Lucene search
K

4730 matches found

CVE
CVE
added 2022/06/24 3:0 p.m.67 views

CVE-2022-2104

The CVE-2022-2104 entry concerns the Secheron SEPCOS Control and Protection Relay. The issue is that the www-data (Apache web server) account is configured to run sudo without a password for many commands (including /bin/sh and /bin/bash), enabling potential OS-level privilege escalation. Public ...

9.9CVSS9.8AI score0.01012EPSS
Exploits0References1Affected Software1
GithubExploit
GithubExploit
added 2022/06/24 11:50 a.m.280 views

Exploit for Off-by-one Error in Sudo_Project Sudo

CVE-2021-3156: Heap-Based Buffer Overflow in Sudo Baron Samed...

7.8CVSS8.7AI score0.99295EPSS
Exploits81
UbuntuCve
UbuntuCve
added 2022/06/23 12:0 a.m.40 views

CVE-2022-33070

Protobuf-c v1.4.0 was discovered to contain an invalid arithmetic shift via the function parsetagandwiretype in protobuf-c/protobuf-c.c. This vulnerability allows attackers to cause a Denial of Service DoS via unspecified vectors...

5.5CVSS6.4AI score0.01058EPSS
Exploits1References4
OSV
OSV
added 2022/06/09 4:15 p.m.16 views

CVE-2022-31214

A Privilege Context Switching issue was discovered in join.c in Firejail 0.9.68. By crafting a bogus Firejail container that is accepted by the Firejail setuid-root program as a join target, a local attacker can enter an environment in which the Linux user namespace is still the initial user...

7.8CVSS6.8AI score
Exploits0References8
OSV
OSV
added 2022/06/09 4:15 p.m.1 views

UBUNTU-CVE-2022-31214

A Privilege Context Switching issue was discovered in join.c in Firejail 0.9.68. By crafting a bogus Firejail container that is accepted by the Firejail setuid-root program as a join target, a local attacker can enter an environment in which the Linux user namespace is still the initial user...

7.8CVSS7.2AI score0.00382EPSS
Exploits0References3
OSV
OSV
added 2022/06/07 6:15 p.m.2 views

CVE-2019-9971

PhoneSystem Terminal in 3CX Phone System Debian based installation 16.0.0.1570 allows an attacker to gain root privileges by using sudo with the tcpdump command, without a password. This occurs because the -z aka postrotate-command option to tcpdump can be unsafe when used in conjunction with sud...

8.8CVSS5.7AI score0.01565EPSS
Exploits1References3
NVD
NVD
added 2022/06/07 6:15 p.m.22 views

CVE-2019-9971

PhoneSystem Terminal in 3CX Phone System Debian based installation 16.0.0.1570 allows an attacker to gain root privileges by using sudo with the tcpdump command, without a password. This occurs because the -z aka postrotate-command option to tcpdump can be unsafe when used in conjunction with sud...

9CVSS0.01565EPSS
Exploits1References3
Prion
Prion
added 2022/06/07 6:15 p.m.20 views

Command injection

PhoneSystem Terminal in 3CX Phone System Debian based installation 16.0.0.1570 allows an attacker to gain root privileges by using sudo with the tcpdump command, without a password. This occurs because the -z aka postrotate-command option to tcpdump can be unsafe when used in conjunction with sud...

9CVSS8.7AI score0.01565EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2022/06/07 5:56 p.m.22 views

CVE-2019-9971

PhoneSystem Terminal in 3CX Phone System Debian based installation 16.0.0.1570 allows an attacker to gain root privileges by using sudo with the tcpdump command, without a password. This occurs because the -z aka postrotate-command option to tcpdump can be unsafe when used in conjunction with sud...

8.8AI score0.01565EPSS
Exploits1References3
CVE
CVE
added 2022/06/07 5:56 p.m.64 views

CVE-2019-9971

The CVE-2019-9971 entry concerns PhoneSystem Terminal in 3CX Phone System (Debian-based installation) 16.0.0.1570. The issue is a privilege-escalation vulnerability where an attacker can gain root privileges by using sudo with the tcpdump command due to the -z (postrotate-command) option being un...

9CVSS8.7AI score0.01565EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2022/06/07 12:0 a.m.4 views

3CX Phone 安全漏洞

The 3CX Phone is a software-based private branch exchange. It can be used with SIP standard based IP phones, SIP trunks and VoIP gateways to provide a complete communication solution. A security vulnerability exists in 3CX Phone System version 16.0.0.1570, which stems from the -z aka...

9CVSS7.7AI score0.01565EPSS
Exploits1References3
GithubExploit
GithubExploit
added 2022/05/26 2:47 a.m.193 views

Exploit for Off-by-one Error in Sudo_Project Sudo

CVE-2021-3156 Root shell PoC for CVE-2021-3156 no brutef...

7.8CVSS8.6AI score0.99295EPSS
Exploits81
VulnCheck KEV
VulnCheck KEV
added 2022/05/26 12:0 a.m.3 views

VulnCheck KEV: CVE-2021-35064

KramerAV VIAWare, all tested versions, allow privilege escalation through misconfiguration of sudo. Sudoers permits running of multiple dangerous commands, including unzip, systemctl and dpkg...

10CVSS7.4AI score0.70753EPSS
Exploits5References1
NVD
NVD
added 2022/05/17 9:15 p.m.21 views

CVE-2022-1356

cnMaestro is vulnerable to a local privilege escalation. By default, a user does not have root privileges. However, a user can run scripts as sudo, which could allow an attacker to gain root privileges when running user scripts outside allowed commands...

7.8CVSS0.00264EPSS
Exploits0References1
Prion
Prion
added 2022/05/17 9:15 p.m.19 views

Privilege escalation

cnMaestro is vulnerable to a local privilege escalation. By default, a user does not have root privileges. However, a user can run scripts as sudo, which could allow an attacker to gain root privileges when running user scripts outside allowed commands...

7.2CVSS8.3AI score0.00264EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/05/17 8:11 p.m.19 views

CVE-2022-1356 Cambium Networks cnMaestro use of Potentially Dangerous Function

cnMaestro is vulnerable to a local privilege escalation. By default, a user does not have root privileges. However, a user can run scripts as sudo, which could allow an attacker to gain root privileges when running user scripts outside allowed commands...

7.1CVSS7.9AI score0.00264EPSS
Exploits0References1
Rockylinux
Rockylinux
added 2022/05/17 8:15 a.m.14 views

new packages: sudo

An update is available for sudo. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Enterprise...

1.9AI score
Exploits0
OSV
OSV
added 2022/05/10 6:51 a.m.9 views

ALBA-2022:2080 sudo bug fix and enhancement update

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...

6.8AI score
Exploits0References1
Rockylinux
Rockylinux
added 2022/05/10 6:51 a.m.13 views

sudo bug fix and enhancement update

An update is available for sudo. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux 8.6...

1.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2022/05/09 12:0 a.m.25 views

NewStart CGSL CORE 5.05 / MAIN 5.05 : sudo Multiple Vulnerabilities (NS-SA-2022-0028)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has sudo packages installed that are affected by multiple vulnerabilities: - A certain Fedora patch for parse.c in sudo before 1.7.4p5-1.fc14 on Fedora 14 does not properly interpret a system group aka %group in the sudoers fil...

7.8CVSS7.6AI score0.99295EPSS
Exploits95References15
Rows per page
Query Builder