a sysadmin to give limited root privileges to users and log root activity. The basic philosophy is to give as few privileges as possible but still allow people to get their work done. Security Fixes: Sudo before 1.9.15 might allow row hammer attacks for...
CVE-2023-44120
A vulnerability has been identified in Spectrum Power 7 All versions V23Q4. The affected product's sudo configuration permits the local administrative account to execute several entries as root user. This could allow an authenticated local attacker to inject arbitrary code and gain root access...
CVE-2023-44120
A vulnerability has been identified in Spectrum Power 7 All versions V23Q4. The affected product's sudo configuration permits the local administrative account to execute several entries as root user. This could allow an authenticated local attacker to inject arbitrary code and gain root access...
Advisory ROSA-SA-2024-2321
software: libxml2 2.9.14 OS: ROSA-CHROME packageevrstring: libxml2-2.9.14-4.src.rpm CVE-ID: CVE-2023-28484 BDU-ID: 2023-03298 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the xmlSchemaFixupComplexType xmlschemas.c function of the Libxml2 library is related to null pointer dereferencing...
Medium: dmidecode
Issue Overview: Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible. CVE-2023-30630 Affected Packages: dmidecode Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Vis...
Important Photon OS Security Update - PHSA-2024-4.0-0539
Updates of 'sudo', 'openresty' packages of Photon OS have been released...
Important Photon OS Security Update - PHSA-2024-5.0-0185
Updates of 'squid', 'sudo', 'openresty' packages of Photon OS have been released...
Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value) and because the values do not resist flips of a single bit.
...