*cpe:2.3:a:sudo_project:sudo:1.9. The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudoedit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path. ![]() Initial Analysis by NIST 1:26:49 PM Action Hitachi Energy recommends updating the affected devices to the following versions: TXpert Hub CoreTec 4 version 2.3.0. *cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* versions up to (excluding) 13.4 Hitachi Energy reported this vulnerability to CISA. Modified Analysis by NIST 2:32:56 PM Action We have already fixed this vulnerability in the following versions of QuTS hero, QTS: QuTS hero h5. If exploited, this vulnerability allows remote attackers to inject malicious code. Please address comments about this page to Party Advisory VDB EntryĮxploit Mailing List Third Party AdvisoryĮxploit Mitigation Technical Description Third Party Advisory A vulnerability has been reported to affect QNAP device running QuTS hero, QTS. Further, NIST does notĮndorse any commercial products that may be mentioned on Name Description CVE-2023-42456 Sudo-rs, a memory safe implementation of sudo and su, allows users to not have to enter authentication at every sudo attempt, but instead only requiring authentication every once in a while in every terminal or process group. ![]() Not necessarily endorse the views expressed, or concur with There are 177 CVE Records that match your search. Sites that are more appropriate for your purpose. Mitigation Add the affected environment variables to the envdelete deny list when using sudoedit. This vulnerability may lead to privilege escalation by editing unauthorized files. ![]() Inferences should be drawn on account of other sites being Synacktiv discovered a sudoers policy bypass in Sudo version 1.9.12p1 when using sudoedit. May have information that would be of interest to you. We have provided these links to other web sites because they Security Bulletin: AIX is vulnerable to a privilege escalation vulnerability (CVE-2022-34356). References to Advisories, Solutions, and Toolsīy selecting these links, you will be leaving NIST webspace. In Jan 2022, Reginaldo Silva, a Redis maintainer, uncovered a vulnerability in Redis dobbed Lua Sandbox Escape vulnerability that allows remote attackerswith the ability to execute Lua scripts to escape the Lua sandbox and execute arbitrary code on the host. Qualys research team reported that they have succeeded in obtaining complete root privileges by exploiting the vulnerability on Ubuntu 20.04 (Sudo 1.8.31), Debian 10 (Sudo 1.8.27), and Fedora 33. UPDATED Oct 10 (Added iFixes with the correct prereqs for VIOS 3.1.2.30 and 3.1.2.40): A vulnerability in the AIX kernel could allow a non-privileged local user to obtain root privileges (CVE-2022-34356).
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |