Max CVSS 9.0 Min CVSS 2.1 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2019-19232 5.0
In Sudo through 1.8.29, an attacker with access to a Runas ALL sudoer account can impersonate a nonexistent user by invoking sudo with a numeric uid that is not associated with any user. NOTE: The software maintainer believes that this is not a vulne
05-08-2024 - 02:16 19-12-2019 - 21:15
CVE-2019-3811 2.7
A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return '/' (the root directory) instead of '' (the empty string / no home directory). This could impact services that restrict the user's filesystem ac
29-05-2023 - 17:15 15-01-2019 - 15:29
CVE-2018-16838 5.5
A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access.
29-05-2023 - 17:15 25-03-2019 - 18:29
CVE-2013-0220 5.0
The (1) sss_autofs_cmd_getautomntent and (2) sss_autofs_cmd_getautomntbyname function in responder/autofs/autofssrv_cmd.c and the (3) ssh_cmd_parse_request function in responder/ssh/sshsrv_cmd.c in System Security Services Daemon (SSSD) before 1.9.4
13-02-2023 - 04:38 24-02-2013 - 19:55
CVE-2017-1000367 6.9
Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution.
22-12-2022 - 22:15 05-06-2017 - 14:29
CVE-2019-14287 9.0
In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !r
18-04-2022 - 15:45 17-10-2019 - 18:15
CVE-2016-7076 7.2
sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp() C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec
30-09-2020 - 18:15 29-05-2018 - 13:29
CVE-2019-18634 4.6
In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upst
07-02-2020 - 17:15 29-01-2020 - 18:15
CVE-2018-10852 5.0
The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available fo
09-10-2019 - 23:33 26-06-2018 - 14:29
CVE-2017-12173 4.0
It was found that sssd's sysdb_search_user_by_upn_res() function before 1.16.0 did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a gi
09-10-2019 - 23:22 27-07-2018 - 16:29
CVE-2017-1000368 7.2
Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation (embedded newlines) in the get_process_ttyname() function resulting in information disclosure and command execution.
29-05-2019 - 19:29 05-06-2017 - 16:29
CVE-2016-7076 7.2
sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp() C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec
06-05-2019 - 21:29 29-05-2018 - 13:29
CVE-2014-9680 2.1
sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access (but not view file contents) by running a program within an sudo session, as demo
05-01-2018 - 02:29 24-04-2017 - 06:59
CVE-2013-2777 4.4
sudo before 1.7.10p5 and 1.8.x before 1.8.6p6, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vect
29-08-2017 - 01:33 08-04-2013 - 17:55
CVE-2013-1776 4.4
sudo 1.3.5 through 1.7.10 and 1.8.0 through 1.8.5, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via
29-08-2017 - 01:33 08-04-2013 - 17:55
CVE-2016-7091 4.9
sudo: It was discovered that the default sudo configuration on Red Hat Enterprise Linux and possibly other Linux implementations preserves the value of INPUTRC which could lead to information disclosure. A local user with sudo access to a restricted
23-12-2016 - 18:17 22-12-2016 - 21:59
CVE-2013-0287 4.9
The Simple Access Provider in System Security Services Daemon (SSSD) 1.9.0 through 1.9.4, when the Active Directory provider is used, does not properly enforce the simple_deny_groups option, which allows remote authenticated users to bypass intended
15-05-2013 - 03:34 21-03-2013 - 16:55
Back to Top Mark selected
Back to Top