lypd0

2 exploits Active since Jan 2021

CVE-2024-3094 NOMISEC CRITICAL SCANNER

xz <5.6.0 - Code Injection

Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library that can be used by any software linked against this library, intercepting and modifying the data interaction with this library.

4 stars

CVSS 10.0

View Code

CVE-2021-3156 NOMISEC HIGH SCANNER

Sudo Heap-Based Buffer Overflow

Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.

1 stars

CVSS 7.8

View Code