Lucene search
+L

4 matches found

CVE
CVE
added 2017/06/05 4:0 p.m.323 views

CVE-2017-1000368

CVE-2017-1000368 affects Todd Miller’s sudo prior to 1.8.20p1 and earlier, due to input validation in get_process_ttyname() that parses /proc data. This can enable information disclosure and command execution via a local user with sudo privileges. Connected advisories show multiple distributions ...

8.2CVSS7.6AI score0.00573EPSS
CVE
CVE
added 2017/06/05 12:0 a.m.305 views

CVE-2017-1000367

CVE-2017-1000367 affects sudo versions up to and including 1.8.20 and earlier, due to input validation issues in get_process_ttyname() that incorrectly parsed tty information from /proc, enabling information disclosure and local privilege escalation. The issue is tied to parsing tty data from the...

6.9CVSS6.8AI score0.08018EPSS
Web
CVE
CVE
added 2017/04/24 6:12 a.m.206 views

CVE-2014-9680

CVE-2014-9680 : sudo before 1.8.12 fails to sanitize the TZ environment variable, allowing a local attacker to bypass restrictions and potentially cause a denial of service or read/open unauthorized files via a sudo session. Connected advisories/docs corroborate local-execution impact and recomme...

3.3CVSS3.8AI score0.0047EPSS
CVE
CVE
added 2017/10/10 4:0 p.m.54 views

CVE-2015-8239

The CVE-2015-8239 issue affects the sudoers plugin in sudo versions after 1.8.7. The root cause is the SHA-2 digest support in the sudoers plugin, which allows local users with write permissions to parts of the called command to replace them before execution. Reported impacts indicate that a loca...

7CVSS6.6AI score0.00542EPSS