Cisco ThousandEyes Enterprise Agent Virtual Appliance Privilege Escalation

KL-001-2023-002: Cisco ThousandEyes Enterprise Agent Virtual Appliance Privilege Escalation via tcpdump Title: Cisco ThousandEyes Enterprise Agent Virtual Appliance Privilege Escalation via tcpdump Advisory ID: KL-001-2023-002 Publication Date: 2023.08.17 Publication URL:...

Cisco ThousandEyes Enterprise Agent Virtual Appliance Arbitrary File Read

KL-001-2023-001: Cisco ThousandEyes Enterprise Agent Virtual Appliance Arbitrary File Read via sudo dig Title: Cisco ThousandEyes Enterprise Agent Virtual Appliance Arbitrary File Read via sudo dig Advisory ID: KL-001-2023-001 Publication Date: 2023.08.17 Publication URL:...

Cisco ThousandEyes Enterprise Agent Virtual Appliance Arbitrary File Modification via sudoedit

Vulnerability Details Affected Vendor: ThousandEyes Affected Product: ThousandEyes Enterprise Agent Virtual Appliance Affected Version: thousandeyes-va-64-18.04 0.218 Platform: Linux / Ubuntu 18.04 CWE Classification: CWE-1395: Dependency on Vulnerable Third-Party Component CVE ID:...

VulnCheck KEV: CVE-2017-1000367

Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation embedded spaces in the getprocessttyname function resulting in information disclosure and command execution...

Cisco ThousandEyes Enterprise Agent Virtual Appliance Privilege Escalation via tcpdump

Vulnerability Details Affected Vendor: ThousandEyes Affected Product: ThousandEyes Enterprise Agent Virtual Appliance Affected Version: thousandeyes-va-64-18.04 0.218 Platform: Linux / Ubuntu 18.04 CWE Classification: CWE-1395: Dependency on Vulnerable Third-Party Component CVE ID:...

Cisco ThousandEyes Enterprise Agent Virtual Appliance Arbitrary File Read via sudo dig

Vulnerability Details Affected Vendor: ThousandEyes Affected Product: ThousandEyes Enterprise Agent Virtual Appliance Affected Version: thousandeyes-va-64-18.04 0.218 Platform: Linux / Ubuntu 18.04 CWE Classification: CWE-1395: Dependency on Vulnerable Third-Party Component, CWE-1220:...

CVE-2023-20217

A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent, Virtual Appliance installation type, could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient input validation by the operating system CLI. An attacker cou...

Advisory ROSA-SA-2023-2216

software: subversion 1.14.2 OS: ROSA-CHROME packageevrstring: subversion-1.14.2-1.src.rpm CVE-ID: CVE-2020-17525 BDU-ID: 2022-00306 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the modauthzsvn module of the Subversion centralized version control system is related to incorrect handling of reques...

Local File Inclusion (LFI)

dmidecode is vulnerable to local file inclusion LFI attacks. The vulnerability exists because the library enables -dump-bin to overwrite a local file, which allows execution of Dmidecode via Sudo...

Exploit for Improper Privilege Management in Sudo_Project Sudo

CVE-2023-22809 CVE-2023-22809 is a critical vulnerability...

Moderate Photon OS Security Update - PHSA-2023-4.0-0446

Updates of 'sudo' packages of Photon OS have been released...

Moderate Photon OS Security Update - PHSA-2023-3.0-0627

Updates of 'sudo' packages of Photon OS have been released...

EulerOS Virtualization 2.10.0 : dmidecode (EulerOS-SA-2023-2557)

According to the versions of the dmidecode package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of...

Advisory ROSA-SA-2023-2208

software: kernel-6.1 6.1.38 OS: ROSA-CHROME packageevrstring: kernel-6.1.1-generic-6.1.38-1.src.rpm CVE-ID: CVE-2023-38431 BDU-ID: 2023-03952 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the ksmbdconnhandlerloop function in the fs/smb/server/connection.c module of the KSMBD file system of the...

Huawei EulerOS: Security Advisory for dmidecode (EulerOS-SA-2023-2511)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for sudo (EulerOS-SA-2023-2494)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for sudo (EulerOS-SA-2023-2469)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE CVE-2022-38060

A privilege escalation vulnerability exists in the sudo functionality of OpenStack Kolla git master 05194e7618. A misconfiguration in /etc/sudoers within a container can lead to increased privileges...

EulerOS Virtualization 2.10.0 : systemd (EulerOS-SA-2023-2495)

According to the versions of the systemd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - systemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers...

EulerOS Virtualization 2.10.1 : systemd (EulerOS-SA-2023-2470)

According to the versions of the systemd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - systemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers...