Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sudo project sudo vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-31456
GLPI is a Free Asset and IT Management Software package. before 10.0.15, an authenticated user can exploit a SQL injection vulnerability from map search. This vulnerability is fixed in 10.0.15.
2 Github repositories
NA
CVE-2024-29889
GLPI is a Free Asset and IT Management Software package. before 10.0.15, an authenticated user can exploit a SQL injection vulnerability in the saved searches feature to alter another user account data take control of it. This vulnerability is fixed in 10.0.15.
2 Github repositories
NA
CVE-2024-24821
Composer is a dependency Manager for the PHP language. In affected versions several files within the local working directory are included during the invocation of Composer and in the context of the executing user. As such, under certain conditions arbitrary code execution may lea...
Getcomposer Composer
NA
CVE-2023-7090
A flaw was found in sudo in the handling of ipa_hostname, where ipa_hostname from /etc/sssd/sssd.conf was not propagated in sudo. Therefore, it leads to privilege mismanagement vulnerability in applications, where client hosts retain privileges even after retracting them.
Sudo Project Sudo
NA
CVE-2023-42465
Sudo prior to 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because the values do not resist flips of a single bit.
Sudo Project Sudo
NA
CVE-2023-6019
A command injection existed in Ray's cpu_profile URL parameter allowing malicious users to execute os commands on the system running the ray dashboard remotely without authentication. The issue is fixed in version 2.8.1+. Ray maintainers' response can be found here: htt...
Ray Project Ray -
4 Github repositories
2 Articles
NA
CVE-2023-28486
Sudo prior to 1.9.13 does not escape control characters in log messages.
Sudo Project Sudo
Netapp Active Iq Unified Manager -
NA
CVE-2023-28487
Sudo prior to 1.9.13 does not escape control characters in sudoreplay output.
Sudo Project Sudo
Netapp Active Iq Unified Manager -
NA
CVE-2023-26604
systemd prior to 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers files in which the "systemctl status" command may be executed. Specifically, systemd does not set LESSSECURE to 1, and thus other programs may...
Systemd Project Systemd
6 Github repositories
NA
CVE-2023-27320
Sudo prior to 1.9.13p2 has a double free in the per-command chroot feature.
Sudo Project Sudo 1.9.13
Sudo Project Sudo
Fedoraproject Fedora 36
Fedoraproject Fedora 37
Fedoraproject Fedora 38
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21991
CVE-2024-32674
path traversal
CVE-2023-21987
denial of service
dos
CVE-2024-4647
CVE-2024-25519
CVE-2024-33612
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »