Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sudo project sudo vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv3
CVE-2023-22809
In Sudo prior to 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local malicious user to append arbitrary entries to the list of files to process. This can lead to p...
Sudo Project Sudo 1.9.12
Sudo Project Sudo
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Fedoraproject Fedora 36
Fedoraproject Fedora 37
Apple Macos
11 Github repositories
NA
CVE-2013-2777
sudo prior to 1.7.10p5 and 1.8.x prior to 1.8.6p6, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to a session w...
Apple Mac Os X
Todd Miller Sudo 1.7.9p1
Todd Miller Sudo 1.7.9
Todd Miller Sudo 1.7.6
Todd Miller Sudo 1.7.5
Todd Miller Sudo 1.7.4p6
Todd Miller Sudo 1.7.3b1
Todd Miller Sudo 1.7.2p7
Todd Miller Sudo 1.7.1
Todd Miller Sudo 1.6.4
Todd Miller Sudo 1.7.10
Todd Miller Sudo 1.7.6p2
Todd Miller Sudo 1.7.6p1
Todd Miller Sudo 1.7.4p1
Todd Miller Sudo 1.7.4p4
Todd Miller Sudo 1.7.2
Todd Miller Sudo 1.7.2p1
Todd Miller Sudo 1.6.9p20
Todd Miller Sudo 1.6.9p21
Todd Miller Sudo 1.6.7p5
Todd Miller Sudo 1.6.8p12
Todd Miller Sudo 1.7.10p1
7.8
CVSSv3
CVE-2002-0184
Sudo prior to 1.6.6 contains an off-by-one error that can result in a heap-based buffer overflow that may allow local users to gain root privileges via special characters in the -p (prompt) argument, which are not properly expanded.
Sudo Project Sudo
Debian Debian Linux 2.2
1 EDB exploit
NA
CVE-2013-2776
sudo 1.3.5 up to and including 1.7.10p5 and 1.8.0 up to and including 1.8.6p6, when running on systems without /proc or the sysctl function with the tty_tickets option enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissi...
Todd Miller Sudo 1.7.8p1
Todd Miller Sudo 1.7.8
Todd Miller Sudo 1.7.4p3
Todd Miller Sudo 1.7.4
Todd Miller Sudo 1.7.2p4
Todd Miller Sudo 1.7.7
Todd Miller Sudo 1.7.6p2
Todd Miller Sudo 1.7.4p1
Todd Miller Sudo 1.7.4p4
Todd Miller Sudo 1.7.2p3
Todd Miller Sudo 1.7.2
Todd Miller Sudo 1.6.4p2
Todd Miller Sudo 1.6.9p20
Todd Miller Sudo 1.6.7p5
Todd Miller Sudo 1.6.8p12
Todd Miller Sudo 1.3.5
Todd Miller Sudo 1.7.10
Todd Miller Sudo 1.7.2p2
Todd Miller Sudo 1.6.9p23
Todd Miller Sudo 1.6.5
Todd Miller Sudo 1.6.9p22
Todd Miller Sudo 1.6.2p3
NA
CVE-2013-1775
sudo 1.6.0 up to and including 1.7.10p6 and sudo 1.8.0 up to and including 1.8.6p6 allows local users or physically proximate malicious users to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp t...
Todd Miller Sudo 1.6.9p21
Todd Miller Sudo 1.6.7p5
Todd Miller Sudo 1.6.1
Todd Miller Sudo 1.6.6
Todd Miller Sudo 1.6.9p22
Todd Miller Sudo 1.6.2p3
Todd Miller Sudo 1.6.4
Todd Miller Sudo 1.6.8p12
Todd Miller Sudo 1.6.2
Todd Miller Sudo 1.6.7
Todd Miller Sudo 1.6.9p23
Todd Miller Sudo 1.6.5
Todd Miller Sudo 1.6.3 P7
Todd Miller Sudo 1.6.9
Todd Miller Sudo 1.6.3
Todd Miller Sudo 1.6.4p2
Todd Miller Sudo 1.6.9p20
Todd Miller Sudo 1.6
Todd Miller Sudo 1.6.8
Todd Miller Sudo 1.8.1p2
Todd Miller Sudo 1.8.2
Todd Miller Sudo 1.8.4p3
2 EDB exploits
1 Github repository
NA
CVE-2010-0427
sudo 1.6.x prior to 1.6.9p21, when the runas_default option is used, does not properly set group memberships, which allows local users to gain privileges via a sudo command.
Todd Miller Sudo 1.6.3 P2
Todd Miller Sudo 1.6.3 P3
Todd Miller Sudo 1.6.3 P7
Todd Miller Sudo 1.6.4 P1
Todd Miller Sudo 1.6.7 P5
Todd Miller Sudo 1.6.8
Todd Miller Sudo 1.6.9 P17
Todd Miller Sudo 1.6.9 P19
Todd Miller Sudo 1.6.3 P1
Todd Miller Sudo 1.6.3 P4
Todd Miller Sudo 1.6.3 P5
Todd Miller Sudo 1.6.4 P2
Todd Miller Sudo 1.6.5 P1
Todd Miller Sudo 1.6.8 P1
Todd Miller Sudo 1.6.8 P12
Todd Miller Sudo 1.6.2
Todd Miller Sudo 1.6.3
Todd Miller Sudo 1.6.7
Todd Miller Sudo 1.6.5
Todd Miller Sudo 1.6.8 P9
Todd Miller Sudo 1.6.9 P18
Todd Miller Sudo 1.6.3 P6
NA
CVE-2010-0426
sudo 1.6.x prior to 1.6.9p21 and 1.7.x prior to 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable fil...
Todd Miller Sudo 1.6.1
Todd Miller Sudo 1.6.2
Todd Miller Sudo 1.6.3 P6
Todd Miller Sudo 1.6.3 P7
Todd Miller Sudo 1.6.8 P12
Todd Miller Sudo 1.6.8 P2
Todd Miller Sudo 1.6.8 P5
Todd Miller Sudo 1.7.0
Todd Miller Sudo 1.7.1
Todd Miller Sudo 1.6.3
Todd Miller Sudo 1.6.3 P1
Todd Miller Sudo 1.6.4 P1
Todd Miller Sudo 1.6.4 P2
Todd Miller Sudo 1.6.8 P7
Todd Miller Sudo 1.6.8 P8
Todd Miller Sudo 1.7.2
Todd Miller Sudo 1.7.2p1
Todd Miller Sudo 1.6
Todd Miller Sudo 1.6.3 P4
Todd Miller Sudo 1.6.3 P5
Todd Miller Sudo 1.6.7 P5
Todd Miller Sudo 1.6.8 P1
3 Github repositories
5.3
CVSSv3
CVE-2023-28486
Sudo prior to 1.9.13 does not escape control characters in log messages.
Sudo Project Sudo
Netapp Active Iq Unified Manager -
5.3
CVSSv3
CVE-2023-28487
Sudo prior to 1.9.13 does not escape control characters in sudoreplay output.
Sudo Project Sudo
Netapp Active Iq Unified Manager -
7.8
CVSSv3
CVE-2019-18634
In Sudo prior to 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages...
Sudo Project Sudo
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
26 Github repositories
1 Article
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4651
CVE-2024-34255
elevation of privilege
CVE-2024-25529
CVE-2024-4671
NULL pointer dereference
CVE-2024-25527
template injection
CVE-2008-0166
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »