Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sudo vulnerabilities and exploits
(subscribe to this query)
9
CVSSv2
CVE-2020-26548
An issue exists in Aviatrix Controller before R5.4.1290. There is an insecure sudo rule: a user exists that can execute all commands as any user on the system.
Aviatrix Controller 5.3.1516
4.6
CVSSv2
CVE-2020-16125
gdm3 versions prior to 3.36.2 or 3.38.2 would start gnome-initial-setup if gdm3 can't contact the accountservice service via dbus in a timely manner; on Ubuntu (and potentially derivatives) this could be be chained with an additional issue that could allow a local user to cr...
Gnome Gnome Display Manager
1 Github repository
7.2
CVSSv2
CVE-2020-24848
FruityWifi up to and including 2.4 has an unsafe Sudo configuration [(ALL : ALL) NOPASSWD: ALL]. This allows an malicious user to perform a system-level (root) local privilege escalation, allowing an malicious user to gain complete persistent access to the local system.
Fruitywifi Project Fruitywifi
7.2
CVSSv2
CVE-2020-25859
The QCMAP_CLI utility in the Qualcomm QCMAP software suite prior to versions released in October 2020 uses a system() call without validating the input, while handling a SetGatewayUrl() request. A local attacker with shell access can pass shell metacharacters and run arbitrary co...
Qualcomm Qcmap -
4.4
CVSSv2
CVE-2020-14342
It was found that cifs-utils' mount.cifs was invoking a shell when requesting the Samba password, which could be used to inject arbitrary commands. An attacker able to invoke mount.cifs with special permission, such as via sudo rules, could use this flaw to escalate their pr...
Samba Cifs-utils
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Opensuse Leap 15.1
7.2
CVSSv2
CVE-2020-14162
An issue exists in Pi-Hole up to and including 5.0. The local www-data user has sudo privileges to execute the pihole core script as root without a password, which could allow an malicious user to obtain root access via shell metacharacters to this script's setdns command.
Pi-hole Pi-hole
5.8
CVSSv2
CVE-2020-10286
the main user account has restricted privileges but is in the sudoers group and there is not any mechanism in place to prevent sudo su or sudo -i to be run gaining unrestricted access to sensible files, encryption, or issue orders that disrupt robot operation.
Ufactory Xarm 5 Lite Firmware
Ufactory Xarm 6 Firmware -
Ufactory Xarm 7 Firmware -
4.6
CVSSv2
CVE-2020-10277
There is no mechanism in place to prevent a bad operator to boot from a live OS image, this can lead to extraction of sensible files (such as the shadow file) or privilege escalation by manually adding a new user with sudo privileges on the machine.
Mobile-industrial-robots Mir100 Firmware
Mobile-industrial-robots Mir200 Firmware -
Mobile-industrial-robots Mir250 Firmware -
Mobile-industrial-robots Mir500 Firmware -
Mobile-industrial-robots Mir1000 Firmware -
Easyrobotics Er200 Firmware -
Easyrobotics Er-lite Firmware -
Easyrobotics Er-flex Firmware -
Easyrobotics Er-one Firmware -
Uvd-robots Uvd Firmware -
6.9
CVSSv2
CVE-2020-12850
The following vulnerability applies only to the Pydio Cells Enterprise OVF version 2.0.4. Prior versions of the Pydio Cells Enterprise OVF (such as version 2.0.3) have a looser policy restriction allowing the “pydio” user to execute any privileged command using sudo. ...
Pydio Cells 2.0.4
9
CVSSv2
CVE-2020-13695
In QuickBox Community Edition up to and including 2.5.5 and Pro Edition up to and including 2.1.8, the local www-data user has sudo privileges to execute grep as root without a password, which allows an malicious user to obtain sensitive information via a grep of a /root/*.db or ...
Quickbox Quickbox
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserialization
CVE-2024-4541
CVE-2024-3080
CVE-2024-4787
log injection
CVE-2024-5967
inject
CVE-2024-30078
CVE-2024-5899
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »