Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sudo project sudo vulnerabilities and exploits
(subscribe to this query)
5.5
CVSSv3
CVE-2022-33070
Protobuf-c v1.4.0 exists to contain an invalid arithmetic shift via the function parse_tag_and_wiretype in protobuf-c/protobuf-c.c. This vulnerability allows malicious users to cause a Denial of Service (DoS) via unspecified vectors.
Protobuf-c Project Protobuf-c 1.4.0
Fedoraproject Fedora 36
7.8
CVSSv3
CVE-2022-31214
A Privilege Context Switching issue exists in join.c in Firejail 0.9.68. By crafting a bogus Firejail container that is accepted by the Firejail setuid-root program as a join target, a local attacker can enter an environment in which the Linux user namespace is still the initial ...
Firejail Project Firejail 0.9.68
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
Debian Debian Linux 9.0
Debian Debian Linux 10.0
10
CVSSv3
CVE-2021-44228
Apache Log4j2 2.0-beta9 up to and including 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can contr...
Apache Log4j 2.0
Apache Log4j
Siemens Sppa-t3000 Ses3000 Firmware
Siemens Logo\\! Soft Comfort
Siemens Spectrum Power 4 4.70
Siemens Spectrum Power 4
Siemens Siveillance Control Pro
Siemens Energyip Prepay 3.7
Siemens Energyip Prepay 3.8
Siemens Siveillance Identity 1.6
Siemens Siveillance Identity 1.5
Siemens Siveillance Command
Siemens Sipass Integrated 2.85
Siemens Sipass Integrated 2.80
Siemens Head-end System Universal Device Integration System
Siemens Gma-manager
Siemens Energyip 8.5
Siemens Energyip 8.6
Siemens Energyip 8.7
Siemens Energyip 9.0
Siemens Energy Engage 3.1
Siemens E-car Operation Center
2 Metasploit modules
1156 Github repositories
28 Articles
8.8
CVSSv3
CVE-2021-40348
Spacewalk 2.10, and derivatives such as Uyuni 2021.08, allows code injection. rhn-config-satellite.pl doesn't sanitize the configuration filename used to append Spacewalk-specific key-value pair. The script is intended to be run by the tomcat user account with Sudo, accordin...
Uyuni-project Uyuni 2021.08
Spacewalk Project Spacewalk 2.10
3.3
CVSSv3
CVE-2021-31153
please prior to 0.4 allows a local unprivileged malicious user to gain knowledge about the existence of files or directories in privileged locations via the search_path function, the --check option, or the -d option.
Please Project Please
7.8
CVSSv3
CVE-2021-31155
Failure to normalize the umask in please prior to 0.4 allows a local malicious user to gain full root privileges if they are allowed to execute at least one command.
Umask Project Umask
7.8
CVSSv3
CVE-2021-31154
pleaseedit in please prior to 0.4 uses predictable temporary filenames in /tmp and the target directory. This allows a local malicious user to gain full root privileges by staging a symlink attack.
Pleaseedit Project Pleaseedit
7.8
CVSSv3
CVE-2021-3156
Sudo prior to 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
Sudo Project Sudo 1.9.5
Sudo Project Sudo
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Netapp Solidfire -
Netapp Hci Management Node -
Netapp Oncommand Unified Manager Core Package -
Mcafee Web Gateway 8.2.17
Mcafee Web Gateway 9.2.8
Mcafee Web Gateway 10.0.4
Synology Diskstation Manager 6.2
Synology Diskstation Manager Unified Controller 3.0
Synology Skynas Firmware -
Synology Vs960hd Firmware -
Beyondtrust Privilege Management For Mac
Beyondtrust Privilege Management For Unix\\/linux
Oracle Micros Compact Workstation 3 Firmware 310
Oracle Micros Es400 Firmware
Oracle Micros Kitchen Display System Firmware 210
Oracle Micros Workstation 5a Firmware 5a
142 Github repositories
1 Article
2.5
CVSSv3
CVE-2021-23239
The sudoedit personality of Sudo prior to 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path.
Sudo Project Sudo
Netapp Cloud Backup -
Netapp Solidfire -
Netapp Hci Management Node -
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Debian Debian Linux 10.0
7.8
CVSSv3
CVE-2021-23240
selinux_edit_copy_tfiles in sudoedit in Sudo prior to 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary file target. This affects SELinux RBAC support in permissive mode. Machines wit...
Sudo Project Sudo
Netapp Solidfire -
Netapp Hci Management Node -
Fedoraproject Fedora 32
Fedoraproject Fedora 33
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21991
CVE-2024-32674
path traversal
CVE-2023-21987
denial of service
dos
CVE-2024-4647
CVE-2024-25519
CVE-2024-33612
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »