Vulnerabilities > Sudo Project > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-17 | CVE-2019-14287 | Improper Handling of Exceptional Conditions vulnerability in multiple products In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. | 8.8 |
| 2018-05-29 | CVE-2016-7076 | Command Injection vulnerability in Sudo Project Sudo sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp() C library function with a user supplied argument. | 7.8 |
| 2017-10-10 | CVE-2015-8239 | Race Condition vulnerability in Sudo Project Sudo The SHA-2 digest support in the sudoers plugin in sudo after 1.8.7 allows local users with write permissions to parts of the called command to replace them before it is executed. | 7.0 |
| 2017-06-05 | CVE-2017-1000368 | Improper Input Validation vulnerability in Sudo Project Sudo Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation (embedded newlines) in the get_process_ttyname() function resulting in information disclosure and command execution. | 8.2 |
| 2002-05-16 | CVE-2002-0184 | Incorrect Calculation of Buffer Size vulnerability in multiple products Sudo before 1.6.6 contains an off-by-one error that can result in a heap-based buffer overflow that may allow local users to gain root privileges via special characters in the -p (prompt) argument, which are not properly expanded. | 7.8 |