Lucene search
K

37 matches found

OSV
OSV
added 2024/09/13 2:40 p.m.21 views

RHSA-2017:1574 Red Hat Security Advisory: sudo security update

Bulletin has no description...

7.3CVSS7AI score0.08018EPSS
Exploits8References10
OSV
OSV
added 2024/03/07 9:33 a.m.8 views

SUSE-SU-2024:0794-1 Security update for sudo

This update for sudo fixes the following issues: - CVE-2023-42465: Try to make sudo less vulnerable to ROWHAMMER attacks bsc1219026...

7CVSS6.7AI score0.00541EPSS
Exploits1References4
OSV
OSV
added 2023/04/11 2:19 p.m.3 views

USN-6005-1 sudo vulnerabilities

Matthieu Barjole and Victor Cutillas discovered that Sudo incorrectly escaped control characters in log messages and sudoreplay output. An attacker could possibly use these issues to inject terminal control characters that alter output when being viewed...

5.3CVSS6.4AI score0.00953EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2022/11/03 7:55 p.m.55 views

CVE-2022-43995

Sudo 1.8.0 through 1.9.12, with the crypt password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer...

7.1CVSS3.5AI score0.00271EPSS
Exploits0References4
OSV
OSV
added 2021/01/27 9:29 a.m.11 views

SUSE-SU-2021:0232-1 Security update for sudo

This update for sudo fixes the following issues: - A Heap-based buffer overflow in sudo could be exploited to allow a user to gain root privileges bsc1181090,CVE-2021-3156 - It was possible for a user to test for the existence of a directory due to a Race Condition in sudoedit...

7.8CVSS6.6AI score0.99295EPSS
Exploits82References5
NCSC
NCSC
added 2021/01/27 12:0 a.m.4 views

Vulnerabilities fixed in sudo

Several vulnerabilities have been fixed in sudo. A local malicious party can, by exploiting these vulnerabilities, gain gain root privileges on the vulnerable system. The developers of sudo have released updates to fix the vulnerability marked CVE-2021-3156 in version 1.9.5p2. The vulnerabilities...

7.8CVSS8.7AI score0.99295EPSS
Exploits83
Tenable Nessus
Tenable Nessus
added 2021/01/27 12:0 a.m.52 views

Fedora 32 : sudo (2021-8840cbdccd)

The remote Fedora 32 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-8840cbdccd advisory. - Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via...

7.8CVSS7.2AI score0.99295EPSS
Exploits82References2
OSV
OSV
added 2021/01/17 4:7 p.m.11 views

MGASA-2021-0042 Updated sudo packages fix security vulnerabilities

The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudoedit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path. CVE-2021-23239. selinuxeditcopytfiles in sudoedit in...

7.8CVSS5.8AI score0.01066EPSS
Exploits2References4
OSV
OSV
added 2019/10/17 8:21 a.m.7 views

OPENSUSE-SU-2019:2333-1 Security update for sudo

This update for sudo fixes the following issue: - CVE-2019-14287: Fixed an issue where a user with sudo privileges that allowed them to run commands with an arbitrary uid, could run commands as root, despite being forbidden to do so in sudoers bsc1153674. This update was imported from the...

9CVSS8.8AI score0.63917EPSS
Exploits10References3
Cloud Foundry
Cloud Foundry
added 2019/05/20 12:0 a.m.106 views

USN-3968-1: Sudo vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Description Florian Weimer discovered that Sudo incorrectly handled the noexec restriction when used with certain applications. A local attacker could possibly use this issue to bypass configured restrictions and...

8.2CVSS7.7AI score0.00573EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2019/05/07 12:0 a.m.29 views

Ubuntu 16.04 LTS : Sudo vulnerabilities (USN-3968-1)

The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3968-1 advisory. Florian Weimer discovered that Sudo incorrectly handled the noexec restriction when used with certain applications. A local attacker could possibly use...

8.2CVSS7.5AI score0.00573EPSS
Exploits0References3
OSV
OSV
added 2016/11/23 2:33 p.m.6 views

SUSE-SU-2016:2893-1 Security update for sudo

This update for sudo fixes the following issues: - fix two security vulnerabilities that allowed users to bypass sudo's NOEXEC functionality: noexec bypass via system and popen CVE-2016-7032, bsc1007766 noexec bypass via wordexp CVE-2016-7076, bsc1007501...

7.8CVSS7.4AI score0.00493EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2015/04/28 12:0 a.m.8 views

Vulnerabilities of the Gentoo Linux operating system, which allow a malicious individual to compromise the confidentiality, integrity, and accessibility of protected information

The multiple vulnerabilities in the sudo package of the Gentoo Linux operating system up to version 1.7.2p4 can lead to violations of confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited locally...

6.9CVSS7.2AI score0.01125EPSS
Exploits4References4Affected Software1
OSV
OSV
added 2013/04/08 5:55 p.m.11 views

CVE-2013-2776

sudo 1.3.5 through 1.7.10p5 and 1.8.0 through 1.8.6p6, when running on systems without /proc or the sysctl function with the ttytickets option enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another...

6.3AI score0.0037EPSS
Exploits0References17
Positive Technologies
Positive Technologies
added 2009/01/30 12:0 a.m.4 views

PT-2009-1078 · Sudo +1 · Sudo +1

Name of the Vulnerable Software and Affected Versions: sudo versions 1.6.9p17 through 1.6.9p19 Description: The issue concerns the improper interpretation of a system group in the sudoers file during authorization decisions for users belonging to that group. This allows local users to leverage an...

7.8CVSS7.7AI score0.00406EPSS
Exploits1References29
OpenVAS
OpenVAS
added 2008/01/17 12:0 a.m.22 views

Debian Security Advisory DSA 596-2 (sudo)

The remote host is missing an update to sudo announced via advisory DSA 596-2. OpenVAS Vulnerability Test $Id: deb5962.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 596-2 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

7.2CVSS0.6AI score0.01374EPSS
Exploits0
CVE
CVE
added 2000/04/18 4:0 a.m.53 views

CVE-1999-0958

Technical details about CVE-1999-0958 are not publicly provided in the connected documents. The available sources reiterate the arbitrary command execution via sudo 1.5.x. Monitor for updates.

7.2CVSS7.9AI score0.00436EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder