4730 matches found
Huawei EulerOS: Security Advisory for sudo (EulerOS-SA-2021-1424)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for sudo (EulerOS-SA-2021-1575)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS Virtualization for ARM 64 3.0.6.0 : sudo (EulerOS-SA-2021-1575)
According to the versions of the sudo package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existenc...
EulerOS Virtualization 3.0.6.6 : sudo (EulerOS-SA-2021-1520)
According to the versions of the sudo package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - selinuxeditcopytfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileg...
EulerOS Virtualization for ARM 64 3.0.6.0 : cifs-utils (EulerOS-SA-2021-1546)
According to the version of the cifs-utils package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - It was found that cifs-utils' mount.cifs was invoking a shell when requesting the Samba password, which could be used ...
CVE-2021-23240 affecting package sudo 1.8.31p1-4
CVE-2021-23240 affecting package sudo 1.8.31p1-4. An upgraded version of the package is available that resolves this issue...
CVE-2021-23239 affecting package sudo 1.8.31p1-4
CVE-2021-23239 affecting package sudo 1.8.31p1-4. An upgraded version of the package is available that resolves this issue...
SUSE SLED15 / SLES15 Security Update : avahi (SUSE-SU-2021:0551-1)
This update for avahi fixes the following issues : CVE-2021-26720: drop privileges when invoking avahi-daemon-check-dns.sh bsc1180827 Update avahi-daemon-check-dns.sh from Debian. Our previous version relied on ifconfig, route, and init.d. Add sudo to requires: used to drop privileges. Note that...
Linux Sudo Privilege Escalation (Out-of-bounds Write)
Binary data linuxcve-2021-3156.nbin...
SUSE-SU-2021:0551-1 Security update for avahi
This update for avahi fixes the following issues: - CVE-2021-26720: drop privileges when invoking avahi-daemon-check-dns.sh bsc1180827 - Update avahi-daemon-check-dns.sh from Debian. Our previous version relied on ifconfig, route, and init.d. - Add sudo to requires: used to drop privileges...
Exploit for Off-by-one Error in Sudo_Project Sudo
CVE-2021-3156 PoC Introduction This is an exploit for the...
EulerOS 2.0 SP2 : sudo (EulerOS-SA-2021-1366)
According to the version of the sudo package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Sudo before 1.9.5p2 has a Heap-based Buffer Overflow, allowing privilege escalation to root via 'sudoedit -s' and a command-line argument that ends wi...
EulerOS 2.0 SP3 : sudo (EulerOS-SA-2021-1375)
According to the versions of the sudo package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Sudo superuser do allows a system administrator to give certain users or groups of users the ability to run some or all commands as root while...
Huawei EulerOS: Security Advisory for sudo (EulerOS-SA-2021-1366)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for sudo (EulerOS-SA-2021-1375)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Klog Server 2.4.1 Command Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Klog Server authenticate.php user Unauthenticated Command Injection', 'Description' = %q This module exploits an unauthenticated command injectio...
Klog Server authenticate.php user Unauthenticated Command Injection
This module exploits an unauthenticated command injection vulnerability in Klog Server versions 2.4.1 and prior. The authenticate.php file uses the user HTTP POST parameter in a call to the shellexec PHP function without appropriate input validation, allowing arbitrary command execution as the...
macOS 10.14.x < 10.14.6 Security Update 2021-002 / 10.15.x < 10.15.7 Supplemental Update / macOS 11.x < 11.2.1 (HT212177)
The remote host is running a version of macOS / Mac OS X that is 10.14.x prior to 10.14.6 Security Update 2021-002 Mojave, 10.15.x prior to 10.15.7 Supplemental Update Catalina, or 11.x prior to 11.2.1 Big Sur. It is, therefore, affected by multiple vulnerabilities, including the following: - An...
Informational: Impact of Sudo Vulnerability CVE-2021-3156
Palo Alto Networks Product Security Assurance team has evaluated the Sudo software vulnerability CVE-2021-3156. PAN-OS software, Prisma Cloud compute, and Prisma SD-WAN CloudGenix devices do not include the Sudo program and, therefore, no scenarios required for successful exploitation exist in...
Apple Patches 10-Year-Old macOS SUDO Root Privilege Escalation Bug
Apple has rolled out a fix for a critical sudo vulnerability in macOS Big Sur, Catalina, and Mojave that could allow unauthenticated local users to gain root-level privileges on the system. "A local attacker may be able to elevate their privileges," Apple said in a security advisory. "This issue...