Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

4723 matches found

OSV
OSVadded 2018/08/10 7:29 p.m.2 views

CVE-2018-13341

Crestron TSW-X60 all versions prior to 2.001.0037.001 and MC3 all versions prior to 1.502.0047.00, The passwords for special sudo accounts may be calculated using information accessible to those with regular user privileges. Attackers could decipher these passwords, which may allow them to execut...

8.8CVSS5.8AI score
Exploits0References2
Cvelist
Cvelistadded 2018/08/10 7:0 p.m.34 views

CVE-2018-13341

Crestron TSW-X60 all versions prior to 2.001.0037.001 and MC3 all versions prior to 1.502.0047.00, The passwords for special sudo accounts may be calculated using information accessible to those with regular user privileges. Attackers could decipher these passwords, which may allow them to execut...

8.8AI score0.03603EPSS
Exploits0References2
OPENSUSE Linux
OPENSUSE Linuxadded 2018/08/10 3:11 a.m.62 views

Security update for sssd (moderate)

This update for sssd fixes the following security issue: - CVE-2018-10852: Set stricter permissions on /var/lib/sss/pipes/sudo to prevent the disclosure of sudo rules for arbitrary users bsc1098377. This update was imported from the SUSE:SLE-15:Update update project...

3.6AI score0.01519EPSS
Exploits0References2
Tenable Nessus
Tenable Nessusadded 2018/08/10 12:0 a.m.29 views

openSUSE Security Update : sssd (openSUSE-2018-847)

This update for sssd fixes the following security issue : - CVE-2018-10852: Set stricter permissions on /var/lib/sss/pipes/sudo to prevent the disclosure of sudo rules for arbitrary users bsc1098377. This update was imported from the SUSE:SLE-15:Update update project. %NASLMINLEVEL 70300 C Tenabl...

7.5CVSS6.5AI score0.01519EPSS
Exploits0References3
OSV
OSVadded 2018/07/30 4:11 p.m.5 views

SUSE-SU-2018:2144-1 Security update for sssd

This update for sssd fixes the following security issue: - CVE-2018-10852: Set stricter permissions on /var/lib/sss/pipes/sudo to prevent the disclosure of sudo rules for arbitrary users bsc1098377...

7.5CVSS7.5AI score0.01519EPSS
Exploits0References4
exploitpack
exploitpackadded 2018/07/27 12:0 a.m.58 views

SoftNAS Cloud 4.0.3 - OS Command Injection

SoftNAS Cloud 4.0.3 - OS Command Injection Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ SoftNAS Cloud OS Command Injection 1. Advisory Information Title: SoftNAS Cloud OS Command Injection Advisory ID: CORE-2018-0009 Advisory URL:...

10CVSS0.89575EPSS
Exploits5
OpenVAS
OpenVASadded 2018/07/16 12:0 a.m.27 views

Debian: Security Advisory (DLA-1429-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.7AI score0.01519EPSS
Exploits0References3
Veeam
Veeamadded 2018/07/02 12:0 a.m.48 views

Granular sudo Permissions for Management of Veeam Agent for Linux Deployments

More Secure Alternative Starting in Veeam Backup & Replication v12.1, it is now possible to deploy Veeam Agent for Linux using pre-installed Veeam Deployer Service and add that machine to a Protection Group using certificate-based authentication instead of credentials. Using this method, no...

7.1AI score
Exploits0Affected Software2
Exploit DB
Exploit DBadded 2018/07/02 12:0 a.m.87 views

Nagios XI 5.2.6-5.4.12 - Chained Remote Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Nagios XI Chained Remote Code Execution', 'Description' = %q This module exploits a few different vulnerabilities in Nagios XI 5.2.6-5.4.12 to ga...

7.4AI score
Exploits0
CNVD
CNVDadded 2018/06/28 12:0 a.m.1 views

SSSD Information Disclosure Vulnerability

SSSD is a daemon for managing access to remote directories and authentication mechanisms. A security vulnerability exists in SSSD that stems from the program's failure to restrict the privileges of the UNIX pipe. An attacker can exploit the vulnerability by sending a message to read sudo rules...

7.5CVSS6.3AI score0.01519EPSS
Exploits0References1
OSV
OSVadded 2018/06/26 2:29 p.m.5 views

CVE-2018-10852

The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. This affects versions of SSSD befor...

7.5CVSS7.3AI score0.01519EPSS
Exploits0References4
OSV
OSVadded 2018/06/26 2:29 p.m.2 views

DEBIAN-CVE-2018-10852

The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. This affects versions of SSSD befor...

7.5CVSS6.1AI score0.01519EPSS
Exploits0References1
NVD
NVDadded 2018/06/26 2:29 p.m.17 views

CVE-2018-10852

The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. This affects versions of SSSD befor...

7.5CVSS5.5AI score0.01519EPSS
Exploits0References4
Prion
Prionadded 2018/06/26 2:29 p.m.18 views

Code injection

The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. This affects versions of SSSD befor...

5CVSS7.3AI score0.01519EPSS
Exploits0References4Affected Software5
UbuntuCve
UbuntuCveadded 2018/06/26 2:29 p.m.22 views

CVE-2018-10852

The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. This affects versions of SSSD befor...

7.5CVSS6.8AI score0.01519EPSS
Exploits0References3
OSV
OSVadded 2018/06/26 2:29 p.m.1 views

UBUNTU-CVE-2018-10852

The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. This affects versions of SSSD befor...

7.5CVSS6.7AI score0.01519EPSS
Exploits0References4
Cvelist
Cvelistadded 2018/06/26 2:0 p.m.15 views

CVE-2018-10852

The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. This affects versions of SSSD befor...

3.8CVSS6.1AI score0.01519EPSS
Exploits0References4
CVE
CVEadded 2018/06/26 2:0 p.m.422 views

CVE-2018-10852

CVE-2018-10852 describes an information-leak vulnerability in the sssd-sudo responder. The UNIX pipe used by sudo to contact SSSD and read available sudo rules from SSSD has overly broad permissions, allowing a user who can communicate over the same raw protocol to read the sudo rules for any use...

7.5CVSS6AI score0.01519EPSS
Exploits0References4Affected Software1
Debian CVE
Debian CVEadded 2018/06/26 2:0 p.m.18 views

CVE-2018-10852

The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. This affects versions of SSSD befor...

7.5CVSS6AI score0.01519EPSS
Exploits0
RedhatCVE
RedhatCVEadded 2018/06/26 3:18 a.m.32 views

CVE-2018-10852

The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD utilizes too broad of a set of permissions. Any user who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user...

7.5CVSS0.8AI score0.01519EPSS
Exploits0References2
Rows per page
Query Builder