Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sudo project vulnerabilities and exploits
(subscribe to this query)
7.1
CVSSv3
CVE-2022-43995
Sudo 1.8.0 up to and including 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password...
Sudo Project Sudo 1.9.12
Sudo Project Sudo
5.5
CVSSv3
CVE-2022-33070
Protobuf-c v1.4.0 exists to contain an invalid arithmetic shift via the function parse_tag_and_wiretype in protobuf-c/protobuf-c.c. This vulnerability allows malicious users to cause a Denial of Service (DoS) via unspecified vectors.
Protobuf-c Project Protobuf-c 1.4.0
Fedoraproject Fedora 36
7.8
CVSSv3
CVE-2022-31214
A Privilege Context Switching issue exists in join.c in Firejail 0.9.68. By crafting a bogus Firejail container that is accepted by the Firejail setuid-root program as a join target, a local attacker can enter an environment in which the Linux user namespace is still the initial ...
Firejail Project Firejail 0.9.68
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
Debian Debian Linux 9.0
Debian Debian Linux 10.0
8.8
CVSSv3
CVE-2021-40348
Spacewalk 2.10, and derivatives such as Uyuni 2021.08, allows code injection. rhn-config-satellite.pl doesn't sanitize the configuration filename used to append Spacewalk-specific key-value pair. The script is intended to be run by the tomcat user account with Sudo, accordin...
Uyuni-project Uyuni 2021.08
Spacewalk Project Spacewalk 2.10
7.8
CVSSv3
CVE-2021-31154
pleaseedit in please prior to 0.4 uses predictable temporary filenames in /tmp and the target directory. This allows a local malicious user to gain full root privileges by staging a symlink attack.
Pleaseedit Project Pleaseedit
3.3
CVSSv3
CVE-2021-31153
please prior to 0.4 allows a local unprivileged malicious user to gain knowledge about the existence of files or directories in privileged locations via the search_path function, the --check option, or the -d option.
Please Project Please
7.8
CVSSv3
CVE-2021-31155
Failure to normalize the umask in please prior to 0.4 allows a local malicious user to gain full root privileges if they are allowed to execute at least one command.
Umask Project Umask
7.8
CVSSv3
CVE-2021-3156
Sudo prior to 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
Sudo Project Sudo 1.9.5
Sudo Project Sudo
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Netapp Solidfire -
Netapp Hci Management Node -
Netapp Oncommand Unified Manager Core Package -
Mcafee Web Gateway 8.2.17
Mcafee Web Gateway 9.2.8
Mcafee Web Gateway 10.0.4
Synology Diskstation Manager 6.2
Synology Diskstation Manager Unified Controller 3.0
Synology Skynas Firmware -
Synology Vs960hd Firmware -
Beyondtrust Privilege Management For Mac
Beyondtrust Privilege Management For Unix\\/linux
Oracle Micros Compact Workstation 3 Firmware 310
Oracle Micros Es400 Firmware
Oracle Micros Kitchen Display System Firmware 210
Oracle Micros Workstation 5a Firmware 5a
143 Github repositories
1 Article
2.5
CVSSv3
CVE-2021-23239
The sudoedit personality of Sudo prior to 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path.
Sudo Project Sudo
Netapp Cloud Backup -
Netapp Solidfire -
Netapp Hci Management Node -
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Debian Debian Linux 10.0
7.8
CVSSv3
CVE-2021-23240
selinux_edit_copy_tfiles in sudoedit in Sudo prior to 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary file target. This affects SELinux RBAC support in permissive mode. Machines wit...
Sudo Project Sudo
Netapp Solidfire -
Netapp Hci Management Node -
Fedoraproject Fedora 32
Fedoraproject Fedora 33
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »