Vulnerabilities > Sudo Project > Sudo > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-16 | CVE-2023-28486 | Improper Encoding or Escaping of Output vulnerability in multiple products Sudo before 1.9.13 does not escape control characters in log messages. | 5.3 |
| 2023-03-16 | CVE-2023-28487 | Improper Encoding or Escaping of Output vulnerability in multiple products Sudo before 1.9.13 does not escape control characters in sudoreplay output. | 5.3 |
| 2017-10-10 | CVE-2015-8239 | Race Condition vulnerability in Sudo Project Sudo The SHA-2 digest support in the sudoers plugin in sudo after 1.8.7 allows local users with write permissions to parts of the called command to replace them before it is executed. | 6.9 |
| 2017-06-05 | CVE-2017-1000367 | Race Condition vulnerability in Sudo Project Sudo Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution. | 6.4 |