Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Beyondtrust Subscribe
Total 6 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-3156 8 Beyondtrust, Debian, Fedoraproject and 5 more 27 Privilege Management For Mac, Privilege Management For Unix\/linux, Debian Linux and 24 more 2022-09-02 7.2 HIGH 7.8 HIGH
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
CVE-2021-31589 1 Beyondtrust 1 Appliance Base Software 2022-02-07 4.3 MEDIUM 6.1 MEDIUM
A cross-site scripting (XSS) vulnerability has been reported and confirmed for BeyondTrust Secure Remote Access Base Software version 6.0.1 and older, which allows the injection of unauthenticated, specially-crafted web requests without proper sanitization.
CVE-2021-42254 1 Beyondtrust 1 Privilege Management For Windows 2021-11-24 7.2 HIGH 7.8 HIGH
BeyondTrust Privilege Management prior to version 21.6 creates a Temporary File in a Directory with Insecure Permissions.
CVE-2020-9326 1 Beyondtrust 1 Privilege Management For Windows And Mac 2021-07-21 5.0 MEDIUM 7.5 HIGH
BeyondTrust Privilege Management for Windows and Mac (aka PMWM; formerly Avecto Defendpoint) 5.1 through 5.5 before 5.5 SR1 mishandles command-line arguments with PowerShell .ps1 file extensions present, leading to a DefendpointService.exe crash.
CVE-2018-10959 1 Beyondtrust 1 Avecto Defendpoint 2020-12-28 5.0 MEDIUM 7.5 HIGH
Avecto Defendpoint 4 prior to 4.4 SR6 and 5 prior to 5.1 SR1 has an Untrusted Search Path vulnerability, exploitable by modifying environment variables to trigger automatic elevation of an attacker's process launch.
CVE-2017-5996 1 Beyondtrust 1 Remote Support 2019-11-18 9.3 HIGH 7.8 HIGH
The agent in Bomgar Remote Support 15.2.x before 15.2.3, 16.1.x before 16.1.5, and 16.2.x before 16.2.4 allows DLL hijacking because of weak %SYSTEMDRIVE%\ProgramData permissions.