Huawei EulerOS: Security Advisory for sudo (EulerOS-SA-2025-2060)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP12 : sudo (EulerOS-SA-2025-2029)

According to the versions of the sudo package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute...

Huawei EulerOS: Security Advisory for sudo (EulerOS-SA-2025-2029)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP10 : sudo (EulerOS-SA-2025-2088)

According to the versions of the sudo package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute...

Advisory ROSA-SA-2025-2973

software: sudo 1.9.17p1 WASP: ROSA-CHROME unaffected versions = sudo-1.9.17p1-1 affected versions sudo-1.9.17p1-1 CVE-ID: CVE-2025-32462 BDU-ID: 2025-08356 CVE-Crit: LOW CVE-DESC.: A vulnerability in the Sudo system administration program is related to a flaw in the authorization mechanism...

Security Bulletin: Vulnerability in sudo library (CVE-2025-32462) affects Power HMC.

Summary The sudo library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2025-32462 DESCRIPTION: Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows liste...

sudo_inject

Linux Privilege Escalation by injecting process possessing sudo tokens Inject process that have valid sudo token and activate our own sudo token Introduction We all noticed that sometimes sudo doesn't ask us for a password because he remembers us. How does he remember us and how does he identifie...

Exploit for Off-by-one Error in Sudo_Project Sudo

This is a PoC exploit for CVE-2021-3156, a sudo vulnerability dubbed Baron Samedit by Qualys. The exploit is written in C and uses a heap overflow technique to gain elevated privileges. The exploit is designed to be run on a system with the vulnerable sudo version installed. The usage of the...

Metasploit Weekly Wrap-Up 09/05/2025

Persistence Improvements and Exploits This week, the Metasploit team and the community has made improvements to some persistence modules such as Bash, which improves how they function behind the scenes. They have also been tagged with MITRE ATT&CK techniques. A new exploit has also been added thi...

MAL-2025-46752 Malicious code in yaml-assert-upsilon-sudo-small (npm)

The package yaml-assert-upsilon-sudo-small was found to contain malicious code...

Malicious code in yaml-assert-upsilon-sudo-small (npm)

The package yaml-assert-upsilon-sudo-small was found to contain malicious code...

Ilevia EVE X1/X5 Server 4.7.18.0.eden Reverse Rootshell

Summary EVE is a smart home and building automation solution designed for both residential and commercial environments, including malls, hotels, restaurants, bars, gyms, spas, boardrooms, and offices. It enables comprehensive control and monitoring of electrical installations through a highly...

Sudo Chroot 1.9.17 Privilege Escalation

Sudo before version 1.19.17p1 allows user to use chroot option, when executing command. The option is intended to run a command with user-selected root directory if sudoers file allow it. Change in version 1.9.14 allows resolving paths via chroot using user-specified root directory when sudoers i...

Project-Frame-Jacking-The-Gallery-Heist

Executive Summary A comprehensive penetration test was conduc...

Linux Distros Unpatched Vulnerability : CVE-2025-46717

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - sudo-rs is a memory safe implementation of sudo and su written in Rust. Prior to version 0.2.6, users with no or very limited sudo privileges can determine...

Linux Distros Unpatched Vulnerability : CVE-2025-46718

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - sudo-rs is a memory safe implementation of sudo and su written in Rust. Prior to version 0.2.6, users with limited sudo privileges e.g. execution of a single...

Exploit for Inclusion of Functionality from Untrusted Control Sphere in Sudo_Project Sudo

CVE-2025-32463chwoot English documenthttps://github.com/Yu...

Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-10.0.1.3)

The version of AHV installed on the remote host is prior to AHV-10.0.1.3. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-10.0.1.3 advisory. - LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4write32 related to LZ4compressdestSize, affecting application...

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-7.3.0.5)

The version of AOS installed on the remote host is prior to 7.3.0.5. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-7.3.0.5 advisory. - inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer...

Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-20230302.103068)

The version of AHV installed on the remote host is prior to 20230302.103068. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-20230302.103068 advisory. - The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17,...