Lucene search
K

4730 matches found

ATTACKERKB
ATTACKERKB
added 2022/09/09 12:15 a.m.4 views

CVE-2022-40297

UBports Ubuntu Touch 16.04 allows the screen-unlock passcode to be used for a privileged shell via Sudo. This passcode is only four digits, far below typical length/complexity for a user account's password. NOTE: a third party states "The described attack cannot be executed as demonstrated...

7.8CVSS7AI score0.00453EPSS
Exploits2References2
NVD
NVD
added 2022/09/09 12:15 a.m.13 views

CVE-2022-40297

UBports Ubuntu Touch 16.04 allows the screen-unlock passcode to be used for a privileged shell via Sudo. This passcode is only four digits, far below typical length/complexity for a user account's password. NOTE: a third party states "The described attack cannot be executed as demonstrated...

7.8CVSS0.00453EPSS
Exploits2References1
Prion
Prion
added 2022/09/09 12:15 a.m.19 views

Design/Logic Flaw

DISPUTED UBports Ubuntu Touch 16.04 allows the screen-unlock passcode to be used for a privileged shell via Sudo. This passcode is only four digits, far below typical length/complexity for a user account's password. NOTE: a third party states "The described attack cannot be executed as...

4.3CVSS7.5AI score0.00453EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2022/09/08 11:38 p.m.84 views

CVE-2022-40297

UBports Ubuntu Touch 16.04 is affected by CVE-2022-40297 where the screen-unlock 4-digit passcode is usable as the sudo password, enabling privilege escalation to a privileged shell. The root cause described across sources is that a four-digit screen unlock code can be exploited to gain root via ...

7.8CVSS7.4AI score0.00453EPSS
Exploits2References1Affected Software1
Vulnrichment
Vulnrichment
added 2022/09/08 11:38 p.m.15 views

CVE-2022-40297

UBports Ubuntu Touch 16.04 allows the screen-unlock passcode to be used for a privileged shell via Sudo. This passcode is only four digits, far below typical length/complexity for a user account's password. NOTE: a third party states "The described attack cannot be executed as demonstrated...

7AI score0.00453EPSS
Exploits2References1
OSV
OSV
added 2022/09/07 11:4 a.m.3 views

OESA-2022-1892 sudo security update

Sudo is a program designed to allow a sysadmin to give limited root privileges to users and log root activity. The basic philosophy is to give as few privileges as possible but still allow people to get their work done. Security Fixes: zlib through 1.2.12 has a heap-based buffer over-read or buff...

9.8CVSS8.3AI score0.1593EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2022/09/01 12:0 a.m.250 views

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.11.3)

The version of AOS installed on the remote host is prior to 5.11.3. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-5.11.3 advisory. - A heap overflow flaw was found in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver...

10CVSS8AI score0.96823EPSS
Exploits45References77
Tenable Nessus
Tenable Nessus
added 2022/09/01 12:0 a.m.234 views

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.11.2.1)

The version of AOS installed on the remote host is prior to 5.11.2.1. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-5.11.2.1 advisory. - In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and...

9CVSS6.9AI score0.63917EPSS
Exploits10References21
Tenable Nessus
Tenable Nessus
added 2022/09/01 12:0 a.m.48 views

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.19.1.5)

The version of AOS installed on the remote host is prior to 5.19.1.5. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-5.19.1.5 advisory. - Perl before 5.30.3 has an integer overflow related to mishandling of a PLregkindOPn == NOTHING situation. A crafted regul...

8.6CVSS7.5AI score0.99295EPSS
Exploits83References11
Tenable Nessus
Tenable Nessus
added 2022/09/01 12:0 a.m.48 views

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.19.2)

The version of AOS installed on the remote host is prior to 5.19.2. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-5.19.2 advisory. - Perl before 5.30.3 has an integer overflow related to mishandling of a PLregkindOPn == NOTHING situation. A crafted regular...

8.6CVSS7.5AI score0.99295EPSS
Exploits102References29
Tenable Nessus
Tenable Nessus
added 2022/09/01 12:0 a.m.40 views

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.15.6)

The version of AOS installed on the remote host is prior to 5.15.6. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-5.15.6 advisory. - encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service invalid write access and...

9.8CVSS7.5AI score0.99295EPSS
Exploits112References48
Metasploit
Metasploit
added 2022/08/29 6:2 p.m.216 views

Zimbra zmslapd arbitrary module load

This module exploits CVE-2022-37393, which is a vulnerability in Zimbra's sudo configuration that permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes...

7.8CVSS8.5AI score0.01683EPSS
Exploits4
OpenVAS
OpenVAS
added 2022/08/26 12:0 a.m.13 views

Ubuntu: Security Advisory (USN-4705-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS8.5AI score0.99295EPSS
Exploits81References4
OpenVAS
OpenVAS
added 2022/08/26 12:0 a.m.22 views

Ubuntu: Security Advisory (USN-4263-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS8AI score0.19426EPSS
Exploits13References2
OpenVAS
OpenVAS
added 2022/08/26 12:0 a.m.5 views

Ubuntu: Security Advisory (USN-28-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References3
OpenVAS
OpenVAS
added 2022/08/26 12:0 a.m.23 views

Ubuntu: Security Advisory (USN-3968-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.2CVSS8.2AI score0.00573EPSS
Exploits0References2
OSV
OSV
added 2022/08/16 8:15 p.m.32 views

CVE-2022-37393

Zimbra's sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root...

7.8CVSS7AI score0.01683EPSS
Exploits4References3
NVD
NVD
added 2022/08/16 8:15 p.m.19 views

CVE-2022-37393

Zimbra's sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root...

7.8CVSS0.01683EPSS
Exploits4References3
ATTACKERKB
ATTACKERKB
added 2022/08/16 8:15 p.m.72 views

CVE-2022-37393

Zimbra's sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root. Rapid7...

7.8CVSS8.1AI score0.98975EPSS
In wildExploits30References5Affected Software1
Prion
Prion
added 2022/08/16 8:15 p.m.28 views

Design/Logic Flaw

Zimbra's sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root...

4.3CVSS7.7AI score0.01683EPSS
Exploits4References3Affected Software1
Rows per page
Query Builder