Max CVSS | 9.0 | Min CVSS | 2.1 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2019-19232 | 5.0 |
In Sudo through 1.8.29, an attacker with access to a Runas ALL sudoer account can impersonate a nonexistent user by invoking sudo with a numeric uid that is not associated with any user. NOTE: The software maintainer believes that this is not a vulne
|
05-08-2024 - 02:16 | 19-12-2019 - 21:15 | |
CVE-2017-1000367 | 6.9 |
Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution.
|
22-12-2022 - 22:15 | 05-06-2017 - 14:29 | |
CVE-2019-14287 | 9.0 |
In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !r
|
18-04-2022 - 15:45 | 17-10-2019 - 18:15 | |
CVE-2016-7076 | 7.2 |
sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp() C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec
|
30-09-2020 - 18:15 | 29-05-2018 - 13:29 | |
CVE-2019-18634 | 4.6 |
In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upst
|
07-02-2020 - 17:15 | 29-01-2020 - 18:15 | |
CVE-2017-1000368 | 7.2 |
Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation (embedded newlines) in the get_process_ttyname() function resulting in information disclosure and command execution.
|
29-05-2019 - 19:29 | 05-06-2017 - 16:29 | |
CVE-2016-7076 | 7.2 |
sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp() C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec
|
06-05-2019 - 21:29 | 29-05-2018 - 13:29 | |
CVE-2014-9680 | 2.1 |
sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access (but not view file contents) by running a program within an sudo session, as demo
|
05-01-2018 - 02:29 | 24-04-2017 - 06:59 | |
CVE-2013-2777 | 4.4 |
sudo before 1.7.10p5 and 1.8.x before 1.8.6p6, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vect
|
29-08-2017 - 01:33 | 08-04-2013 - 17:55 | |
CVE-2013-1776 | 4.4 |
sudo 1.3.5 through 1.7.10 and 1.8.0 through 1.8.5, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via
|
29-08-2017 - 01:33 | 08-04-2013 - 17:55 | |
CVE-2016-7091 | 4.9 |
sudo: It was discovered that the default sudo configuration on Red Hat Enterprise Linux and possibly other Linux implementations preserves the value of INPUTRC which could lead to information disclosure. A local user with sudo access to a restricted
|
23-12-2016 - 18:17 | 22-12-2016 - 21:59 |