Lucene search
K

4730 matches found

Prion
Prion
added 2021/11/01 5:15 a.m.13 views

Code injection

Spacewalk 2.10, and derivatives such as Uyuni 2021.08, allows code injection. rhn-config-satellite.pl doesn't sanitize the configuration filename used to append Spacewalk-specific key-value pair. The script is intended to be run by the tomcat user account with Sudo, according to the installation...

9.3CVSS8.8AI score0.01741EPSS
Exploits1References2Affected Software2
Cvelist
Cvelist
added 2021/11/01 4:32 a.m.34 views

CVE-2021-40348

Spacewalk 2.10, and derivatives such as Uyuni 2021.08, allows code injection. rhn-config-satellite.pl doesn't sanitize the configuration filename used to append Spacewalk-specific key-value pair. The script is intended to be run by the tomcat user account with Sudo, according to the installation...

9AI score0.01741EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2021/10/28 12:0 a.m.23 views

NewStart CGSL CORE 5.04 / MAIN 5.04 : sudo Multiple Vulnerabilities (NS-SA-2021-0101)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has sudo packages installed that are affected by multiple vulnerabilities: - A certain Fedora patch for parse.c in sudo before 1.7.4p5-1.fc14 on Fedora 14 does not properly interpret a system group aka %group in the sudoers fil...

8.2CVSS7.6AI score0.99295EPSS
Exploits94References17
Tenable Nessus
Tenable Nessus
added 2021/10/27 12:0 a.m.37 views

NewStart CGSL CORE 5.05 / MAIN 5.05 : sudo Vulnerability (NS-SA-2021-0178)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has sudo packages installed that are affected by a vulnerability: - Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via sudoedit -s and...

7.8CVSS7.3AI score0.99295EPSS
Exploits81References3
Tenable Nessus
Tenable Nessus
added 2021/10/27 12:0 a.m.28 views

NewStart CGSL MAIN 6.02 : sudo Multiple Vulnerabilities (NS-SA-2021-0120)

The remote NewStart CGSL host, running version MAIN 6.02, has sudo packages installed that are affected by multiple vulnerabilities: - A certain Fedora patch for parse.c in sudo before 1.7.4p5-1.fc14 on Fedora 14 does not properly interpret a system group aka %group in the sudoers file during...

7.8CVSS7.6AI score0.99295EPSS
Exploits108References25
Positive Technologies
Positive Technologies
added 2021/10/25 12:0 a.m.6 views

PT-2021-7417 · Zimbra +1 · Zimbra Collaboration +1

Name of the Vulnerable Software and Affected Versions: Zimbra Collaboration ZCS versions 8.8.x through 9.x Description: An issue was discovered in Zimbra Collaboration, related to the Sudo configuration, which permits the zimbra user to execute the NGINX binary as root with arbitrary parameters...

7.8CVSS7.5AI score0.0039EPSS
Exploits1References13
OSV
OSV
added 2021/10/22 6:1 p.m.8 views

CLSA-2021-1634925704 Fixed CVE-2021-23240 in sudo

sudo-1.8.6p3-CVE-2021-23240-2.patch: fixed issue with credentials management in sudoedit - sudo-1.8.6p3-CVE-2021-23240-3.patch: fixed issue with origin file removal in sesh...

7.8CVSS7.1AI score0.01066EPSS
Exploits1References1
OSV
OSV
added 2021/10/22 6:1 p.m.4 views

CLSA-2021-1634925665 Fixed CVE-2021-3156 in sudo

Fixed Heap-based buffer overflow in Sudo CVE-2021-3156...

7.8CVSS7.2AI score0.99295EPSS
Exploits81References1
GithubExploit
GithubExploit
added 2021/10/20 7:34 a.m.153 views

Exploit for Off-by-one Error in Sudo_Project Sudo

CVE-2021-3156 CVE-2021-3156 exploit Introducti...

7.8CVSS7.7AI score0.99295EPSS
Exploits81
GithubExploit
GithubExploit
added 2021/10/13 5:43 p.m.94 views

Exploit for Off-by-one Error in Sudo_Project Sudo

CVE-2021-3156 In this document we include all the knowledge n...

7.8CVSS8AI score0.99295EPSS
Exploits81
Kitploit
Kitploit
added 2021/10/12 11:30 a.m.26 views

LinuxCatScale - Incident Response Collection And Processing Scripts With Automated Reporting Scripts

Linux CatScale is a bash script that uses live of the land tools to collect extensive data from Linux based hosts. The data aims to help DFIR professionals triage and scope incidents. An Elk Stack instance also is configured to consume the output and assist the analysis process. Usage This script...

7.4AI score
Exploits0References1
Gitee
Gitee
added 2021/09/27 2:38 p.m.10 views

Exploit for Off-by-one Error in Sudo_Project Sudo

PoC exploit for CVE-2021-3156, a heap-based buffer overflow in Sudo. The target product/service is Sudo, a Unix command to execute a command with superuser root privileges. The vulnerability class/vector is a heap-based buffer overflow. Notable dependencies/tooling include the Qualys Security...

7.8CVSS8.2AI score0.99295EPSS
Exploits81
Huntr
Huntr
added 2021/09/16 7:36 p.m.12 views

Stack-based Buffer Overflow in gwsw/less

Description The less utility is a pager used by many applications and setups. One such setup is access to log files. If permissions are not sufficient for regular users, less can be called with sudo. LESSSECURE=1 can be set to disable many dangerous operations which a regular user should not be...

1.5AI score
Exploits0References1
OpenVAS
OpenVAS
added 2021/09/09 12:0 a.m.24 views

Ubuntu: Security Advisory (USN-5067-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.3CVSS6.9AI score0.02524EPSS
Exploits0References2
OSV
OSV
added 2021/09/08 11:40 a.m.15 views

USN-5067-1 sssd vulnerabilities

Jakub Hrozek discovered that SSSD incorrectly handled file permissions. A local attacker could possibly use this issue to read the sudo rules available for any user. This issue only affected Ubuntu 18.04 LTS. CVE-2018-10852 It was discovered that SSSD incorrectly handled Group Policy Objects. Whe...

9.3CVSS6.5AI score0.02524EPSS
Exploits0References5
Redos
Redos
added 2021/09/08 12:0 a.m.45 views

ROS-2-613

2.613 Vulnerability in sudo CVE-2021-3156 1. Vulnerability Description: The vulnerability allows root access without authentication and without having the necessary credentials. The issue can be exploited by any user, regardless of their presence in system groups or the presence of an entry in th...

7.8CVSS7.7AI score0.99295EPSS
Exploits81
Redos
Redos
added 2021/09/08 12:0 a.m.35 views

ROS-2-795

2.795 Vulnerability in sudo CVE-2021-3156 1. Vulnerability Description: The vulnerability allows root access without authentication and without having the necessary credentials. The issue can be exploited by any user, regardless of their presence in system groups or the presence of an entry in th...

7.8CVSS7.7AI score0.99295EPSS
Exploits81
RedHat Linux
RedHat Linux
added 2021/08/31 9:22 a.m.1 views

sssd: shell command injection in sssctl

A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest...

9.3CVSS5.7AI score0.02524EPSS
Exploits0References4
ThreatPost
ThreatPost
added 2021/08/30 9:46 p.m.71 views

HPE Warns Sudo Bug Gives Attackers Root Privileges to Aruba Platform

Hewlett Packard Enterprise HPE is warning a vulnerability in Sudo, an open-source program used within its Aruba AirWave management platform, could allow any unprivileged and unauthenticated local user to gain root privileges on a vulnerable host. Rated high in severity, HPE warns the Sudo flaw...

7.8CVSS8.7AI score0.99295EPSS
Exploits81References9
GithubExploit
GithubExploit
added 2021/08/13 2:23 p.m.421 views

Exploit for Off-by-one Error in Sudo_Project Sudo

CVE-2021-3156 Introduction This repository was created f...

7.8CVSS7.7AI score0.99295EPSS
Exploits81
Rows per page
Query Builder