CVE-2024-43571

Technical details about CVE-2024-43571 are not publicly provided in the supplied documents. Monitor official advisories (MSRC/update guides) for affected products, impact, and fixes.

CVE-2024-43571 Sudo for Windows Spoofing Vulnerability

...

CVE-2024-43571 Sudo for Windows Spoofing Vulnerability

...

Sudo for Windows Spoofing Vulnerability

...

PT-2024-6788 · Unknown +1 · Sudo For Windows +1

Name of the Vulnerable Software and Affected Versions: Sudo for Windows affected versions not specified Description: The issue is related to a spoofing vulnerability in the system administration utility Sudo for Windows. It is caused by improper restriction of the communication channel for suppos...

Microsoft Sudo for Windows 安全漏洞

Microsoft Sudo for Windows is a new way for users of Microsoft Corporation USA as administrators to run elevated commands directly from an un-elevated console session on Windows. A security vulnerability exists in Microsoft Sudo for Windows. An attacker could exploit the vulnerability to perform...

systemd: privilege escalation via the less pager

A vulnerability was found in the systemd package. The systemd package does not adequately block local privilege escalation for some sudo configurations, for example, plausible sudoers files, in which the "systemctl status" command may be executed. Specifically, systemd does not set LESSSECURE to ...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a sensitive information exposure in Sudo Project Sudo [CVE-2023-28486]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a sensitive information exposure in Sudo Project Sudo, caused by improper escaping terminal control characters during logging operations CVE-2023-28486. Sudo Project Sudo is included as a Base OS package used...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a sensitive information exposure in Sudo Project Sudo [CVE-2023-28487]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a sensitive information exposure in Sudo Project Sudo, caused by improper escaping terminal control characters by the "sudoreplay -l" command CVE-2023-28487. Sudo Project Sudo is included as a Base OS package...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security restrictions bypass in Sudo Project Sudo [CVE-2023-42465]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security restrictions bypass in Sudo Project Sudo, caused by a fault injection flaw in the stack/register variables CVE-2023-42465. Sudo Project Sudo is included as a Base OS package used by our service...

PAM module may allow accessing with the credentials of another user

Authd PAM module up to version 0.3.4 can allow broker-managed users to impersonate any other user managed by the same broker and perform any PAM operation with it, including authenticating as them. This is possible using tools such as su, sudo or ssh and potentially others that, so far, do not...

Synology DiskStation Manager Sudo Off-by-one Error (CVE-2021-3156)

Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via sudoedit -s and a command-line argument that ends with a single backslash character. This plugin only works with Tenable.ot. Please visit...

Advisory ROSA-SA-2024-2478

software: yajl 2.1.0 WASP: ROSA-CHROME packageevrstring: yajl-2.1.0-2 CVE-ID: CVE-2023-33460 BDU-ID: 2023-07652 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the yajltreeparse function of the YAJL-ruby JSON library is related to improper memory freeing before deleting the last reference...

Advisory ROSA-SA-2024-2477

software: squid 5.9 WASP: ROSA-CHROME packageevrstring: squid-5.9-2 CVE-ID: CVE-2023-46724 BDU-ID: 2023-07699 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Squid proxy server is related to errors in SSL/TLS certificate validation. Exploitation of the vulnerability could allow an attacker actin...

EulerOS 2.0 SP8 : sudo (EulerOS-SA-2024-2493)

According to the versions of the sudo package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Sudo before 1.9.13 does not escape control characters in sudoreplay output.CVE-2023-28487 Sudo before 1.9.13 does not escape control characters in lo...

Huawei EulerOS: Security Advisory for sudo (EulerOS-SA-2024-2493)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHSA-2005:535 Red Hat Security Advisory: sudo security update

Bulletin has no description...

RHSA-2024:0811 Red Hat Security Advisory: sudo security update

Bulletin has no description...

RHSA-2023:0293 Red Hat Security Advisory: sudo security update

Bulletin has no description...

RHSA-2023:0291 Red Hat Security Advisory: sudo security update

Bulletin has no description...