Vulnerabilities > Sudo Project > Sudo > 1.5.4
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-23 | CVE-2023-7090 | Improper Privilege Management vulnerability in Sudo Project Sudo A flaw was found in sudo in the handling of ipa_hostname, where ipa_hostname from /etc/sssd/sssd.conf was not propagated in sudo. | 8.8 |
| 2023-12-22 | CVE-2023-42465 | Unspecified vulnerability in Sudo Project Sudo Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because the values do not resist flips of a single bit. | 7.0 |
| 2023-03-16 | CVE-2023-28486 | Improper Encoding or Escaping of Output vulnerability in multiple products Sudo before 1.9.13 does not escape control characters in log messages. | 5.3 |
| 2023-03-16 | CVE-2023-28487 | Improper Encoding or Escaping of Output vulnerability in multiple products Sudo before 1.9.13 does not escape control characters in sudoreplay output. | 5.3 |
| 2021-01-12 | CVE-2021-23240 | Link Following vulnerability in multiple products selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary file target. | 7.8 |
| 2021-01-12 | CVE-2021-23239 | Link Following vulnerability in multiple products The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path. | 2.5 |
| 2019-11-04 | CVE-2005-4890 | Improper Input Validation vulnerability in multiple products There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via "su - user -c program". | 7.8 |
| 2019-11-04 | CVE-2019-18684 | Race Condition vulnerability in Sudo Project Sudo Sudo through 1.8.29 allows local users to escalate to root if they have write access to file descriptor 3 of the sudo process. | 7.0 |
| 2019-10-17 | CVE-2019-14287 | Improper Handling of Exceptional Conditions vulnerability in multiple products In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. | 8.8 |
| 2017-06-05 | CVE-2017-1000368 | Improper Input Validation vulnerability in Sudo Project Sudo Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation (embedded newlines) in the get_process_ttyname() function resulting in information disclosure and command execution. | 8.2 |