CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

13 matches found

Github Security Blog•added 2025/11/13 3:36 p.m.•10 views

sudo-rs doesn't record authenticating user properly in timestamp

Summary When Defaults targetpw or Defaults rootpw is enabled, the password of the target account or root account instead of the invoking user is used for authentication. sudo-rs prior to 0.2.10 incorrectly recorded the invoking user’s UID instead of the authenticated-as user's UID in the...

4.4CVSS7.1AI score0.00024EPSS

Exploits0References5Affected Software1

OSV•added 2025/11/13 3:36 p.m.•1 views

GHSA-Q428-6V73-FC4Q sudo-rs doesn't record authenticating user properly in timestamp

4.4CVSS7.3AI score0.00024EPSS

Exploits0References5

UbuntuCve•added 2025/11/12 10:15 p.m.•1 views

CVE-2025-64517

sudo-rs is a memory safe implementation of sudo and su written in Rust. With Defaults targetpw or Defaults rootpw enabled, the password of the target account or root account instead of the invoking user is used for authentication. sudo-rs starting in version 0.2.5 and prior to version 0.2.10...

4.4CVSS5.9AI score0.00024EPSS

Exploits0References3

OSV•added 2025/11/12 10:15 p.m.•1 views

UBUNTU-CVE-2025-64517

4.4CVSS5.9AI score0.00024EPSS

Exploits0References4

Vulnrichment•added 2025/11/12 10:8 p.m.•1 views

CVE-2025-64517 sudo-rs doesn't record authenticating user properly in timestamp

4.4CVSS7AI score0.00024EPSS

Exploits0References3

CVE•added 2025/11/12 10:8 p.m.•7 views

CVE-2025-64517

sudo-rs (Rust implementation of sudo) is affected by CVE-2025-64517. Versions prior to 0.2.10 incorrectly recorded the invoking user’s UID in the authentication timestamp when Defaults targetpw/rootpw are enabled, which could allow a highly-privileged user to run commands as other accounts using ...

4.4CVSS6.6AI score0.00024EPSS

Exploits0References3

OSV•added 2025/11/12 10:8 p.m.•2 views

CVE-2025-64517 sudo-rs doesn't record authenticating user properly in timestamp

4.4CVSS7AI score0.00024EPSS

Exploits0References5

Debian•added 2025/11/11 7:23 p.m.•3 views

[SECURITY] [DSA 6052-1] rust-sudo-rs security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6052-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 11, 2025 https://www.debian.org/security/faq -...

6.9AI score

Exploits0

Ubuntu•added 2025/11/10 6:52 p.m.•2 views

USN-7867-1: sudo-rs vulnerabilities

It was discovered that sudo-rs incorrectly handled passwords when timeouts occurred and the pwfeedback default was not set. This could result in a partially typed password being output to standard input, contrary to expectations. It was discovered that sudo-rs incorrectly handled the targetpw and...

5.5AI score

Exploits0References1

NVD•added 2008/05/12 5:20 p.m.•12 views

CVE-2008-2139

The rootpw plugin in rPath Appliance Platform Agent 2 and 3 does not re-validate requests from a browser with a valid administrator session, including requests to change the password, which makes it easier for physically proximate attackers to gain privileges and maintain control over the...

6.5CVSS6.7AI score0.00097EPSS

Exploits0References3

Prion•added 2008/05/12 5:20 p.m.•12 views

Design/Logic Flaw

6.5CVSS7.2AI score0.00097EPSS

Exploits0References3Affected Software1

Cvelist•added 2008/05/12 5:0 p.m.•15 views

CVE-2008-2139

6.7AI score0.00097EPSS

Exploits0References3

CVE•added 2008/05/12 5:0 p.m.•39 views

CVE-2008-2139

The CVE-2008-2139 entry concerns the rootpw plugin in rPath Appliance Platform Agent 2 and 3, where requests from a browser with a valid administrator session are not re-validated (including password-change requests). This weakens session handling and can allow physically proximate attackers to g...

6.5CVSS6.7AI score0.00097EPSS

Exploits0References3Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by