Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sudo vulnerabilities and exploits
(subscribe to this query)
6.9
CVSSv2
CVE-2019-18684
Sudo up to and including 1.8.29 allows local users to escalate to root if they have write access to file descriptor 3 of the sudo process. This occurs because of a race condition between determining a uid, and the setresuid and openat system calls. The attacker can write "AL...
Sudo Project Sudo
NA
CVE-2023-27320
Sudo prior to 1.9.13p2 has a double free in the per-command chroot feature.
Sudo Project Sudo 1.9.13
Sudo Project Sudo
Fedoraproject Fedora 36
Fedoraproject Fedora 37
Fedoraproject Fedora 38
7.2
CVSSv2
CVE-1999-0958
sudo 1.5.x allows local users to execute arbitrary commands via a .. (dot dot) attack.
Todd Miller Sudo 1.5.2
Todd Miller Sudo 1.5.3
Todd Miller Sudo 1.5
1 Github repository
NA
CVE-2023-22809
In Sudo prior to 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local malicious user to append arbitrary entries to the list of files to process. This can lead to p...
Sudo Project Sudo 1.9.12
Sudo Project Sudo
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Fedoraproject Fedora 36
Fedoraproject Fedora 37
Apple Macos
11 Github repositories
7.2
CVSSv2
CVE-2002-0184
Sudo prior to 1.6.6 contains an off-by-one error that can result in a heap-based buffer overflow that may allow local users to gain root privileges via special characters in the -p (prompt) argument, which are not properly expanded.
Sudo Project Sudo
Debian Debian Linux 2.2
1 EDB exploit
NA
CVE-2023-28486
Sudo prior to 1.9.13 does not escape control characters in log messages.
Sudo Project Sudo
Netapp Active Iq Unified Manager -
NA
CVE-2023-28487
Sudo prior to 1.9.13 does not escape control characters in sudoreplay output.
Sudo Project Sudo
Netapp Active Iq Unified Manager -
NA
CVE-2023-42456
Sudo-rs, a memory safe implementation of sudo and su, allows users to not have to enter authentication at every sudo attempt, but instead only requiring authentication every once in a while in every terminal or process group. Only once a configurable timeout has passed will the u...
Memorysafety Sudo
4.4
CVSSv2
CVE-2021-23240
selinux_edit_copy_tfiles in sudoedit in Sudo prior to 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary file target. This affects SELinux RBAC support in permissive mode. Machines wit...
Sudo Project Sudo
Netapp Solidfire -
Netapp Hci Management Node -
Fedoraproject Fedora 32
Fedoraproject Fedora 33
4.6
CVSSv2
CVE-2019-18634
In Sudo prior to 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages...
Sudo Project Sudo
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
26 Github repositories
1 Article
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »