4730 matches found
CVE-2022-2104
The CVE-2022-2104 entry concerns the Secheron SEPCOS Control and Protection Relay. The issue is that the www-data (Apache web server) account is configured to run sudo without a password for many commands (including /bin/sh and /bin/bash), enabling potential OS-level privilege escalation. Public ...
Exploit for Off-by-one Error in Sudo_Project Sudo
CVE-2021-3156: Heap-Based Buffer Overflow in Sudo Baron Samed...
CVE-2022-33070
Protobuf-c v1.4.0 was discovered to contain an invalid arithmetic shift via the function parsetagandwiretype in protobuf-c/protobuf-c.c. This vulnerability allows attackers to cause a Denial of Service DoS via unspecified vectors...
CVE-2022-31214
A Privilege Context Switching issue was discovered in join.c in Firejail 0.9.68. By crafting a bogus Firejail container that is accepted by the Firejail setuid-root program as a join target, a local attacker can enter an environment in which the Linux user namespace is still the initial user...
UBUNTU-CVE-2022-31214
A Privilege Context Switching issue was discovered in join.c in Firejail 0.9.68. By crafting a bogus Firejail container that is accepted by the Firejail setuid-root program as a join target, a local attacker can enter an environment in which the Linux user namespace is still the initial user...
CVE-2019-9971
PhoneSystem Terminal in 3CX Phone System Debian based installation 16.0.0.1570 allows an attacker to gain root privileges by using sudo with the tcpdump command, without a password. This occurs because the -z aka postrotate-command option to tcpdump can be unsafe when used in conjunction with sud...
CVE-2019-9971
PhoneSystem Terminal in 3CX Phone System Debian based installation 16.0.0.1570 allows an attacker to gain root privileges by using sudo with the tcpdump command, without a password. This occurs because the -z aka postrotate-command option to tcpdump can be unsafe when used in conjunction with sud...
Command injection
PhoneSystem Terminal in 3CX Phone System Debian based installation 16.0.0.1570 allows an attacker to gain root privileges by using sudo with the tcpdump command, without a password. This occurs because the -z aka postrotate-command option to tcpdump can be unsafe when used in conjunction with sud...
CVE-2019-9971
PhoneSystem Terminal in 3CX Phone System Debian based installation 16.0.0.1570 allows an attacker to gain root privileges by using sudo with the tcpdump command, without a password. This occurs because the -z aka postrotate-command option to tcpdump can be unsafe when used in conjunction with sud...
CVE-2019-9971
The CVE-2019-9971 entry concerns PhoneSystem Terminal in 3CX Phone System (Debian-based installation) 16.0.0.1570. The issue is a privilege-escalation vulnerability where an attacker can gain root privileges by using sudo with the tcpdump command due to the -z (postrotate-command) option being un...
3CX Phone 安全漏洞
The 3CX Phone is a software-based private branch exchange. It can be used with SIP standard based IP phones, SIP trunks and VoIP gateways to provide a complete communication solution. A security vulnerability exists in 3CX Phone System version 16.0.0.1570, which stems from the -z aka...
Exploit for Off-by-one Error in Sudo_Project Sudo
CVE-2021-3156 Root shell PoC for CVE-2021-3156 no brutef...
VulnCheck KEV: CVE-2021-35064
KramerAV VIAWare, all tested versions, allow privilege escalation through misconfiguration of sudo. Sudoers permits running of multiple dangerous commands, including unzip, systemctl and dpkg...
CVE-2022-1356
cnMaestro is vulnerable to a local privilege escalation. By default, a user does not have root privileges. However, a user can run scripts as sudo, which could allow an attacker to gain root privileges when running user scripts outside allowed commands...
Privilege escalation
cnMaestro is vulnerable to a local privilege escalation. By default, a user does not have root privileges. However, a user can run scripts as sudo, which could allow an attacker to gain root privileges when running user scripts outside allowed commands...
CVE-2022-1356 Cambium Networks cnMaestro use of Potentially Dangerous Function
cnMaestro is vulnerable to a local privilege escalation. By default, a user does not have root privileges. However, a user can run scripts as sudo, which could allow an attacker to gain root privileges when running user scripts outside allowed commands...
new packages: sudo
An update is available for sudo. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Enterprise...
ALBA-2022:2080 sudo bug fix and enhancement update
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...
sudo bug fix and enhancement update
An update is available for sudo. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux 8.6...
NewStart CGSL CORE 5.05 / MAIN 5.05 : sudo Multiple Vulnerabilities (NS-SA-2022-0028)
The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has sudo packages installed that are affected by multiple vulnerabilities: - A certain Fedora patch for parse.c in sudo before 1.7.4p5-1.fc14 on Fedora 14 does not properly interpret a system group aka %group in the sudoers fil...