Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sudo project sudo vulnerabilities and exploits
(subscribe to this query)
641
VMScore
CVE-2020-10588
v2rayL 2.1.3 allows local users to achieve root access because /etc/v2rayL/add.sh and /etc/v2rayL/remove.sh are owned by a low-privileged user but execute as root via Sudo.
V2rayl Project V2rayl 2.1.3
641
VMScore
CVE-2020-24848
FruityWifi up to and including 2.4 has an unsafe Sudo configuration [(ALL : ALL) NOPASSWD: ALL]. This allows an malicious user to perform a system-level (root) local privilege escalation, allowing an malicious user to gain complete persistent access to the local system.
Fruitywifi Project Fruitywifi
641
VMScore
CVE-2020-10589
v2rayL 2.1.3 allows local users to achieve root access because /etc/v2rayL/config.json is owned by a low-privileged user but contains commands that are executed as root, after v2rayL.service is restarted via Sudo.
V2rayl Project V2rayl 2.1.3
828
VMScore
CVE-2021-40348
Spacewalk 2.10, and derivatives such as Uyuni 2021.08, allows code injection. rhn-config-satellite.pl doesn't sanitize the configuration filename used to append Spacewalk-specific key-value pair. The script is intended to be run by the tomcat user account with Sudo, accordin...
Uyuni-project Uyuni 2021.08
Spacewalk Project Spacewalk 2.10
409
VMScore
CVE-2014-10070
zsh prior to 5.0.7 allows evaluation of the initial values of integer variables imported from the environment (instead of treating them as literal numbers). That could allow local privilege escalation, under some specific and atypical conditions where zsh is being invoked in priv...
Zsh Project Zsh
NA
CVE-2023-6019
A command injection existed in Ray's cpu_profile URL parameter allowing malicious users to execute os commands on the system running the ray dashboard remotely without authentication. The issue is fixed in version 2.8.1+. Ray maintainers' response can be found here: htt...
Ray Project Ray -
4 Github repositories
2 Articles
552
VMScore
CVE-2012-5536
A certain Red Hat build of the pam_ssh_agent_auth module on Red Hat Enterprise Linux (RHEL) 6 and Fedora Rawhide calls the glibc error function instead of the error function in the OpenSSH codebase, which allows local users to obtain sensitive information from process memory or p...
Redhat Enterprise Linux 6.0
Fedora Project Fedora Release Rawhide -
641
VMScore
CVE-2022-31214
A Privilege Context Switching issue exists in join.c in Firejail 0.9.68. By crafting a bogus Firejail container that is accepted by the Firejail setuid-root program as a join target, a local attacker can enter an environment in which the Linux user namespace is still the initial ...
Firejail Project Firejail 0.9.68
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
Debian Debian Linux 9.0
Debian Debian Linux 10.0
NA
CVE-2024-24821
Composer is a dependency Manager for the PHP language. In affected versions several files within the local working directory are included during the invocation of Composer and in the context of the executing user. As such, under certain conditions arbitrary code execution may lea...
Getcomposer Composer
430
VMScore
CVE-2017-5754
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.
Intel Pentium N N3700
Intel Pentium N N3710
Intel Celeron N N3000
Intel Celeron N N3010
Intel Celeron N N3050
Intel Celeron N N2930
Intel Celeron N N2920
Intel Celeron N N2808
Intel Celeron N N2807
Intel Celeron J J3060
Intel Celeron J J1900
Intel Atom X3 C3295rk
Intel Atom X3 C3235rk
Intel Atom Z Z3775d
Intel Atom Z Z3775
Intel Atom Z Z3736f
Intel Atom Z Z3735g
Intel Atom Z Z3560
Intel Atom Z Z3530
Intel Atom Z Z2480
Intel Atom Z Z2460
Intel Atom C C3308
41 Github repositories
8 Articles
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4654
CVE-2023-49606
encryption
NULL pointer dereference
CVE-2024-4439
CVE-2024-4649
race condition
CVE-2024-27202
CVE-2024-34566
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »