Vulnerabilities > Sudo Project > Sudo > 1.6.8
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-06-05 | CVE-2017-1000368 | Improper Input Validation vulnerability in Sudo Project Sudo Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation (embedded newlines) in the get_process_ttyname() function resulting in information disclosure and command execution. | 8.2 |
| 2017-06-05 | CVE-2017-1000367 | Race Condition vulnerability in Sudo Project Sudo Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution. | 6.4 |
| 2017-04-24 | CVE-2014-9680 | Information Exposure vulnerability in Sudo Project Sudo sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access (but not view file contents) by running a program within an sudo session, as demonstrated by interfering with terminal output, discarding kernel-log messages, or repositioning tape drives. | 3.3 |