Optergy Proton And Enterprise BMS 2.0.3a Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Optergy Proton and Enterprise BMS Command Injection using a backdoor', 'Description' = %q This module exploits an undocumented backdoor...

CBL Mariner 2.0 Security Update: sudo (CVE-2023-27320)

The version of sudo installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-27320 advisory. - Sudo before 1.9.13p2 has a double free in the per-command chroot feature. CVE-2023-27320 Note that Nessus has...

CVE-2023-27320 affecting package sudo for versions less than 1.9.13p3-1

CVE-2023-27320 affecting package sudo for versions less than 1.9.13p3-1. An upgraded version of the package is available that resolves this issue...

Information Disclosure

sudo is vulnerable to Information Disclosure. The vulnerability exists due to the library does not properly escape the control characters in sudoreplay output of log messages, which allows an attacker to gain sensitive information...

Information Disclosure

sudo is vulnerable to Information Disclosure. The vulnerability exists due to the library does not properly escape the control characters in log messages, which allows an attacker to gain sensitive information...

Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-20220304.10019)

The version of AHV installed on the remote host is prior to 20220304.10019. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-20220304.10019 advisory. - BIND 9.11.0 - 9.11.36 9.12.0 - 9.16.26 9.17.0 - 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 - 9.11.36-S...

Amazon Linux 2023 : sudo, sudo-devel, sudo-logsrvd (ALAS2023-2023-135)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-135 advisory. Sudo before 1.9.13 does not escape control characters in log messages. CVE-2023-28486 Sudo before 1.9.13 does not escape control characters in sudoreplay output. CVE-2023-28487 Tenable has...

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.5.2.6)

The version of AOS installed on the remote host is prior to 6.5.2.6. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.5.2.6 advisory. - BIND 9.11.0 - 9.11.36 9.12.0 - 9.16.26 9.17.0 - 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 - 9.11.36-S1 9.16.8-S1 -...

USN-5908-1: Sudo vulnerability | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description It was discovered that Sudo incorrectly handled the per-command chroot feature. In certain environments where Sudo is configured with a rule that contains a CHROOT setting, a local attacker could use this...

Sudo before 1.9.13 does not escape control characters in log messages.

...

Sudo before 1.9.13 does not escape control characters in sudoreplay output.

...

Important: sudo

Issue Overview: Sudo 1.8.0 through 1.9.12, with the crypt password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven...

Important: sudo

Issue Overview: Sudo before 1.9.13p2 has a double free in the per-command chroot feature. CVE-2023-27320 Affected Packages: sudo Issue Correction: Run dnf update sudo --releasever 2023.0.20230322 or dnf update --advisory ALAS2023-2023-133 --releasever 2023.0.20230322 to update your system. More...

Medium: sudo

Issue Overview: Sudo before 1.9.13 does not escape control characters in log messages. CVE-2023-28486 Sudo before 1.9.13 does not escape control characters in sudoreplay output. CVE-2023-28487 Affected Packages: sudo Issue Correction: Run dnf update sudo --releasever 2023.0.20230322 or dnf update...

Amazon Linux 2023 : sudo, sudo-devel, sudo-logsrvd (ALAS2023-2023-106)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-106 advisory. Sudo 1.8.0 through 1.9.12, with the crypt password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be...

Amazon Linux 2023 : sudo, sudo-devel, sudo-logsrvd (ALAS2023-2023-133)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-133 advisory. Sudo before 1.9.13p2 has a double free in the per-command chroot feature. CVE-2023-27320 Tenable has extracted the preceding description block directly from the tested product security advisory. Note th...

CLSA-2023-1679349729 Fix CVE(s): CVE-2023-26604, CVE-2022-3821

SECURITY UPDATE: buffer overrun vulnerability in formattimespan - debian/patches/CVE-2022-3821.patch: fix buffer-over-run - CVE-2022-3821 SECURITY UPDATE: a local privelege escalation for some sudo configs was not blocked adequately - debian/patches/CVE-2023-26604.patch: use only less as a pager...

CBL Mariner 2.0 Security Update: sudo (CVE-2022-43995)

The version of sudo installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-43995 advisory. - Sudo 1.8.0 through 1.9.12, with the crypt password backend, contains a plugins/sudoers/auth/passwd.c...

EulerOS 2.0 SP10 : sudo (EulerOS-SA-2023-1541)

According to the versions of the sudo package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In Sudo before 1.9.12p2, the sudoedit aka -e feature mishandles extra arguments passed in the user- provided environment variables SUDOEDITOR,...

Huawei EulerOS: Security Advisory for sudo (EulerOS-SA-2023-1541)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...