Vulnerabilities > Sudo Project > Sudo > High

DATE CVE VULNERABILITY TITLE RISK
2019-10-17 CVE-2019-14287 Improper Handling of Exceptional Conditions vulnerability in multiple products
In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID.
8.8
2018-05-29 CVE-2016-7076 Command Injection vulnerability in Sudo Project Sudo
sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp() C library function with a user supplied argument.
local
low complexity
sudo-project CWE-77
7.8
2017-06-05 CVE-2017-1000368 Improper Input Validation vulnerability in Sudo Project Sudo
Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation (embedded newlines) in the get_process_ttyname() function resulting in information disclosure and command execution.
local
low complexity
sudo-project CWE-20
7.2
2015-11-17 CVE-2015-5602 Permissions, Privileges, and Access Controls vulnerability in Sudo Project Sudo
sudoedit in Sudo before 1.8.15 allows local users to gain privileges via a symlink attack on a file whose full path is defined using multiple wildcards in /etc/sudoers, as demonstrated by "/home/*/*/file.txt."
local
low complexity
sudo-project CWE-264
7.2
2002-05-16 CVE-2002-0184 Incorrect Calculation of Buffer Size vulnerability in multiple products
Sudo before 1.6.6 contains an off-by-one error that can result in a heap-based buffer overflow that may allow local users to gain root privileges via special characters in the -p (prompt) argument, which are not properly expanded.
local
low complexity
sudo-project debian CWE-131
7.8