This exploit takes advantage of a vulnerability in sudoedit, part of the sudo package. The sudoedit (aka sudo -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. by appending extra entries on /etc/sudoers allowing for execution of an arbitrary payload with root privileges. Affected versions are 1.8.0 through 1.9.12.p1. However, this module only works against Ubuntu 22.04 and 22.10. This module was tested against sudo 1.9.9-1ubuntu2 on Ubuntu 22.04 and 1.9.11p3-1ubuntu1 on Ubuntu 22.10.
eaefd5435610f2d14b94c9716c1cfacaa1464408e9bb9ca12c02d1fd7cb21f04
Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit (LSB) technique. It is possible to use a more advanced LSB method based on integers sets. The sets (Sieve of Eratosthenes, Fermat, Carmichael numbers, etc.) are used to select the pixels used to hide the information.
edc2f69b5090076c99d276a5968f9dda0e5738f6bf8e34f5233dcb702ff3ac2e
WBiz Desk version 1.2 suffers from a cross site scripting vulnerability.
03550bc7dff882789a12f3a45a3cb2753d944d1b5b3db27c5c98ba0b048195c2
WBiz Desk version 1.2 suffers from a remote SQL injection vulnerability in the idtk parameter. This is a variant finding from the original discovery of SQL injection in this version attributed to h4ck3r in May of 2023.
332b84c29819f7a13b61e09456a833eac210172edb2ce5d235400faeb63c454b
Ubuntu Security Notice 5725-2 - USN-5725-1 fixed a vulnerability in Go. This update provides the corresponding update for Ubuntu 16.04 LTS. Diederik Loerakker, Jonny Rhea, Raúl Kripalani, and Preston Van Loon discovered that Go incorrectly handled certain inputs. An attacker could possibly use this issue to cause Go applications to hang or crash, resulting in a denial of service.
c1d4db4b1676e74edd2489358097ff57f961cfd2a391313d0d5d10f6276a44d2
Ubuntu Security Notice 6073-9 - USN-6073-4 fixed a vulnerability in os-brick. Unfortunately the update introduced a regression with detaching volumes. The security fix has been removed pending further investigation. Jan Wasilewski and Gorka Eguileor discovered that os-brick incorrectly handled deleted volume attachments. An authenticated user or attacker could possibly use this issue to gain access to sensitive information.
c3e79800c65e88375787bc8c21d43489cdf3494607e86a80f463ad61089934e9
Ubuntu Security Notice 6073-6 - USN-6073-1 fixed a vulnerability in Cinder. Unfortunately the update introduced a regression with detaching volumes. The security fix has been removed pending further investigation. Jan Wasilewski and Gorka Eguileor discovered that Cinder incorrectly handled deleted volume attachments. An authenticated user or attacker could possibly use this issue to gain access to sensitive information.
19f3d5cc0abc256c32830b798c25f52e7838aa9e37064dbbba33e911663ef987
Ubuntu Security Notice 6073-7 - USN-6073-2 fixed a vulnerability in Glance_store. Unfortunately the update introduced a regression with detaching volumes. The security fix has been removed pending further investigation. Jan Wasilewski and Gorka Eguileor discovered that Glance_store incorrectly handled deleted volume attachments. An authenticated user or attacker could possibly use this issue to gain access to sensitive information.
b834ec48f0603c52e23711a3f55c34861a12817405ebdb35d51fef68d852f7c7
Ubuntu Security Notice 6073-8 - USN-6073-3 fixed a vulnerability in Nova. Unfortunately the update introduced a regression with detaching volumes. The security fix has been removed pending further investigation. Jan Wasilewski and Gorka Eguileor discovered that Nova incorrectly handled deleted volume attachments. An authenticated user or attacker could possibly use this issue to gain access to sensitive information.
89388e832579c4d8d18a257c9555154e0ac3d938e39d639129a68e677d05317d
Ubuntu Security Notice 6099-1 - It was discovered that ncurses was incorrectly performing bounds checks when processing invalid hashcodes. An attacker could possibly use this issue to cause a denial of service or to expose sensitive information. This issue only affected Ubuntu 18.04 LTS. It was discovered that ncurses was incorrectly handling end-of-string characters when processing terminfo and termcap files. An attacker could possibly use this issue to cause a denial of service or to expose sensitive information. This issue only affected Ubuntu 18.04 LTS.
bd5932f6f83f66022d0f8b28696a79dea826d643696406d830f69821bd9667dd
Debian Linux Security Advisory 5409-1 - Two security issues have been discovered in libssh, a tiny C SSH library.
abd472c8de412391ba5ca0b0eda59e7c54a8498ae86da74d49b8402bb519b8a1
Ubuntu Security Notice 6094-1 - Zheng Wang discovered that the Intel i915 graphics driver in the Linux kernel did not properly handle certain error conditions, leading to a double-free. A local attacker could possibly use this to cause a denial of service. Jordy Zomer and Alexandra Sandulescu discovered that the Linux kernel did not properly implement speculative execution barriers in usercopy functions in certain situations. A local attacker could use this to expose sensitive information.
a3a88d0b843198cebf466b877981d871db378fc4912cde4c4d51d76f2d1fa5af
Ubuntu Security Notice 6096-1 - It was discovered that some AMD x86-64 processors with SMT enabled could speculatively execute instructions using a return address from a sibling thread. A local attacker could possibly use this to expose sensitive information. Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service.
34cc30ebdf58924fb1b0c1d2ffdb4157e4f644bf5821397bbd37680bea54a1e2
Ubuntu Security Notice 6095-1 - Jordy Zomer and Alexandra Sandulescu discovered that the Linux kernel did not properly implement speculative execution barriers in usercopy functions in certain situations. A local attacker could use this to expose sensitive information. Xingyuan Mo discovered that the x86 KVM implementation in the Linux kernel did not properly initialize some data structures. A local attacker could use this to expose sensitive information.
902ea7575b25bbc81e98afa096da148d6b4dd72ed49f98e4a167376dcb1aaef5
Affiliate Me version 5.0.1 suffers from a remote SQL injection vulnerability.
8633b6342c844afb3936033927d659bd0a1ffa95152eacdbf7c50652f08e1f50