Known Vulnerabilities for products from Sudo Project
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Sudo Project".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2023-42465 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7 - HIGH | 2023-12-22 | 2024-01-28 |
| CVE-2023-28487 | Sudo before 1.9.13 does not escape control characters in sudoreplay output. | 5.3 - MEDIUM | 2023-03-16 | 2024-02-03 |
| CVE-2023-28486 | Sudo before 1.9.13 does not escape control characters in log messages. | 5.3 - MEDIUM | 2023-03-16 | 2024-02-03 |
| CVE-2023-27320 | Sudo before 1.9.13p2 has a double free in the per-command chroot feature. | 7.2 - HIGH | 2023-02-28 | 2023-11-07 |
| CVE-2023-22809 | In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment var... | 7.8 - HIGH | 2023-01-18 | 2023-11-17 |
| CVE-2023-7090 | In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment var... | 8.8 - HIGH | 2023-12-23 | 2024-02-03 |
| CVE-2022-43995 | Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds er... | 7.1 - HIGH | 2022-11-02 | 2022-12-06 |
| CVE-2021-23240 | selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalat... | 7.8 - HIGH | 2021-01-12 | 2023-11-07 |
| CVE-2021-23239 | The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence te... | 2.5 - LOW | 2021-01-12 | 2023-11-07 |
| CVE-2021-3156 | Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege esca... | 7.8 - HIGH | 2021-01-26 | 2024-02-04 |
| CVE-2019-18684 | ** DISPUTED ** Sudo through 1.8.29 allows local users to escalate to root if they have write access to file descriptor 3 of t... | 7 - HIGH | 2019-11-04 | 2023-11-07 |
| CVE-2019-18634 | In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privi... | 7.8 - HIGH | 2020-01-29 | 2023-11-07 |
| CVE-2019-14287 | In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session... | 8.8 - HIGH | 2019-10-17 | 2023-11-07 |
| CVE-2017-1000368 | Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation (embedded newlines) in the get_process_t... | 8.2 - HIGH | 2017-06-05 | 2019-05-29 |
| CVE-2017-1000367 | Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyna... | 6.4 - MEDIUM | 2017-06-05 | 2023-11-07 |
| CVE-2016-7076 | sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wo... | 7.8 - HIGH | 2018-05-29 | 2023-11-07 |
| CVE-2015-8239 | The SHA-2 digest support in the sudoers plugin in sudo after 1.8.7 allows local users with write permissions to parts of the ... | 7 - HIGH | 2017-10-10 | 2017-11-05 |
| CVE-2015-5602 | sudoedit in Sudo before 1.8.15 allows local users to gain privileges via a symlink attack on a file whose full path is define... | 7.2 - HIGH | 2015-11-17 | 2016-12-07 |
| CVE-2014-9680 | sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local us... | 3.3 - LOW | 2017-04-24 | 2018-01-05 |
| CVE-2005-4890 | There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via "su - user -c program". The user s... | 7.8 - HIGH | 2019-11-04 | 2020-08-18 |
Known software with vulnerabilities from Sudo Project
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Sudo Project | Sudo | 1.3.0 |