Lucene search
K

4730 matches found

OSV
OSV
added 2021/12/08 6:15 p.m.5 views

CVE-2021-41021

A privilege escalation vulnerability in FortiNAC versions 8.8.8 and below and 9.1.2 and below may allow an admin user to escalate the privileges to root via the sudo command...

6.7CVSS6.6AI score0.00251EPSS
Exploits0References1
Prion
Prion
added 2021/12/08 6:15 p.m.16 views

Privilege escalation

A privilege escalation vulnerability in FortiNAC versions 8.8.8 and below and 9.1.2 and below may allow an admin user to escalate the privileges to root via the sudo command...

7.2CVSS6.9AI score0.00251EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/12/08 5:48 p.m.15 views

CVE-2021-41021

A privilege escalation vulnerability in FortiNAC versions 8.8.8 and below and 9.1.2 and below may allow an admin user to escalate the privileges to root via the sudo command...

7.8CVSS8.2AI score0.00251EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2021/12/08 5:48 p.m.12 views

CVE-2021-41021

A privilege escalation vulnerability in FortiNAC versions 8.8.8 and below and 9.1.2 and below may allow an admin user to escalate the privileges to root via the sudo command...

7.8CVSS7.4AI score0.00251EPSS
Exploits0References1
CVE
CVE
added 2021/12/08 5:48 p.m.51 views

CVE-2021-41021

FortiNAC has a privilege escalation vulnerability (CVE-2021-41021) affecting FortiNAC versions 8.8.8 and below and 9.1.2 and below, enabling an admin to escalate to root via sudo. The connected sources identify the affected scope and impact but do not provide exploitation details or explicit reme...

7.8CVSS6.8AI score0.00251EPSS
Exploits0References1Affected Software1
Fortinet
Fortinet
added 2021/12/07 12:0 a.m.29 views

FortiNAC - Privilege Escalation via exploiting the SUDO privileges.

A privilege escalation vulnerability in FortiNAC may allow an admin user to escalate the privileges to root via the sudo command...

7.2CVSS4.5AI score0.00251EPSS
Exploits0Affected Software1
OSV
OSV
added 2021/12/06 4:15 a.m.3 views

CVE-2021-43043

An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The apache user could read arbitrary files such as /etc/shadow by abusing an insecure Sudo rule...

6.5CVSS6.7AI score0.01414EPSS
Exploits1References3
NVD
NVD
added 2021/12/06 4:15 a.m.19 views

CVE-2021-43043

An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The apache user could read arbitrary files such as /etc/shadow by abusing an insecure Sudo rule...

6.5CVSS0.01414EPSS
Exploits1References3
Prion
Prion
added 2021/12/06 4:15 a.m.13 views

Design/Logic Flaw

An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The apache user could read arbitrary files such as /etc/shadow by abusing an insecure Sudo rule...

4CVSS6.5AI score0.01414EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2021/12/06 12:0 a.m.16 views

CVE-2021-43043

An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The apache user could read arbitrary files such as /etc/shadow by abusing an insecure Sudo rule...

6.7AI score0.01414EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2021/12/06 12:0 a.m.5 views

PT-2021-23732 · Kaseya +1 · Kaseya Unitrends Backup Appliance +1

Name of the Vulnerable Software and Affected Versions: Kaseya Unitrends Backup Appliance versions prior to 10.5.5 Description: An issue was discovered in the software where the apache user could read arbitrary files, such as /etc/shadow, by abusing an insecure Sudo rule. Recommendations: For...

6.5CVSS6.4AI score0.01414EPSS
Exploits1References8
ICS
ICS
added 2021/11/30 12:0 a.m.46 views

Johnson Controls CEM Systems AC2000

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Controlled Electronic Management Systems, Ltd., a subsidiary of Johnson Controls, Inc. Equipment: CEM Systems AC2000 Vulnerability: Off-by-one Error 2. RISK EVALUATION Successful exploitation of this vulnerability could...

7.8CVSS8.1AI score0.99295EPSS
Exploits81References5
Gitee
Gitee
added 2021/11/23 4:28 p.m.12 views

Exploit for Off-by-one Error in Sudo_Project Sudo

Based on the provided context and code, here is a summary of the analysis: Classification: Exploit module/toolkit targeting a vulnerability in a specific product/service framework. Primary vulnerability: CVE-2021-3156, a heap-based buffer overflow in sudo. Target product/service: sudo, a Unix...

7.8CVSS8AI score0.99295EPSS
Exploits81
VulnCheck KEV
VulnCheck KEV
added 2021/11/03 12:0 a.m.4 views

VulnCheck KEV: CVE-2016-3643

SolarWinds Virtualization Manager allows for privilege escalation through leveraging a misconfiguration of sudo...

7.8CVSS7.1AI score0.03704EPSS
Exploits5References1
CISA KEV Catalog
CISA KEV Catalog
added 2021/11/03 12:0 a.m.15 views

SolarWinds Virtualization Manager Privilege Escalation Vulnerability

SolarWinds Virtualization Manager allows for privilege escalation through leveraging a misconfiguration of sudo...

7.8CVSS7.6AI score0.03704EPSS
In wildExploits5
AlmaLinux
AlmaLinux
added 2021/11/02 7:49 a.m.18 views

sudo bug fix and enhancement update

The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Bug Fixes and Enhancements: Request to backport...

6.9AI score
Exploits0
Rockylinux
Rockylinux
added 2021/11/02 7:49 a.m.12 views

sudo bug fix and enhancement update

An update is available for sudo. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The sudo packages contain the sudo utility which allows system administrators to...

1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2021/11/02 12:0 a.m.20 views

EulerOS 2.0 SP8 : sssd (EulerOS-SA-2021-2646)

According to the versions of the sssd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs- fetch and cache-expire subcommands. Thi...

9.3CVSS6.7AI score0.02524EPSS
Exploits0References2
NVD
NVD
added 2021/11/01 5:15 a.m.35 views

CVE-2021-40348

Spacewalk 2.10, and derivatives such as Uyuni 2021.08, allows code injection. rhn-config-satellite.pl doesn't sanitize the configuration filename used to append Spacewalk-specific key-value pair. The script is intended to be run by the tomcat user account with Sudo, according to the installation...

9.3CVSS0.01741EPSS
Exploits1References2
OSV
OSV
added 2021/11/01 5:15 a.m.37 views

CVE-2021-40348

Spacewalk 2.10, and derivatives such as Uyuni 2021.08, allows code injection. rhn-config-satellite.pl doesn't sanitize the configuration filename used to append Spacewalk-specific key-value pair. The script is intended to be run by the tomcat user account with Sudo, according to the installation...

8.8CVSS7.5AI score
Exploits0References2
Rows per page
Query Builder