Known Vulnerabilities for products from Todd Miller
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Todd Miller".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2016-7032 json | sudo_noexec.so in Sudo before 1.8.15 on Linux might allow local users to bypass intended noexec command restrictions via an a... | 7 - HIGH | 2017-04-14 | 2020-09-30 |
| CVE-2014-0106 json | Sudo 1.6.9 before 1.8.5, when env_reset is disabled, does not properly check environment variables for the env_delete restric... | 6.6 - MEDIUM | 2014-03-11 | 2017-12-16 |
| CVE-2013-2777 json | sudo before 1.7.10p5 and 1.8.x before 1.8.6p6, when the tty_tickets option is enabled, does not properly validate the control... | 4.4 - MEDIUM | 2013-04-08 | 2017-08-29 |
| CVE-2013-2776 json | sudo 1.3.5 through 1.7.10p5 and 1.8.0 through 1.8.6p6, when running on systems without /proc or the sysctl function with the ... | 4.4 - MEDIUM | 2013-04-08 | 2017-08-29 |
| CVE-2013-1776 json | sudo 1.3.5 through 1.7.10 and 1.8.0 through 1.8.5, when the tty_tickets option is enabled, does not properly validate the con... | 4.4 - MEDIUM | 2013-04-08 | 2017-08-29 |
| CVE-2013-1775 json | sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypass int... | 6.9 - MEDIUM | 2013-03-05 | 2016-11-28 |
| CVE-2012-3440 json | A certain Red Hat script for sudo 1.7.2 on Red Hat Enterprise Linux (RHEL) 5 allows local users to overwrite arbitrary files ... | 5.6 - MEDIUM | 2012-08-08 | 2023-02-13 |
| CVE-2012-2337 json | sudo 1.6.x and 1.7.x before 1.7.9p1, and 1.8.x before 1.8.4p5, does not properly support configurations that use a netmask sy... | 7.2 - HIGH | 2012-05-18 | 2018-01-05 |
| CVE-2012-0809 json | Format string vulnerability in the sudo_debug function in Sudo 1.8.0 through 1.8.3p1 allows local users to execute arbitrary ... | 7.2 - HIGH | 2012-02-01 | 2018-01-05 |
| CVE-2011-0010 json | check.c in sudo 1.7.x before 1.7.4p5, when a Runas group is configured, does not require a password for command execution tha... | 4.4 - MEDIUM | 2011-01-18 | 2018-01-05 |
| CVE-2011-0008 json | A certain Fedora patch for parse.c in sudo before 1.7.4p5-1.fc14 on Fedora 14 does not properly interpret a system group (aka... | 6.9 - MEDIUM | 2011-01-20 | 2023-11-07 |
| CVE-2010-2956 json | Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not properly handle use of the -u option in conjunction wi... | 6.2 - MEDIUM | 2010-09-10 | 2018-10-10 |
| CVE-2010-1646 json | The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1.7.0 through 1.7.2p6 does not properly handle an environ... | 6.2 - MEDIUM | 2010-06-07 | 2018-10-10 |
| CVE-2010-1163 json | The command matching functionality in sudo 1.6.8 through 1.7.2p5 does not properly handle when a file in the current working ... | 6.9 - MEDIUM | 2010-04-16 | 2018-10-10 |
| CVE-2010-0427 json | sudo 1.6.x before 1.6.9p21, when the runas_default option is used, does not properly set group memberships, which allows loca... | 4.4 - MEDIUM | 2010-02-25 | 2018-10-10 |
| CVE-2010-0426 json | sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of th... | 6.9 - MEDIUM | 2010-02-24 | 2018-10-10 |
| CVE-2009-0034 json | parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly interpret a system group (aka %group) in the sudoers file during ... | 7.8 - HIGH | 2009-01-30 | 2024-01-12 |
| CVE-2007-4305 json | Multiple race conditions in the (1) Sudo monitor mode and (2) Sysjail policies in Systrace on NetBSD and OpenBSD allow local ... | 6.2 - MEDIUM | 2007-08-13 | 2008-09-05 |
| CVE-2007-3149 json | sudo, when linked with MIT Kerberos 5 (krb5), does not properly check whether a user can currently authenticate to Kerberos, ... | 7.2 - HIGH | 2007-06-11 | 2020-01-21 |
| CVE-2006-0151 json | sudo 1.6.8 and other versions does not clear the PYTHONINSPECT environment variable, which allows limited local users to gain... | Not Provided | 2006-01-09 | 2025-04-03 |
Known software with vulnerabilities from Todd Miller
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Todd Miller | Sudo | 1.6 |