Mac OS X libxpc MITM Privilege Escalation

This module exploits a vulnerablity in libxpc on macOS 'Mac OS X libxpc MITM Privilege Escalation', 'Description' = %q This module exploits a vulnerablity in libxpc on macOS = 10.13.3 The tasksetspecialport API allows callers to overwrite their bootstrap port, which is used to communicate with...

sssd security, bug fix, and enhancement update

1.16.2-13 - Resolves: rhbz1593756 - sssd needs to require a newer version of libtalloc and libtevent to avoid an issue in GPO processing 1.16.2-12 - Resolves: rhbz1610667 - sssdssh leaks file descriptors when more than one certificate is converted into an SSH key - Resolves: rhbz1583360 - The IPA...

sssd: information leak from the sssd-sudo responder

The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD utilizes too broad of a set of permissions. Any user who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user...

openSUSE: Security Advisory for sssd (openSUSE-SU-2018:2289-1)

The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Unspecified Vulnerability in Oracle Sun Systems Products Suite Solaris (CNVD-2019-30952)

Oracle Sun Systems Products Suite is a suite of Sun systems products from Oracle Corporation, of which Solaris is one of the computer operating system components. A security vulnerability exists in the Sudo subcomponent of the Solaris component of the Oracle Sun Systems Products Suite, version...

Oracle Solaris Critical Patch Update : oct2018_SRU11_4_0_0_0

This Solaris system is missing necessary patches to address critical security updates : - Vulnerability in the Solaris component of Oracle Sun Systems Products Suite subcomponent: Remote Administration Daemon RAD. The supported version that is affected is 11.3. Easily exploitable vulnerability...

CVE-2018-3263

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite subcomponent: Sudo. The supported version that is affected is 11.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Solaris. Successful attacks o...

Code injection

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite subcomponent: Sudo. The supported version that is affected is 11.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Solaris. Successful attacks o...

CVE-2018-3263

CVE-2018-3263 affects Oracle Solaris 11.3 (Solaris component, subcomponent: Sudo). The vulnerability allows an unauthenticated attacker with network access via multiple protocols to read, modify, or delete certain Solaris data and possibly cause a partial denial of service. CVSSv3 base score 5.6 ...

CVE-2018-3263

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite subcomponent: Sudo. The supported version that is affected is 11.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Solaris. Successful attacks o...

CVE-2018-3263

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite subcomponent: Sudo. The supported version that is affected is 11.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Solaris. Successful attacks o...

Updated sssd packages fix security vulnerability

Updated sssd packages fix security vulnerability: The UNIX socket that is used for communication between the sudo utility and the sssd-sudo responder had its permissions set to world-readable and writable, which means that anyone who can send a message using the same raw protocol that sudo and SS...

MGASA-2018-0350 Updated sssd packages fix security vulnerability

Updated sssd packages fix security vulnerability: The UNIX socket that is used for communication between the sudo utility and the sssd-sudo responder had its permissions set to world-readable and writable, which means that anyone who can send a message using the same raw protocol that sudo and SS...

CVE-2018-15359

An authenticated attacker with low privileges can use insecure sudo configuration to expand attack surface in Eltex ESP-200 firmware version 1.2.0...

Default configuration

An authenticated attacker with low privileges can use insecure sudo configuration to expand attack surface in Eltex ESP-200 firmware version 1.2.0...

CVE-2018-15359

An authenticated attacker with low privileges can use insecure sudo configuration to expand attack surface in Eltex ESP-200 firmware version 1.2.0...

CVE-2018-15359

An authenticated attacker with low privileges can use insecure sudo configuration to expand attack surface in Eltex ESP-200 firmware version 1.2.0...

CVE-2018-15359

The CVE affects Eltex ESP-200 firmware version 1.2.0. An authenticated attacker with low privileges can exploit an insecure sudo configuration to expand the attack surface. The issue is tied to how sudo is configured on the device, enabling elevated access or broader control than intended. Offici...

PT-2018-12993 · Eltex · Eltex Esp-200 +1

Name of the Vulnerable Software and Affected Versions: Eltex ESP-200 firmware version 1.2.0 Description: The issue allows an authenticated attacker with low privileges to expand the attack surface due to an insecure sudo configuration. Recommendations: For Eltex ESP-200 firmware version 1.2.0,...

Photon OS 1.0: Bindutils / Krb5 / Ruby / Sudo / Zlib PHSA-2017-0021 (deprecated)

An update of zlib,bindutils,ruby,krb5,sudo packages for PhotonOS has been released. C Tenable Network Security, Inc. @DEPRECATED@ Disabled on 2/7/2019 The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2017-0021. The text itself is copyright C...