Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sudo project sudo vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-6019
A command injection existed in Ray's cpu_profile URL parameter allowing malicious users to execute os commands on the system running the ray dashboard remotely without authentication. The issue is fixed in version 2.8.1+. Ray maintainers' response can be found here: htt...
Ray Project Ray -
4 Github repositories
2 Articles
8.8
CVSSv3
CVE-2023-7090
A flaw was found in sudo in the handling of ipa_hostname, where ipa_hostname from /etc/sssd/sssd.conf was not propagated in sudo. Therefore, it leads to privilege mismanagement vulnerability in applications, where client hosts retain privileges even after retracting them.
Sudo Project Sudo
8.8
CVSSv3
CVE-2021-40348
Spacewalk 2.10, and derivatives such as Uyuni 2021.08, allows code injection. rhn-config-satellite.pl doesn't sanitize the configuration filename used to append Spacewalk-specific key-value pair. The script is intended to be run by the tomcat user account with Sudo, accordin...
Uyuni-project Uyuni 2021.08
Spacewalk Project Spacewalk 2.10
8.8
CVSSv3
CVE-2019-14287
In Sudo prior to 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER=...
Sudo Project Sudo
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Opensuse Leap 15.0
Opensuse Leap 15.1
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.04
Canonical Ubuntu Linux 14.04
Netapp Element Software Management Node -
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Server 5.0
Redhat Enterprise Linux Server Aus 7.2
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux Server Tus 7.2
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux Server Aus 6.6
58 Github repositories
1 Article
8.2
CVSSv3
CVE-2017-1000368
Todd Miller's sudo version 1.8.20p1 and previous versions is vulnerable to an input validation (embedded newlines) in the get_process_ttyname() function resulting in information disclosure and command execution.
Sudo Project Sudo 1.8.20
Sudo Project Sudo
2 Github repositories
7.8
CVSSv3
CVE-2024-24821
Composer is a dependency Manager for the PHP language. In affected versions several files within the local working directory are included during the invocation of Composer and in the context of the executing user. As such, under certain conditions arbitrary code execution may lea...
Getcomposer Composer
7.8
CVSSv3
CVE-2023-26604
systemd prior to 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers files in which the "systemctl status" command may be executed. Specifically, systemd does not set LESSSECURE to 1, and thus other programs may...
Systemd Project Systemd
5 Github repositories
7.8
CVSSv3
CVE-2023-22809
In Sudo prior to 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local malicious user to append arbitrary entries to the list of files to process. This can lead to p...
Sudo Project Sudo 1.9.12
Sudo Project Sudo
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Fedoraproject Fedora 36
Fedoraproject Fedora 37
Apple Macos
11 Github repositories
7.8
CVSSv3
CVE-2022-31214
A Privilege Context Switching issue exists in join.c in Firejail 0.9.68. By crafting a bogus Firejail container that is accepted by the Firejail setuid-root program as a join target, a local attacker can enter an environment in which the Linux user namespace is still the initial ...
Firejail Project Firejail 0.9.68
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
Debian Debian Linux 9.0
Debian Debian Linux 10.0
7.8
CVSSv3
CVE-2021-31154
pleaseedit in please prior to 0.4 uses predictable temporary filenames in /tmp and the target directory. This allows a local malicious user to gain full root privileges by staging a symlink attack.
Pleaseedit Project Pleaseedit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
CVE-2006-4304
wireless
CVE-2023-23022
local file inclusion
CVE-2024-27058
CVE-2024-33820
open redirect
CVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »