EulerOS Virtualization 2.10.1 : sudo (EulerOS-SA-2026-1147)

According to the versions of the sudo package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed user...

CVE-2026-22536

The absence of permissions control for the user XXX allows the current configuration in the sudoers file to escalate privileges without any restrictions...

CVE-2026-22536

CVE-2026-22536 describes an elevation of privileges caused by the absence of permissions control for a user (XXX) in the sudoers configuration, enabling privilege escalation without restrictions. The connected sources consistently frame this as a sudoers-permission issue leading to local privileg...

CVE-2019-25241

FaceSentry Access Control System 6.4.8 contains a critical authentication vulnerability with hard-coded SSH credentials for the wwwuser account. Attackers can leverage the insecure sudoers configuration to escalate privileges and gain root access by executing sudo commands without authentication...

CVE-2019-25241 FaceSentry Access Control System 6.4.8 Remote SSH Root Access

FaceSentry Access Control System 6.4.8 contains a critical authentication vulnerability with hard-coded SSH credentials for the wwwuser account. Attackers can leverage the insecure sudoers configuration to escalate privileges and gain root access by executing sudo commands without authentication...

PT-2025-53327

Name of the Vulnerable Software and Affected Versions FaceSentry Access Control System version 6.4.8 Description The FaceSentry Access Control System contains an authentication issue involving hard-coded SSH credentials for the wwwuser account. An insecure sudoers configuration allows attackers t...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: sudo (UTSA-2025-192801)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-192801 advisory. Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on...

EUVD-2022-27102

Malicious code in bioql PyPI...

EUVD-2022-45783

Malicious code in bioql PyPI...

EUVD-2025-19698

Malicious code in bioql PyPI...

Security Bulletin: Vulnerability in sudo library (CVE-2025-32462) affects Power HMC.

Summary The sudo library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2025-32462 DESCRIPTION: Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows liste...

CVE-2025-46093

LiquidFiles before 4.1.2 supports FTP SITE CHMOD for mode 6777 setuid and setgid, which allows FTPDrop users to execute arbitrary code as root by leveraging the Actionscript feature and the sudoers configuration...

Liquidfiles 安全漏洞

Liquidfiles is a storage service for large-scale secure file transfer and sharing for companies and organizations from US-based Liquidfiles, Inc. A security vulnerability exists in Liquidfiles versions prior to 4.1.2, which originates from a vulnerability that could cause an FTPDrop user to execu...

CVE-2025-34112

An authenticated multi-stage remote code execution vulnerability exists in Riverbed SteelCentral NetProfiler and NetExpress 10.8.7 virtual appliances. A SQL injection vulnerability in the '/api/common/1.0/login' endpoint can be exploited to create a new user account in the appliance database. Thi...

CVE-2025-27021

The misconfiguration in the sudoers configuration of the operating system in Infinera G42 version R6.1.3 allows low privileged OS users to read/write physical memory via devmem command line tool. This could allow sensitive information disclosure, denial of service, and privilege escalation by...

CVE-2025-27021 Operating System Misconfiguration in Infinera G42

The misconfiguration in the sudoers configuration of the operating system in Infinera G42 version R6.1.3 allows low privileged OS users to read/write physical memory via devmem command line tool. This could allow sensitive information disclosure, denial of service, and privilege escalation by...

AZL-64461 CVE-2025-32462 affecting package sudo for versions less than 1.9.17-1

Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines...

sudo: LPE via host option

A privilege escalation vulnerability was found in Sudo. In certain configurations, unauthorized users can gain elevated system privileges via the Sudo host option -h or --host. When using the default sudo security policy plugin sudoers, the host option is intended to be used in conjunction with t...

CVE-2025-32462

A privilege escalation vulnerability was found in Sudo. In certain configurations, unauthorized users can gain elevated system privileges via the Sudo host option -h or --host. When using the default sudo security policy plugin sudoers, the host option is intended to be used in conjunction with t...

CVE-2022-42717

An issue was discovered in Hashicorp Packer before 2.3.1. The recommended sudoers configuration for Vagrant on Linux is insecure. If the host has been configured according to this documentation, non-privileged users on the host can leverage a wildcard in the sudoers configuration to execute...