CVE-2021-43043

An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The apache user could read arbitrary files such as /etc/shadow by abusing an insecure Sudo rule...

Design/Logic Flaw

An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The apache user could read arbitrary files such as /etc/shadow by abusing an insecure Sudo rule...

PT-2021-23732 · Kaseya +1 · Kaseya Unitrends Backup Appliance +1

Name of the Vulnerable Software and Affected Versions: Kaseya Unitrends Backup Appliance versions prior to 10.5.5 Description: An issue was discovered in the software where the apache user could read arbitrary files, such as /etc/shadow, by abusing an insecure Sudo rule. Recommendations: For...

CVE-2021-43043

An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The apache user could read arbitrary files such as /etc/shadow by abusing an insecure Sudo rule...

Johnson Controls CEM Systems AC2000

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Controlled Electronic Management Systems, Ltd., a subsidiary of Johnson Controls, Inc. Equipment: CEM Systems AC2000 Vulnerability: Off-by-one Error 2. RISK EVALUATION Successful exploitation of this vulnerability could...

Exploit for Off-by-one Error in Sudo_Project Sudo

Based on the provided context and code, here is a summary of the analysis: Classification: Exploit module/toolkit targeting a vulnerability in a specific product/service framework. Primary vulnerability: CVE-2021-3156, a heap-based buffer overflow in sudo. Target product/service: sudo, a Unix...

VulnCheck KEV: CVE-2016-3643

SolarWinds Virtualization Manager allows for privilege escalation through leveraging a misconfiguration of sudo...

SolarWinds Virtualization Manager Privilege Escalation Vulnerability

SolarWinds Virtualization Manager allows for privilege escalation through leveraging a misconfiguration of sudo...

sudo bug fix and enhancement update

The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Bug Fixes and Enhancements: Request to backport...

sudo bug fix and enhancement update

An update is available for sudo. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The sudo packages contain the sudo utility which allows system administrators to...

EulerOS 2.0 SP8 : sssd (EulerOS-SA-2021-2646)

According to the versions of the sssd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs- fetch and cache-expire subcommands. Thi...

CVE-2021-40348

Spacewalk 2.10, and derivatives such as Uyuni 2021.08, allows code injection. rhn-config-satellite.pl doesn't sanitize the configuration filename used to append Spacewalk-specific key-value pair. The script is intended to be run by the tomcat user account with Sudo, according to the installation...

CVE-2021-40348

Spacewalk 2.10, and derivatives such as Uyuni 2021.08, allows code injection. rhn-config-satellite.pl doesn't sanitize the configuration filename used to append Spacewalk-specific key-value pair. The script is intended to be run by the tomcat user account with Sudo, according to the installation...

Code injection

Spacewalk 2.10, and derivatives such as Uyuni 2021.08, allows code injection. rhn-config-satellite.pl doesn't sanitize the configuration filename used to append Spacewalk-specific key-value pair. The script is intended to be run by the tomcat user account with Sudo, according to the installation...

CVE-2021-40348

Spacewalk 2.10, and derivatives such as Uyuni 2021.08, allows code injection. rhn-config-satellite.pl doesn't sanitize the configuration filename used to append Spacewalk-specific key-value pair. The script is intended to be run by the tomcat user account with Sudo, according to the installation...

NewStart CGSL CORE 5.04 / MAIN 5.04 : sudo Multiple Vulnerabilities (NS-SA-2021-0101)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has sudo packages installed that are affected by multiple vulnerabilities: - A certain Fedora patch for parse.c in sudo before 1.7.4p5-1.fc14 on Fedora 14 does not properly interpret a system group aka %group in the sudoers fil...

NewStart CGSL MAIN 6.02 : sudo Multiple Vulnerabilities (NS-SA-2021-0120)

The remote NewStart CGSL host, running version MAIN 6.02, has sudo packages installed that are affected by multiple vulnerabilities: - A certain Fedora patch for parse.c in sudo before 1.7.4p5-1.fc14 on Fedora 14 does not properly interpret a system group aka %group in the sudoers file during...

NewStart CGSL CORE 5.05 / MAIN 5.05 : sudo Vulnerability (NS-SA-2021-0178)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has sudo packages installed that are affected by a vulnerability: - Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via sudoedit -s and...

PT-2021-7417 · Zimbra +1 · Zimbra Collaboration +1

Name of the Vulnerable Software and Affected Versions: Zimbra Collaboration ZCS versions 8.8.x through 9.x Description: An issue was discovered in Zimbra Collaboration, related to the Sudo configuration, which permits the zimbra user to execute the NGINX binary as root with arbitrary parameters...

CLSA-2021-1634925704 Fixed CVE-2021-23240 in sudo

sudo-1.8.6p3-CVE-2021-23240-2.patch: fixed issue with credentials management in sudoedit - sudo-1.8.6p3-CVE-2021-23240-3.patch: fixed issue with origin file removal in sesh...