CVE-2020-11069

In TYPO3 CMS 9.0.0 through 9.5.16 and 10.0.0 through 10.4.1, it has been discovered that the backend user interface and install tool are vulnerable to a same-site request forgery. A backend user can be tricked into interacting with a malicious resource an attacker previously managed to upload to...

Cross site request forgery (csrf)

In TYPO3 CMS 9.0.0 through 9.5.16 and 10.0.0 through 10.4.1, it has been discovered that the backend user interface and install tool are vulnerable to a same-site request forgery. A backend user can be tricked into interacting with a malicious resource an attacker previously managed to upload to...

GHSA-PQG8-CRX9-G8M4 Backend Same-Site Request Forgery in TYPO3 CMS

Meta CVSS v3.1: AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C CWE-352 CWE-346 Problem It has been discovered that backend user interface and install tool are vulnerable to same-origin request forgery. A backend user can be tricked into interacting with a malicious resource an attacker...

Backend Same-Site Request Forgery in TYPO3 CMS

Meta CVSS v3.1: AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C CWE-352 CWE-346 Problem It has been discovered that backend user interface and install tool are vulnerable to same-origin request forgery. A backend user can be tricked into interacting with a malicious resource an attacker...

CVE-2020-11069 Cross-Site Request Forgery in TYPO3 CMS

In TYPO3 CMS 9.0.0 through 9.5.16 and 10.0.0 through 10.4.1, it has been discovered that the backend user interface and install tool are vulnerable to a same-site request forgery. A backend user can be tricked into interacting with a malicious resource an attacker previously managed to upload to...

CVE-2020-11108

The Gravity updater in Pi-hole through 4.4 allows an authenticated adversary to upload arbitrary files. This can be abused for Remote Code Execution by writing to a PHP file in the web directory. Also, it can be used in conjunction with the sudo rule for the www-data user to escalate privileges t...

EulerOS Virtualization for ARM 64 3.0.2.0 : sudo (EulerOS-SA-2020-1564)

According to the versions of the sudo package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - In PHP before 5.6.28 and 7.x before 7.0.13, incorrect handling of various URI components in the URL parser could be used ...

Huawei EulerOS: Security Advisory for sudo (EulerOS-SA-2020-1564)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

sudo: attacker with access to a Runas ALL sudoer account can impersonate a nonexistent user

It was found that sudo always allowed commands to be run with unknown user or group ids if the sudo configuration allowed it for example via the "ALL" alias. This could allow sudo to impersonate non-existent account and depending on how applications are configured, could lead to certain restricti...

Moderate: Red Hat Security Advisory: sudo security, bug fix, and enhancement update

An update for sudo is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

sudo: by using ! character in the shadow file instead of a password hash can access to a run as all sudoer account

When an account is disabled via the shadow file, by replacing the password hash with "!", it is not considered disabled by sudo. And depending on the configuration, sudo can be run by using such disabled account...

PT-2021-1695

Name of the Vulnerable Software and Affected Versions Sudo versions prior to 1.9.5p2 Sudo versions 1.8.2 through 1.8.31p2 Sudo versions 1.9.0 through 1.9.5p1 Description The issue is related to a heap-based buffer overflow in the sudo utility, which can be exploited to escalate privileges to root...

Huawei EulerOS: Security Advisory for sudo (EulerOS-SA-2020-1435)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP3 : sudo (EulerOS-SA-2020-1435)

According to the versions of the sudo package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In Sudo through 1.8.29, an attacker with access to a Runas ALL sudoer account can impersonate a nonexistent user by invoking sudo with a numeric ui...

Privilege Escalation

sudo is vulnerable to privilege escalation. A flaw was found in the sudo password checking logic. In configurations where the sudoers settings allowed a user to run a command using sudo with only the group ID changed, sudo failed to prompt for the user's password before running the specified...

Arbitrary Code Execution

sudo is vulnerable to arbitrary code execution. The RHBA-2010:0212 sudo update released as part of Red Hat Enterprise Linux 5.5 added the ability to change the value of the ignoredot option in the "/etc/sudoers" configuration file. This ability introduced a regression in the upstream fix for...

Privilege Escalation

The sudo superuser do utility is vulnerable to Privilege Escalation. A flaw was found in the way sudo handled Runas specifications containing both a user and a group list. If a local user were authorized by the sudoers file to perform their sudo commands with the privileges of a specified user an...

Privilege Escalation

Pluggable Authentication Modules PAM is vulnerable to Privilege Escalation. The attack exists because pamnamespace.c in the pamnamespace module in Linux-PAM uses the environment of the invoking application or service during execution of the namespace.init script, which might allow local users to...

Arbitrary Code Execution

sudo is vulnerable to arbitrary code execution. The vulnerability exists as a flaw was found in the way sudo handled the presence of duplicated environment variables. A local user authorized to run commands using sudo could use this flaw to set additional values for the environment variables set ...

Privilege Escalation

The sudo superuser do is vulnerable to Privilege Escalation. The sudo utility did not properly initialize supplementary groups when the "runasdefault" option in the sudoers file was used. If a local user were authorized by the sudoers file to perform their sudo commands under the account specifie...