4723 matches found
Solarwinds LEM 6.3.1 Sudo Privilege Escalation Vulnerability
Due to lax filesystem permissions, an attacker can take control of a hardcoded sudo path in order to execute commands as a privileged user on Solarwinds Log and Event Manager Virtual Appliance version 6.3.1. Solarwinds LEM Privilege Escalation via Controlled Sudo Path Title: Solarwinds LEM...
Code injection
sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access but not view file contents by running a program within an sudo session, as demonstrated by interfering with terminal output,...
CVE-2014-9680
sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access but not view file contents by running a program within an sudo session, as demonstrated by interfering with terminal output,...
DEBIAN-CVE-2014-9680
sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access but not view file contents by running a program within an sudo session, as demonstrated by interfering with terminal output,...
CVE-2014-9680
sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access but not view file contents by running a program within an sudo session, as demonstrated by interfering with terminal output,...
CVE-2014-9680
sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access but not view file contents by running a program within an sudo session, as demonstrated by interfering with terminal output,...
CVE-2014-9680
CVE-2014-9680 : sudo before 1.8.12 fails to sanitize the TZ environment variable, allowing a local attacker to bypass restrictions and potentially cause a denial of service or read/open unauthorized files via a sudo session. Connected advisories/docs corroborate local-execution impact and recomme...
CVE-2014-9680
sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access but not view file contents by running a program within an sudo session, as demonstrated by interfering with terminal output,...
Solarwinds LEM Privilege Escalation via Sudo Script Abuse
Vulnerability Details Affected Vendor: Solarwinds Affected Product: Log and Event Manager Virtual Appliance Affected Version: v6.3.1 Platform: Embedded Linux CWE Classification: CWE-269: Improper Privilege Management Impact: Privileged Access Attack vector: SSH 2. Vulnerability Description An...
Solarwinds LEM 6.3.1 Sudo Privilege Escalation
KL-001-2017-005 : Solarwinds LEM Privilege Escalation via Controlled Sudo Path Title: Solarwinds LEM Privilege Escalation via Controlled Sudo Path Advisory ID: KL-001-2017-005 Publication Date: 2017.04.24 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-005.txt 1...
Solarwinds LEM Privilege Escalation via Controlled Sudo Path
Vulnerability Details Affected Vendor: Solarwinds Affected Product: Log and Event Manager Virtual Appliance Affected Version: v6.3.1 Platform: Embedded Linux CWE Classification: CWE-281: Improper Preservation of Permissions, CWE-708: Incorrect Ownership Assignment Impact: Privileged Access...
Solarwinds LEM 6.3.1 Sudo Script Abuse Privilege Escalation
KL-001-2017-006 : Solarwinds LEM Privilege Escalation via Sudo Script Abuse Title: Solarwinds LEM Privilege Escalation via Sudo Script Abuse Advisory ID: KL-001-2017-006 Publication Date: 2017.04.24 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-006.txt 1. Vulnerabili...
The vulnerability of the Mac OS X operating system, which allows a hacker to increase their privileges
The vulnerability of the sudo component in the Mac OS X operating system is related to improper handling of permissions. Exploiting this vulnerability allows a malicious actor to increase their privileges by using administrative group membership on the network server...
CVE-2016-7032
sudonoexec.so in Sudo before 1.8.15 on Linux might allow local users to bypass intended noexec command restrictions via an application that calls the 1 system or 2 popen function...
Command injection
sudonoexec.so in Sudo before 1.8.15 on Linux might allow local users to bypass intended noexec command restrictions via an application that calls the 1 system or 2 popen function...
UBUNTU-CVE-2016-7032
sudonoexec.so in Sudo before 1.8.15 on Linux might allow local users to bypass intended noexec command restrictions via an application that calls the 1 system or 2 popen function...
DEBIAN-CVE-2016-7032
sudonoexec.so in Sudo before 1.8.15 on Linux might allow local users to bypass intended noexec command restrictions via an application that calls the 1 system or 2 popen function...
CVE-2016-7032
sudonoexec.so in Sudo before 1.8.15 on Linux might allow local users to bypass intended noexec command restrictions via an application that calls the 1 system or 2 popen function...
CVE-2016-7032
sudonoexec.so in Sudo before 1.8.15 on Linux might allow local users to bypass intended noexec command restrictions via an application that calls the 1 system or 2 popen function...
CVE-2016-7032
sudonoexec.so in Sudo before 1.8.15 on Linux might allow local users to bypass intended noexec command restrictions via an application that calls the 1 system or 2 popen function...