Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sudo vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv2
CVE-2020-25859
The QCMAP_CLI utility in the Qualcomm QCMAP software suite prior to versions released in October 2020 uses a system() call without validating the input, while handling a SetGatewayUrl() request. A local attacker with shell access can pass shell metacharacters and run arbitrary co...
Qualcomm Qcmap -
4.4
CVSSv2
CVE-2020-14342
It was found that cifs-utils' mount.cifs was invoking a shell when requesting the Samba password, which could be used to inject arbitrary commands. An attacker able to invoke mount.cifs with special permission, such as via sudo rules, could use this flaw to escalate their pr...
Samba Cifs-utils
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Opensuse Leap 15.1
7.2
CVSSv2
CVE-2020-14162
An issue exists in Pi-Hole up to and including 5.0. The local www-data user has sudo privileges to execute the pihole core script as root without a password, which could allow an malicious user to obtain root access via shell metacharacters to this script's setdns command.
Pi-hole Pi-hole
5.8
CVSSv2
CVE-2020-10286
the main user account has restricted privileges but is in the sudoers group and there is not any mechanism in place to prevent sudo su or sudo -i to be run gaining unrestricted access to sensible files, encryption, or issue orders that disrupt robot operation.
Ufactory Xarm 5 Lite Firmware
Ufactory Xarm 6 Firmware -
Ufactory Xarm 7 Firmware -
4.6
CVSSv2
CVE-2020-10277
There is no mechanism in place to prevent a bad operator to boot from a live OS image, this can lead to extraction of sensible files (such as the shadow file) or privilege escalation by manually adding a new user with sudo privileges on the machine.
Mobile-industrial-robots Mir100 Firmware
Mobile-industrial-robots Mir200 Firmware -
Mobile-industrial-robots Mir250 Firmware -
Mobile-industrial-robots Mir500 Firmware -
Mobile-industrial-robots Mir1000 Firmware -
Easyrobotics Er200 Firmware -
Easyrobotics Er-lite Firmware -
Easyrobotics Er-flex Firmware -
Easyrobotics Er-one Firmware -
Uvd-robots Uvd Firmware -
6.9
CVSSv2
CVE-2020-12850
The following vulnerability applies only to the Pydio Cells Enterprise OVF version 2.0.4. Prior versions of the Pydio Cells Enterprise OVF (such as version 2.0.3) have a looser policy restriction allowing the “pydio” user to execute any privileged command using sudo. ...
Pydio Cells 2.0.4
9
CVSSv2
CVE-2020-13695
In QuickBox Community Edition up to and including 2.5.5 and Pro Edition up to and including 2.1.8, the local www-data user has sudo privileges to execute grep as root without a password, which allows an malicious user to obtain sensitive information via a grep of a /root/*.db or ...
Quickbox Quickbox
9
CVSSv2
CVE-2020-13694
In QuickBox Community Edition up to and including 2.5.5 and Pro Edition up to and including 2.1.8, the local www-data user can execute sudo mysql without a password, which means that the www-data user can execute arbitrary OS commands via the mysql -e option.
Quickbox Quickbox
6.8
CVSSv2
CVE-2020-11069
In TYPO3 CMS 9.0.0 up to and including 9.5.16 and 10.0.0 up to and including 10.4.1, it has been discovered that the backend user interface and install tool are vulnerable to a same-site request forgery. A backend user can be tricked into interacting with a malicious resource an ...
Typo3 Typo3
1 Github repository
9
CVSSv2
CVE-2020-11108
The Gravity updater in Pi-hole up to and including 4.4 allows an authenticated adversary to upload arbitrary files. This can be abused for Remote Code Execution by writing to a PHP file in the web directory. (Also, it can be used in conjunction with the sudo rule for the www-data...
Pi-hole Pi-hole
2 Github repositories
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »