Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sudo vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-29967
In Brocade SANnav before Brocade SANnav v2.31 and v2.3.0a, it was observed that Docker instances inside the appliance have insecure mount points, allowing reading and writing access to sensitive files. The vulnerability could allow a sudo privileged user on the host OS to read an...
NA
CVE-2024-29964
Docker instances in Brocade SANnav before v2.3.1 and v2.3.0a have an insecure architecture and configuration that leads to multiple vulnerabilities. Docker daemons are exposed to the WAN interface, and other vulnerabilities allow total control over the Ova appliance. A Docker ins...
NA
CVE-2024-26853
In the Linux kernel, the following vulnerability has been resolved: igc: avoid returning frame twice in XDP_REDIRECT When a frame can not be transmitted in XDP_REDIRECT (e.g. due to a full queue), it is necessary to free it by calling xdp_return_frame_rx_napi. However, this is th...
NA
CVE-2099-9999
spec-version v0.4.0 app-sploit: An example app follows sploit-spec Just an example, do not import code under example folder Usage ❯ ./appsploit_linux_amd64 NAME: appsploit - An example sploit tool follows sploit-spec USAGE: appsploit [global op...
1 Github repository
NA
CVE-2024-28085
wall in util-linux up to and including 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are n...
1 Github repository
1 Article
NA
CVE_2022_21882
OSEP-Notes Initial Access HTA Fileless Initial Access Reverse Shell (AppLocker + CLM + Defender Bypass) Scenario: You can make a user execute your malicious HTA files, but AppLocker, CLM, and Defender block all payloads. To get a fileless reverse shell, one method that worked for...
1 Github repository
NA
CVE-2024-24821
Composer is a dependency Manager for the PHP language. In affected versions several files within the local working directory are included during the invocation of Composer and in the context of the executing user. As such, under certain conditions arbitrary code execution may lea...
Getcomposer Composer
NA
CVE-2023-44120
A vulnerability has been identified in Spectrum Power 7 (All versions < V23Q4). The affected product's sudo configuration permits the local administrative account to execute several entries as root user. This could allow an authenticated local malicious user to inject arb...
Siemens Spectrum Power 7
NA
CVE-2023-7090
A flaw was found in sudo in the handling of ipa_hostname, where ipa_hostname from /etc/sssd/sssd.conf was not propagated in sudo. Therefore, it leads to privilege mismanagement vulnerability in applications, where client hosts retain privileges even after retracting them.
Sudo Project Sudo
NA
CVE-2023-42465
Sudo prior to 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because the values do not resist flips of a single bit.
Sudo Project Sudo
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924
CVE-2024-3400
overflow
CVE-2024-23528
CVE-2024-21338
CVE-2024-3818
CVE-2024-23535
NULL pointer dereference
elevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »