Aruba AirWave Web-Based Management Interface Stored Cross Site Scripting (XSS) Vulnerability (CVE-2021- 37715)

Earlier this year, Qualys discovered a heap-based buffer overflow in Sudo, named ‘Baron Samedit’ (CVE-2021-3156). Baron Samedit A vulnerability in the command line parameter parsing code of Sudo could allow an attacker with access to Sudo to execute commands or binaries with root privileges. Baron Samedit is exploitable by any local user (normal users and … Continue reading “Aruba AirWave Web-Based Management Interface Stored Cross Site Scripting (XSS) Vulnerability (CVE-2021- 37715)”

PWFeedback Buffer Overflow Vulnerability in Sudo (CVE-2019-18634)

Summary: ‘sudo’ utility allows non-privileged Linux and macOS users to run commands as Root was discovered in recent days, tracked as CVE-2019-18634. Description: A core command utility that is pre-installed on macOS and almost every UNIX or Linux-based operating system, well-known as “Sudo” Sudo’s pwfeedback option can be used to provide visual feedback when the … Continue reading “PWFeedback Buffer Overflow Vulnerability in Sudo (CVE-2019-18634)”

SUDO Security Policy Bypass Vulnerability

Sudo is one of the most important and widely used core command that allows a permitted user to execute a command as the superuser or with other user privileges. It is basically used to allow unprivileged users to execute commands as root. Summary: The vulnerability found in sudo security policy bypass issue that could allow … Continue reading “SUDO Security Policy Bypass Vulnerability”