CVE-2020-27985

Security Onion v2 prior to 2.3.10 has an incorrect sudo configuration, which allows the administrative user to obtain root access without using the sudo password by editing and executing /home//SecurityOnion/setup/so-setup...

CVE-2020-27985

Security Onion v2 prior to 2.3.10 contains a misconfigured sudo setup that allows the administrative user to obtain root access without a password by editing and executing /home//SecurityOnion/setup/so-setup. The issue is a local privilege escalation affecting deployments based on the affected 2....

Security Onion Solutions Security Onion Security Breaches

Security Onion Solutions Security Onion is an American Security Onion Solutions software for threat search, enterprise security monitoring and log management. The software supports Elasticsearch, Logstash, Kibana, Snort, Suricata, Bro, Wazuh, Sguil, Squit, NetworkMiner and many other security too...

Unspecified vulnerability in Aviatrix Controller (CNVD-2021-17716)

Aviatrix Controller is a centralized control panel for orchestrating and managing various network and connectivity solutions. A sudo rule insecurity vulnerability exists in Aviatrix Controller versions prior to R5.4.1290. An attacker could execute all commands as any user on the system through th...

RHEL 8 : sudo (RHSA-2020:1804)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:1804 advisory. The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute...

CVE-2020-26548

An issue was discovered in Aviatrix Controller before R5.4.1290. There is an insecure sudo rule: a user exists that can execute all commands as any user on the system...

CVE-2020-26548

An issue was discovered in Aviatrix Controller before R5.4.1290. There is an insecure sudo rule: a user exists that can execute all commands as any user on the system...

Design/Logic Flaw

An issue was discovered in Aviatrix Controller before R5.4.1290. There is an insecure sudo rule: a user exists that can execute all commands as any user on the system...

CVE-2020-26548

An issue was discovered in Aviatrix Controller before R5.4.1290. There is an insecure sudo rule: a user exists that can execute all commands as any user on the system...

CVE-2020-26548

Aviatrix Controller (pre-R5.4.1290) contains an insecure sudo rule that allows a user to execute any command as any user on the system. This vulnerability affects Controller versions before R5.4.1290 and is supported by multiple sources (e.g., CNVD-2021-17716; NVD CVE-2020-26548) with high impact...

Protecting Install Tool with Sudo Mode

When the system maintainer concept was introduced with TYPO3 v9.0.0 the necessity of having to enter a password when accessing the Install Tool via backend user interface was removed...

Aviatrix Systems Controller 安全漏洞

Aviatrix Controller is a centralized control panel for orchestrating and managing various network and connectivity solutions. A sudo rule insecurity vulnerability exists in Aviatrix Controller versions prior to R5.4.1290. An attacker could execute all commands as any user on the system through th...

[SECURITY] [DLA 2434-1] gdm3 security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2434-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb November 05, 2020 https://wiki.debian.org/LTS -...

Trend Micro IMSVA CSRF / XML Injection / SSRF / File Disclosure

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Vulnerabilities product: Trend Micro InterScan Messaging Security Virtual Appliance IMSVA vulnerable version: 9.1.0 Critical Patch Build 2025 fixed version: 9.1....

Exploit for Use After Free in Microsoft

System-Vulnerability 实时更新较好用最新漏洞EXP，仅供已授权渗透测试使用 --- Windows --2019.9.20 CVE-2019-0708 Blue Keep Rce --2019.11.20 CVE-2019-1388 UAC 提权 --2020.3 CVE-2020-0796 - SMBv3 poc --2020.4 CVE-2020-0796 - SMBv3 提权 --2020.5 全版本窃取令牌提权 --2020.6 CVE-2020-0796 - SMBv3 getshell Linux --2019.11 CVE-2019-14287 sudo...

EulerOS 2.0 SP9 : sudo (EulerOS-SA-2020-2238)

According to the version of the sudo package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process...

Huawei EulerOS: Security Advisory for sudo (EulerOS-SA-2020-2238)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

FruityWifi Elevation of Privilege Vulnerability

FruityWifi is a wireless network auditing tool. A security vulnerability exists in FruityWifi version 2.4 and prior versions, which stems from the presence of a fail-safe Sudo configuration ALL: ALL NOPASSWD: ALL. The vulnerability can be exploited by an attacker to perform a system-level root...

CVE-2020-24848

FruityWifi through 2.4 has an unsafe Sudo configuration ALL : ALL NOPASSWD: ALL. This allows an attacker to perform a system-level root local privilege escalation, allowing an attacker to gain complete persistent access to the local system...

CVE-2020-24848

FruityWifi through 2.4 has an unsafe Sudo configuration ALL : ALL NOPASSWD: ALL. This allows an attacker to perform a system-level root local privilege escalation, allowing an attacker to gain complete persistent access to the local system...