The vulnerability of the system administration program Sudo in the Zimbra Collaboration Suite email management system allows a hacker to increase their privileges.

The vulnerability of the system administration program Sudo in the Zimbra Collaboration Suite email management system is related to deficiencies in access control when processing the binary file NGINX. Exploiting this vulnerability can allow attackers to enhance their privileges by loading...

CVE-2022-39245 Mist vulnerable to user providing a Sudo binary for authentication checks

Mist is the command-line interface for the makedeb Package Repository. Prior to version 0.9.5, a user-provided sudo binary via the PATH variable can allow a local user to run arbitrary commands on the user's system with root permissions. Versions 0.9.5 and later contain a patch. No known...

CVE-2022-39245 Mist vulnerable to user providing a Sudo binary for authentication checks

Mist is the command-line interface for the makedeb Package Repository. Prior to version 0.9.5, a user-provided sudo binary via the PATH variable can allow a local user to run arbitrary commands on the user's system with root permissions. Versions 0.9.5 and later contain a patch. No known...

CVE-2022-41347

An issue was discovered in Zimbra Collaboration ZCS 8.8.x and 9.x e.g., 8.8.15. The Sudo configuration permits the zimbra user to execute the NGINX binary as root with arbitrary parameters. As part of its intended functionality, NGINX can load a user-defined configuration file, which includes...

CVE-2022-41347

An issue was discovered in Zimbra Collaboration ZCS 8.8.x and 9.x e.g., 8.8.15. The Sudo configuration permits the zimbra user to execute the NGINX binary as root with arbitrary parameters. As part of its intended functionality, NGINX can load a user-defined configuration file, which includes...

Default configuration

An issue was discovered in Zimbra Collaboration ZCS 8.8.x and 9.x e.g., 8.8.15. The Sudo configuration permits the zimbra user to execute the NGINX binary as root with arbitrary parameters. As part of its intended functionality, NGINX can load a user-defined configuration file, which includes...

CVE-2022-41347

An issue was discovered in Zimbra Collaboration ZCS 8.8.x and 9.x e.g., 8.8.15. The Sudo configuration permits the zimbra user to execute the NGINX binary as root with arbitrary parameters. As part of its intended functionality, NGINX can load a user-defined configuration file, which includes...

CVE-2022-41347

An issue was discovered in Zimbra Collaboration ZCS 8.8.x and 9.x e.g., 8.8.15. The Sudo configuration permits the zimbra user to execute the NGINX binary as root with arbitrary parameters. As part of its intended functionality, NGINX can load a user-defined configuration file, which includes...

CVE-2022-41347

CVE-2022-41347 affects Zimbra Collaboration Suite (ZCS) 8.8.x and 9.x (e.g., 8.8.15). The issue arises from a sudo configuration that allows the zimbra user to execute the NGINX binary as root with arbitrary parameters. Since NGINX can load a user-defined configuration file that loads plugins as ...

PT-2022-24838 · Mist · Mist

Name of the Vulnerable Software and Affected Versions: Mist versions prior to 0.9.5 Description: Mist is the command-line interface for the makedeb Package Repository. A user-provided sudo binary via the PATH variable can allow a local user to run arbitrary commands on the user's system with root...

Apple Mac OS X Security Update (HT212177, Baron Samedit)

Apple Mac OS X is prone is prone to a heap-based buffer overflow vulnerability in sudo dubbed SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Hitachi Energy TXpert Hub CoreTec 4 Sudo Vulnerability

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Hitachi Energy Equipment: TXpert Hub CoreTec 4 Vulnerability: Off-by-one Error 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to take control of the system node and its information...

OESA-2022-1904 sudo security update

Sudo is a program designed to allow a sysadmin to give limited root privileges to users and log root activity. The basic philosophy is to give as few privileges as possible but still allow people to get their work done. Security Fixes: Protobuf-c v1.4.0 was discovered to contain an invalid...

CVE-2022-40297

UBports Ubuntu Touch 16.04 allows the screen-unlock passcode to be used for a privileged shell via Sudo. This passcode is only four digits, far below typical length/complexity for a user account's password. NOTE: a third party states "The described attack cannot be executed as demonstrated...

CVE-2022-40297

UBports Ubuntu Touch 16.04 allows the screen-unlock passcode to be used for a privileged shell via Sudo. This passcode is only four digits, far below typical length/complexity for a user account's password. NOTE: a third party states "The described attack cannot be executed as demonstrated...

Design/Logic Flaw

DISPUTED UBports Ubuntu Touch 16.04 allows the screen-unlock passcode to be used for a privileged shell via Sudo. This passcode is only four digits, far below typical length/complexity for a user account's password. NOTE: a third party states "The described attack cannot be executed as...

CVE-2022-40297

UBports Ubuntu Touch 16.04 is affected by CVE-2022-40297 where the screen-unlock 4-digit passcode is usable as the sudo password, enabling privilege escalation to a privileged shell. The root cause described across sources is that a four-digit screen unlock code can be exploited to gain root via ...

CVE-2022-40297

UBports Ubuntu Touch 16.04 allows the screen-unlock passcode to be used for a privileged shell via Sudo. This passcode is only four digits, far below typical length/complexity for a user account's password. NOTE: a third party states "The described attack cannot be executed as demonstrated...

OESA-2022-1892 sudo security update

Sudo is a program designed to allow a sysadmin to give limited root privileges to users and log root activity. The basic philosophy is to give as few privileges as possible but still allow people to get their work done. Security Fixes: zlib through 1.2.12 has a heap-based buffer over-read or buff...

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.19.1.5)

The version of AOS installed on the remote host is prior to 5.19.1.5. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-5.19.1.5 advisory. - Perl before 5.30.3 has an integer overflow related to mishandling of a PLregkindOPn == NOTHING situation. A crafted regul...