Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sudo vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2022-2104
The www-data (Apache web server) account is configured to run sudo with no password for many commands (including /bin/sh and /bin/bash).
Secheron Sepcos Control And Protection Relay Firmware
4.3
CVSSv2
CVE-2022-33070
Protobuf-c v1.4.0 exists to contain an invalid arithmetic shift via the function parse_tag_and_wiretype in protobuf-c/protobuf-c.c. This vulnerability allows malicious users to cause a Denial of Service (DoS) via unspecified vectors.
Protobuf-c Project Protobuf-c 1.4.0
Fedoraproject Fedora 36
7.2
CVSSv2
CVE-2022-31214
A Privilege Context Switching issue exists in join.c in Firejail 0.9.68. By crafting a bogus Firejail container that is accepted by the Firejail setuid-root program as a join target, a local attacker can enter an environment in which the Linux user namespace is still the initial ...
Firejail Project Firejail 0.9.68
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
Debian Debian Linux 9.0
Debian Debian Linux 10.0
9
CVSSv2
CVE-2019-9971
PhoneSystem Terminal in 3CX Phone System (Debian based installation) 16.0.0.1570 allows an malicious user to gain root privileges by using sudo with the tcpdump command, without a password. This occurs because the -z (aka postrotate-command) option to tcpdump can be unsafe when u...
3cx Phone System Firmware 16.0.0.1570
Debian Debian Linux -
7.2
CVSSv2
CVE-2022-1356
cnMaestro is vulnerable to a local privilege escalation. By default, a user does not have root privileges. However, a user can run scripts as sudo, which could allow an malicious user to gain root privileges when running user scripts outside allowed commands.
Cambiumnetworks Cnmaestro 2.4.2
Cambiumnetworks Cnmaestro 3.0.0
Cambiumnetworks Cnmaestro 3.0.3
6.9
CVSSv2
CVE-2022-29527
Amazon AWS amazon-ssm-agent prior to 3.1.1208.0 creates a world-writable sudoers file, which allows local malicious users to inject Sudo rules and escalate privileges to root. This occurs in certain situations involving a race condition.
Amazon Amazon Ssm Agent
9
CVSSv2
CVE-2021-44981
In QuickBox Pro v2.5.8 and below, the config.php file has a variable which takes a GET parameter value and parses it into a shell_exec(''); function without properly sanitizing any shell arguments, therefore remote code execution is possible. Additionally, as the media ...
Quickbox Quickbox
9.3
CVSSv2
CVE-2021-3621
A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an malicious user to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root ...
Fedoraproject Sssd 2.6.0
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 6.0
Redhat Virtualization Host 4.0
Redhat Virtualization 4.0
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux Eus 8.1
Redhat Enterprise Linux Eus 8.2
Redhat Enterprise Linux Server Tus 8.2
Redhat Enterprise Linux Server Aus 8.2
Redhat Enterprise Linux Server Tus 8.4
Redhat Enterprise Linux Server Aus 8.4
Fedoraproject Fedora 34
9.3
CVSSv2
CVE-2021-44228
Apache Log4j2 2.0-beta9 up to and including 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can contr...
Apache Log4j 2.0
Apache Log4j
Siemens Sppa-t3000 Ses3000 Firmware
Siemens Logo\\! Soft Comfort
Siemens Spectrum Power 4 4.70
Siemens Spectrum Power 4
Siemens Siveillance Control Pro
Siemens Energyip Prepay 3.7
Siemens Energyip Prepay 3.8
Siemens Siveillance Identity 1.6
Siemens Siveillance Identity 1.5
Siemens Siveillance Command
Siemens Sipass Integrated 2.85
Siemens Sipass Integrated 2.80
Siemens Head-end System Universal Device Integration System
Siemens Gma-manager
Siemens Energyip 8.5
Siemens Energyip 8.6
Siemens Energyip 8.7
Siemens Energyip 9.0
Siemens Energy Engage 3.1
Siemens E-car Operation Center
2 Metasploit modules
1181 Github repositories
28 Articles
7.2
CVSSv2
CVE-2021-41021
A privilege escalation vulnerability in FortiNAC versions 8.8.8 and below and 9.1.2 and below may allow an admin user to escalate the privileges to root via the sudo command.
Fortinet Fortinac 9.1.2
Fortinet Fortinac 9.1.1
Fortinet Fortinac 9.1.0
Fortinet Fortinac 8.8.8
Fortinet Fortinac 8.8.7
Fortinet Fortinac 8.8.6
Fortinet Fortinac 8.8.5
Fortinet Fortinac 8.8.4
Fortinet Fortinac 8.8.3
Fortinet Fortinac 8.8.0
Fortinet Fortinac 8.8.1
Fortinet Fortinac 8.8.2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »