| Max CVSS | 9.0 | Min CVSS | 2.1 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2019-19232 | 5.0 |
In Sudo through 1.8.29, an attacker with access to a Runas ALL sudoer account can impersonate a nonexistent user by invoking sudo with a numeric uid that is not associated with any user. NOTE: The software maintainer believes that this is not a vulne
|
11-04-2024 - 01:04 | 19-12-2019 - 21:15 | |
| CVE-2019-3811 | 2.7 |
A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return '/' (the root directory) instead of '' (the empty string / no home directory). This could impact services that restrict the user's filesystem ac
|
29-05-2023 - 17:15 | 15-01-2019 - 15:29 | |
| CVE-2018-16838 | 5.5 |
A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access.
|
29-05-2023 - 17:15 | 25-03-2019 - 18:29 | |
| CVE-2013-0220 | 5.0 |
The (1) sss_autofs_cmd_getautomntent and (2) sss_autofs_cmd_getautomntbyname function in responder/autofs/autofssrv_cmd.c and the (3) ssh_cmd_parse_request function in responder/ssh/sshsrv_cmd.c in System Security Services Daemon (SSSD) before 1.9.4
|
13-02-2023 - 04:38 | 24-02-2013 - 19:55 | |
| CVE-2017-1000367 | 6.9 |
Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution.
|
22-12-2022 - 22:15 | 05-06-2017 - 14:29 | |
| CVE-2019-14287 | 9.0 |
In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !r
|
18-04-2022 - 15:45 | 17-10-2019 - 18:15 | |
| CVE-2016-7076 | 7.2 |
sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp() C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec
|
30-09-2020 - 18:15 | 29-05-2018 - 13:29 | |
| CVE-2019-18634 | 4.6 |
In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upst
|
07-02-2020 - 17:15 | 29-01-2020 - 18:15 | |
| CVE-2018-10852 | 5.0 |
The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available fo
|
09-10-2019 - 23:33 | 26-06-2018 - 14:29 | |
| CVE-2017-12173 | 4.0 |
It was found that sssd's sysdb_search_user_by_upn_res() function before 1.16.0 did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a gi
|
09-10-2019 - 23:22 | 27-07-2018 - 16:29 | |
| CVE-2017-1000368 | 7.2 |
Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation (embedded newlines) in the get_process_ttyname() function resulting in information disclosure and command execution.
|
29-05-2019 - 19:29 | 05-06-2017 - 16:29 | |
| CVE-2016-7076 | 7.2 |
sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp() C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec
|
06-05-2019 - 21:29 | 29-05-2018 - 13:29 | |
| CVE-2014-9680 | 2.1 |
sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access (but not view file contents) by running a program within an sudo session, as demo
|
05-01-2018 - 02:29 | 24-04-2017 - 06:59 | |
| CVE-2013-2777 | 4.4 |
sudo before 1.7.10p5 and 1.8.x before 1.8.6p6, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vect
|
29-08-2017 - 01:33 | 08-04-2013 - 17:55 | |
| CVE-2013-1776 | 4.4 |
sudo 1.3.5 through 1.7.10 and 1.8.0 through 1.8.5, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via
|
29-08-2017 - 01:33 | 08-04-2013 - 17:55 | |
| CVE-2016-7091 | 4.9 |
sudo: It was discovered that the default sudo configuration on Red Hat Enterprise Linux and possibly other Linux implementations preserves the value of INPUTRC which could lead to information disclosure. A local user with sudo access to a restricted
|
23-12-2016 - 18:17 | 22-12-2016 - 21:59 | |
| CVE-2013-0287 | 4.9 |
The Simple Access Provider in System Security Services Daemon (SSSD) 1.9.0 through 1.9.4, when the Active Directory provider is used, does not properly enforce the simple_deny_groups option, which allows remote authenticated users to bypass intended
|
15-05-2013 - 03:34 | 21-03-2013 - 16:55 |