Kramer VIAware - Privilege Escalation and Remote Code Execution

Kramer VIAware, all tested versions, allow privilege escalation and remote code execution due to misconfigured sudo permissions. Attackers can execute arbitrary system commands remotely if the web interface is accessible, due to vulnerabilities in the handling of privileged operations through...

EulerOS Virtualization 2.12.1 : sudo (EulerOS-SA-2026-1465)

According to the versions of the sudo package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed user...

terraform-provider-proxmox has insecure sudo recommendation in the documentation

Note: It is uncertain whether this constitutes a vulnerability or should be filed as an issue instead. Summary In the SSH configuration documentation, the sudoer line that was suggested can be escalated to edit any files in the system. Details The following line were suggested for addition in the...

CVE-2025-12381 Privilege Escalation via Misconfigured Sudoers Entry for Local Users in AlgoSec Firewall Analyzer

Improper Privilege Management vulnerability in AlgoSec Firewall Analyzer on Linux, 64 bit allows Privilege Escalation, Parameter Injection. A local user with access to the command line may escalate their privileges by abusing the parameters of a command that is approved in the sudoers file. This...

CVE-2025-34187

Ilevia EVE X1/X5 Server version ≤ 4.7.18.0.eden contains a misconfiguration in the sudoers file that allows passwordless execution of certain Bash scripts. If these scripts are writable by web-facing users or accessible via command injection, attackers can replace them with malicious payloads...

CVE-2025-34187

Ilevia EVE X1/X5 Server (versions ≤ 4.7.18.0.eden) is affected by multiple vulnerabilities. The primary CVE (CVE-2025-34187) stems from a misconfiguration in the sudoers file that allows passwordless execution of certain Bash scripts; if these scripts are writable by web-facing users or reachable...

CVE-2025-34187

Ilevia EVE X1/X5 Server version ≤ 4.7.18.0.eden contains a misconfiguration in the sudoers file that allows passwordless execution of certain Bash scripts. If these scripts are writable by web-facing users or accessible via command injection, attackers can replace them with malicious payloads...

PT-2025-38077

Name of the Vulnerable Software and Affected Versions: Ilevia EVE X1/X5 Server versions prior to 4.7.18.0.eden Description: Ilevia EVE X1/X5 Server contains a misconfiguration in the sudoers file that allows passwordless execution of certain Bash scripts. If these scripts are writable by web-faci...

Ilevia EVE X1/X5 Server 4.7.18.0.eden - Reverse Rootshell

!/usr/bin/env python Ilevia EVE X1/X5 Server 4.7.18.0.eden Reverse Rootshell Vendor: Ilevia Srl. Product web page: https://www.ilevia.com Affected version: = 4.7.18.0.eden Logic ver: 6.00 Summary: EVE is a smart home and building automation solution designed for both residential and commercial...

EulerOS 2.0 SP10 : sudo (EulerOS-SA-2025-2088)

According to the versions of the sudo package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute...

CVE-2012-10040

Openfiler v2.x contains a command injection vulnerability in the system.html page. The device parameter is used to instantiate a NetworkCard object, whose constructor in network.inc calls exec with unsanitized input. An authenticated attacker can exploit this to execute arbitrary commands as the...

CVE-2012-10040

Openfiler v2.x contains a command injection vulnerability in the system.html page. The device parameter is used to instantiate a NetworkCard object, whose constructor in network.inc calls exec with unsanitized input. An authenticated attacker can exploit this to execute arbitrary commands as the...

CVE-2013-10052

CVE-2013-10052 concerns ZPanel’s zsudo helper. A misconfiguration in /etc/sudoers lets low-privilege users run arbitrary commands as root, enabling local privilege escalation by writing a payload to a writable dir and executing it via zsudo. Documented impact includes post-exploitation scenarios ...

CVE-2025-27021

The misconfiguration in the sudoers configuration of the operating system in Infinera G42 version R6.1.3 allows low privileged OS users to read/write physical memory via devmem command line tool. This could allow sensitive information disclosure, denial of service, and privilege escalation by...

CVE-2025-27021

The misconfiguration in the sudoers configuration of the operating system in Infinera G42 version R6.1.3 allows low privileged OS users to read/write physical memory via devmem command line tool. This could allow sensitive information disclosure, denial of service, and privilege escalation by...

CVE-2025-27021

The CVE-2025-27021 entry affects Infinera G42 (version R6.1.3) due to a misconfiguration in sudoers that lets low-privileged OS users run devmem as superuser, enabling read/write access to arbitrary physical memory. This can lead to information disclosure, DoS, and privilege escalation by tamperi...

openstack/kolla: sudo privilege escalation vulnerability

A privilege escalation vulnerability exists in the sudo functionality of OpenStack Kolla. A misconfiguration in /etc/sudoers within a container can lead to increased privileges...

openstack/kolla: sudo privilege escalation vulnerability

A privilege escalation vulnerability exists in the sudo functionality of OpenStack Kolla. A misconfiguration in /etc/sudoers within a container can lead to increased privileges...

SUSE CVE-2022-38060

A privilege escalation vulnerability exists in the sudo functionality of OpenStack Kolla git master 05194e7618. A misconfiguration in /etc/sudoers within a container can lead to increased privileges...

PT-2022-24179 · Openstack · Openstack Kolla

Name of the Vulnerable Software and Affected Versions: OpenStack Kolla git master 05194e7618 Description: A privilege escalation issue exists in the sudo functionality. A misconfiguration in /etc/sudoers within a container can lead to increased privileges. Recommendations: For OpenStack Kolla git...