Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sudo vulnerabilities and exploits
(subscribe to this query)
9
CVSSv2
CVE-2020-13694
In QuickBox Community Edition up to and including 2.5.5 and Pro Edition up to and including 2.1.8, the local www-data user can execute sudo mysql without a password, which means that the www-data user can execute arbitrary OS commands via the mysql -e option.
Quickbox Quickbox
6.8
CVSSv2
CVE-2020-11069
In TYPO3 CMS 9.0.0 up to and including 9.5.16 and 10.0.0 up to and including 10.4.1, it has been discovered that the backend user interface and install tool are vulnerable to a same-site request forgery. A backend user can be tricked into interacting with a malicious resource an ...
Typo3 Typo3
1 Github repository
9
CVSSv2
CVE-2020-11108
The Gravity updater in Pi-hole up to and including 4.4 allows an authenticated adversary to upload arbitrary files. This can be abused for Remote Code Execution by writing to a PHP file in the web directory. (Also, it can be used in conjunction with the sudo rule for the www-data...
Pi-hole Pi-hole
2 Github repositories
7.2
CVSSv2
CVE-2020-10588
v2rayL 2.1.3 allows local users to achieve root access because /etc/v2rayL/add.sh and /etc/v2rayL/remove.sh are owned by a low-privileged user but execute as root via Sudo.
V2rayl Project V2rayl 2.1.3
7.2
CVSSv2
CVE-2020-10589
v2rayL 2.1.3 allows local users to achieve root access because /etc/v2rayL/config.json is owned by a low-privileged user but contains commands that are executed as root, after v2rayL.service is restarted via Sudo.
V2rayl Project V2rayl 2.1.3
7.2
CVSSv2
CVE-2020-10587
antiX and MX Linux allow local users to achieve root access via "persist-config --command /bin/sh" because of the Sudo configuration.
Antixlinux Antix Linux -
Mxlinux Mx Linux -
4.6
CVSSv2
CVE-2020-7254
Privilege Escalation vulnerability in the command line interface in McAfee Advanced Threat Defense (ATD) 4.x before 4.8.2 allows local users to execute arbitrary code via improper access controls on the sudo command.
Mcafee Advanced Threat Defense
9.3
CVSSv2
CVE-2020-10255
Modern DRAM chips (DDR4 and LPDDR4 after 2015) are affected by a vulnerability in deployment of internal mitigations against RowHammer attacks known as Target Row Refresh (TRR), aka the TRRespass issue. To exploit this vulnerability, the attacker needs to create certain access pa...
Samsung Lpddr4 -
Samsung Ddr4 -
Micron Lpddr4 -
Micron Ddr4 Sdram -
Skhynix Lpddr4 -
Skhynix Ddr4 Sdram -
8.8
CVSSv2
CVE-2020-3158
A vulnerability in the High Availability (HA) service of Cisco Smart Software Manager On-Prem could allow an unauthenticated, remote malicious user to access a sensitive part of the system with a high-privileged account. The vulnerability is due to a system account that has a def...
Cisco Smart Software Manager On-prem
1 Article
7.2
CVSSv2
CVE-2020-7954
An issue exists in OpServices OpMon 9.3.2. Starting from the apache user account, it is possible to perform privilege escalation through the lack of correct configuration in the server's sudoers file, which by default allows the execution of programs (e.g. nmap) without the ...
Opservices Opmon 9.3.2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserialization
CVE-2024-4541
CVE-2024-3080
CVE-2024-4787
log injection
CVE-2024-5967
inject
CVE-2024-30078
CVE-2024-5899
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »