Skip to main content

Sudo

34 CVEs product

Monthly

CVE-2026-35535 HIGH POC PATCH CISA Act Now

Local privilege escalation in Sudo through 1.9.17p2 (fixed in commit 3e474c2) arises because a failed setuid, setgid, or setgroups call during the privilege drop that precedes invoking the mailer is treated as non-fatal, allowing the mailer to run with retained elevated privileges. Local users on systems where Sudo is configured to send mail can leverage this to gain root, with total technical impact per CISA SSVC. EPSS is 0.00% and there is no public exploit identified at time of analysis, consistent with SSVC marking exploitation as none.

Privilege Escalation Sudo
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.0%
Threat
5.1
CVE-2025-32463 CRITICAL POC KEV PATCH THREAT Act Now

Sudo before 1.9.17p1 contains a local root escalation vulnerability (CVE-2025-32463, CVSS 9.3) through the --chroot option, which loads /etc/nsswitch.conf from the user-controlled chroot directory instead of the host system. KEV-listed with EPSS 26.5% and public PoC, this vulnerability allows any user with sudo --chroot access to achieve root privileges by placing a malicious nsswitch configuration and library in their chroot.

Information Disclosure Ubuntu Debian Leap Linux Enterprise Desktop +8
NVD Exploit-DB
CVSS 3.1
9.3
EPSS
26.5%
Threat
5.7
CVE-2025-32462 HIGH POC PATCH THREAT Act Now

Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines.

Authentication Bypass Sudo
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
17.4%
CVE-2025-46718 Cargo LOW POC PATCH Monitor

sudo-rs is a memory safe implementation of sudo and su written in Rust. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Sudo
NVD GitHub
CVSS 3.1
3.3
EPSS
0.1%
CVE-2025-46717 Cargo LOW POC PATCH Monitor

sudo-rs is a memory safe implementation of sudo and su written in Rust. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Sudo
NVD GitHub
CVSS 3.1
3.3
EPSS
0.1%
CVE-2023-7090 HIGH PATCH This Week

A flaw was found in sudo in the handling of ipa_hostname, where ipa_hostname from /etc/sssd/sssd.conf was not propagated in sudo. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Sudo
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-42465 HIGH POC PATCH This Week

Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling. Rated high severity (CVSS 7.0). Public exploit code available.

Privilege Escalation Authentication Bypass Sudo
NVD GitHub
CVSS 3.1
7.0
EPSS
0.5%
CVE-2023-42456 Cargo LOW PATCH Monitor

Sudo-rs, a memory safe implementation of sudo and su, allows users to not have to enter authentication at every sudo attempt, but instead only requiring authentication every once in a while in every. Rated low severity (CVSS 3.3). This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Sudo
NVD GitHub VulDB
CVSS 3.1
3.3
EPSS
0.1%
CVE-2023-28487 MEDIUM PATCH This Month

Sudo before 1.9.13 does not escape control characters in sudoreplay output. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Sudo Active Iq Unified Manager
NVD GitHub
CVSS 3.1
5.3
EPSS
1.0%
CVE-2023-28486 MEDIUM PATCH This Month

Sudo before 1.9.13 does not escape control characters in log messages. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Sudo Active Iq Unified Manager
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%
CVE-2023-27320 HIGH POC This Week

Sudo before 1.9.13p2 has a double free in the per-command chroot feature. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Sudo Fedora
NVD
CVSS 3.1
7.2
EPSS
1.7%
CVE-2023-22809 HIGH POC THREAT Act Now

In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Sudo Debian Linux Fedora macOS
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
55.4%
CVE-2022-43995 HIGH PATCH This Week

Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Sudo
NVD GitHub
CVSS 3.1
7.1
EPSS
0.3%
CVE-2021-3156 HIGH POC KEV PATCH THREAT Act Now

Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Privilege Escalation Sudo Fedora Debian Linux +21
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
99.3%
CVE-2021-23240 HIGH POC This Week

selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Sudo Hci Management Node Solidfire Fedora
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2021-23239 LOW POC Monitor

The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled. Rated low severity (CVSS 2.5). Public exploit code available and no vendor patch available.

Information Disclosure Sudo Cloud Backup Hci Management Node Solidfire +2
NVD
CVSS 3.1
2.5
EPSS
1.0%
CVE-2019-19234 HIGH This Week

In Sudo through 1.8.29, the fact that a user has been blocked (e.g., by using the !. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sudo
NVD
CVSS 3.1
7.5
EPSS
2.8%
CVE-2019-19232 HIGH This Week

In Sudo through 1.8.29, an attacker with access to a Runas ALL sudoer account can impersonate a nonexistent user by invoking sudo with a numeric uid that is not associated with any user. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sudo
NVD
CVSS 3.1
7.5
EPSS
3.3%
CVE-2019-18684 HIGH POC This Week

Sudo through 1.8.29 allows local users to escalate to root if they have write access to file descriptor 3 of the sudo process. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Race Condition Privilege Escalation Sudo
NVD GitHub
CVSS 3.1
7.0
EPSS
0.3%
CVE-2019-14287 HIGH POC PATCH THREAT This Week

In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Sudo Fedora Debian Linux Leap +11
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
63.9%
CVE-2015-8239 HIGH PATCH This Week

The SHA-2 digest support in the sudoers plugin in sudo after 1.8.7 allows local users with write permissions to parts of the called command to replace them before it is executed. Rated high severity (CVSS 7.0).

Race Condition Information Disclosure Sudo
NVD
CVSS 3.0
7.0
EPSS
0.9%
CVE-2017-1000368 HIGH This Week

Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation (embedded newlines) in the get_process_ttyname() function resulting in information disclosure and command. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Sudo
NVD
CVSS 3.0
8.2
EPSS
0.1%
CVE-2017-1000367 MEDIUM POC THREAT This Month

Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution. Rated medium severity (CVSS 6.4). Public exploit code available and EPSS exploitation probability 19.9%.

Race Condition Information Disclosure Sudo
NVD Exploit-DB
CVSS 3.0
6.4
EPSS
19.9%
CVE-2014-9680 LOW POC Monitor

sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access (but not view file contents). Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Sudo
NVD
CVSS 3.0
3.3
EPSS
0.4%
CVE-2016-7032 HIGH This Week

sudo_noexec.so in Sudo before 1.8.15 on Linux might allow local users to bypass intended noexec command restrictions via an application that calls the (1) system or (2) popen function. Rated high severity (CVSS 7.0). No vendor patch available.

Authentication Bypass Sudo
NVD
CVSS 3.0
7.0
EPSS
0.0%
CVE-2015-5602 HIGH POC This Week

sudoedit in Sudo before 1.8.15 allows local users to gain privileges via a symlink attack on a file whose full path is defined using multiple wildcards in /etc/sudoers, as demonstrated by. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Sudo
NVD Exploit-DB
CVSS 2.0
7.2
EPSS
5.5%
CVE-2014-0106 MEDIUM PATCH This Month

Sudo 1.6.9 before 1.8.5, when env_reset is disabled, does not properly check environment variables for the env_delete restriction, which allows local users with sudo permissions to bypass intended. Rated medium severity (CVSS 6.6).

Authentication Bypass Mac Os X Sudo
NVD VulDB
CVSS 2.0
6.6
EPSS
0.1%
CVE-2013-2777 MEDIUM This Month

sudo before 1.7.10p5 and 1.8.x before 1.8.6p6, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to. Rated medium severity (CVSS 4.4). No vendor patch available.

Privilege Escalation Mac Os X Sudo
NVD
CVSS 2.0
4.4
EPSS
0.0%
CVE-2013-2776 MEDIUM This Month

sudo 1.3.5 through 1.7.10p5 and 1.8.0 through 1.8.6p6, when running on systems without /proc or the sysctl function with the tty_tickets option enabled, does not properly validate the controlling. Rated medium severity (CVSS 4.4). No vendor patch available.

Privilege Escalation Sudo Mac Os X
NVD
CVSS 2.0
4.4
EPSS
0.1%
CVE-2013-1776 MEDIUM This Month

sudo 1.3.5 through 1.7.10 and 1.8.0 through 1.8.5, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions. Rated medium severity (CVSS 4.4). No vendor patch available.

Privilege Escalation Mac Os X Sudo
NVD
CVSS 2.0
4.4
EPSS
0.1%
CVE-2013-1775 MEDIUM POC This Month

sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by. Rated medium severity (CVSS 6.9). Public exploit code available and no vendor patch available.

Privilege Escalation Sudo Mac Os X
NVD Exploit-DB
CVSS 2.0
6.9
EPSS
8.1%
CVE-2012-3440 MEDIUM POC This Month

A certain Red Hat script for sudo 1.7.2 on Red Hat Enterprise Linux (RHEL) 5 allows local users to overwrite arbitrary files via a symlink attack on the /var/tmp/nsswitch.conf.bak temporary file. Rated medium severity (CVSS 5.6). Public exploit code available and no vendor patch available.

Red Hat Information Disclosure Sudo Enterprise Linux
NVD
CVSS 2.0
5.6
EPSS
0.1%
CVE-2012-2337 HIGH This Week

sudo 1.6.x and 1.7.x before 1.7.9p1, and 1.8.x before 1.8.4p5, does not properly support configurations that use a netmask syntax, which allows local users to bypass intended command restrictions in. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Sudo
NVD
CVSS 2.0
7.2
EPSS
0.0%
CVE-2012-0809 HIGH POC THREAT Act Now

Format string vulnerability in the sudo_debug function in Sudo 1.8.0 through 1.8.3p1 allows local users to execute arbitrary code via format string sequences in the program name for sudo. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 45.6%.

RCE Sudo
NVD Exploit-DB
CVSS 2.0
7.2
EPSS
45.6%
Threat
4.3
EPSS 0% 5.1 CVSS 7.8
HIGH POC PATCH Act Now

Local privilege escalation in Sudo through 1.9.17p2 (fixed in commit 3e474c2) arises because a failed setuid, setgid, or setgroups call during the privilege drop that precedes invoking the mailer is treated as non-fatal, allowing the mailer to run with retained elevated privileges. Local users on systems where Sudo is configured to send mail can leverage this to gain root, with total technical impact per CISA SSVC. EPSS is 0.00% and there is no public exploit identified at time of analysis, consistent with SSVC marking exploitation as none.

Privilege Escalation Sudo
NVD GitHub VulDB
EPSS 27% 5.7 CVSS 9.3
CRITICAL POC KEV PATCH THREAT Act Now

Sudo before 1.9.17p1 contains a local root escalation vulnerability (CVE-2025-32463, CVSS 9.3) through the --chroot option, which loads /etc/nsswitch.conf from the user-controlled chroot directory instead of the host system. KEV-listed with EPSS 26.5% and public PoC, this vulnerability allows any user with sudo --chroot access to achieve root privileges by placing a malicious nsswitch configuration and library in their chroot.

Information Disclosure Ubuntu Debian +10
NVD Exploit-DB
EPSS 17% CVSS 8.8
HIGH POC PATCH THREAT Act Now

Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines.

Authentication Bypass Sudo
NVD Exploit-DB
EPSS 0% CVSS 3.3
LOW POC PATCH Monitor

sudo-rs is a memory safe implementation of sudo and su written in Rust. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Sudo
NVD GitHub
EPSS 0% CVSS 3.3
LOW POC PATCH Monitor

sudo-rs is a memory safe implementation of sudo and su written in Rust. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Sudo
NVD GitHub
EPSS 1% CVSS 8.8
HIGH PATCH This Week

A flaw was found in sudo in the handling of ipa_hostname, where ipa_hostname from /etc/sssd/sssd.conf was not propagated in sudo. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Sudo
NVD
EPSS 1% CVSS 7.0
HIGH POC PATCH This Week

Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling. Rated high severity (CVSS 7.0). Public exploit code available.

Privilege Escalation Authentication Bypass Sudo
NVD GitHub
EPSS 0% CVSS 3.3
LOW PATCH Monitor

Sudo-rs, a memory safe implementation of sudo and su, allows users to not have to enter authentication at every sudo attempt, but instead only requiring authentication every once in a while in every. Rated low severity (CVSS 3.3). This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Sudo
NVD GitHub VulDB
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Sudo before 1.9.13 does not escape control characters in sudoreplay output. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Sudo Active Iq Unified Manager
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Sudo before 1.9.13 does not escape control characters in log messages. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Sudo Active Iq Unified Manager
NVD GitHub
EPSS 2% CVSS 7.2
HIGH POC This Week

Sudo before 1.9.13p2 has a double free in the per-command chroot feature. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Sudo Fedora
NVD
EPSS 55% CVSS 7.8
HIGH POC THREAT Act Now

In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Sudo Debian Linux +2
NVD Exploit-DB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Sudo
NVD GitHub
EPSS 99% CVSS 7.8
HIGH POC KEV PATCH THREAT Act Now

Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Privilege Escalation Sudo +23
NVD Exploit-DB
EPSS 1% CVSS 7.8
HIGH POC This Week

selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Sudo Hci Management Node +2
NVD
EPSS 1% CVSS 2.5
LOW POC Monitor

The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled. Rated low severity (CVSS 2.5). Public exploit code available and no vendor patch available.

Information Disclosure Sudo Cloud Backup +4
NVD
EPSS 3% CVSS 7.5
HIGH This Week

In Sudo through 1.8.29, the fact that a user has been blocked (e.g., by using the !. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sudo
NVD
EPSS 3% CVSS 7.5
HIGH This Week

In Sudo through 1.8.29, an attacker with access to a Runas ALL sudoer account can impersonate a nonexistent user by invoking sudo with a numeric uid that is not associated with any user. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sudo
NVD
EPSS 0% CVSS 7.0
HIGH POC This Week

Sudo through 1.8.29 allows local users to escalate to root if they have write access to file descriptor 3 of the sudo process. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Race Condition Privilege Escalation Sudo
NVD GitHub
EPSS 64% CVSS 8.8
HIGH POC PATCH THREAT This Week

In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Sudo Fedora +13
NVD Exploit-DB
EPSS 1% CVSS 7.0
HIGH PATCH This Week

The SHA-2 digest support in the sudoers plugin in sudo after 1.8.7 allows local users with write permissions to parts of the called command to replace them before it is executed. Rated high severity (CVSS 7.0).

Race Condition Information Disclosure Sudo
NVD
EPSS 0% CVSS 8.2
HIGH This Week

Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation (embedded newlines) in the get_process_ttyname() function resulting in information disclosure and command. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Sudo
NVD
EPSS 20% CVSS 6.4
MEDIUM POC THREAT This Month

Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution. Rated medium severity (CVSS 6.4). Public exploit code available and EPSS exploitation probability 19.9%.

Race Condition Information Disclosure Sudo
NVD Exploit-DB
EPSS 0% CVSS 3.3
LOW POC Monitor

sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access (but not view file contents). Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Sudo
NVD
EPSS 0% CVSS 7.0
HIGH This Week

sudo_noexec.so in Sudo before 1.8.15 on Linux might allow local users to bypass intended noexec command restrictions via an application that calls the (1) system or (2) popen function. Rated high severity (CVSS 7.0). No vendor patch available.

Authentication Bypass Sudo
NVD
EPSS 6% CVSS 7.2
HIGH POC This Week

sudoedit in Sudo before 1.8.15 allows local users to gain privileges via a symlink attack on a file whose full path is defined using multiple wildcards in /etc/sudoers, as demonstrated by. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Sudo
NVD Exploit-DB
EPSS 0% CVSS 6.6
MEDIUM PATCH This Month

Sudo 1.6.9 before 1.8.5, when env_reset is disabled, does not properly check environment variables for the env_delete restriction, which allows local users with sudo permissions to bypass intended. Rated medium severity (CVSS 6.6).

Authentication Bypass Mac Os X Sudo
NVD VulDB
EPSS 0% CVSS 4.4
MEDIUM This Month

sudo before 1.7.10p5 and 1.8.x before 1.8.6p6, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to. Rated medium severity (CVSS 4.4). No vendor patch available.

Privilege Escalation Mac Os X Sudo
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

sudo 1.3.5 through 1.7.10p5 and 1.8.0 through 1.8.6p6, when running on systems without /proc or the sysctl function with the tty_tickets option enabled, does not properly validate the controlling. Rated medium severity (CVSS 4.4). No vendor patch available.

Privilege Escalation Sudo Mac Os X
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

sudo 1.3.5 through 1.7.10 and 1.8.0 through 1.8.5, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions. Rated medium severity (CVSS 4.4). No vendor patch available.

Privilege Escalation Mac Os X Sudo
NVD
EPSS 8% CVSS 6.9
MEDIUM POC This Month

sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by. Rated medium severity (CVSS 6.9). Public exploit code available and no vendor patch available.

Privilege Escalation Sudo Mac Os X
NVD Exploit-DB
EPSS 0% CVSS 5.6
MEDIUM POC This Month

A certain Red Hat script for sudo 1.7.2 on Red Hat Enterprise Linux (RHEL) 5 allows local users to overwrite arbitrary files via a symlink attack on the /var/tmp/nsswitch.conf.bak temporary file. Rated medium severity (CVSS 5.6). Public exploit code available and no vendor patch available.

Red Hat Information Disclosure Sudo +1
NVD
EPSS 0% CVSS 7.2
HIGH This Week

sudo 1.6.x and 1.7.x before 1.7.9p1, and 1.8.x before 1.8.4p5, does not properly support configurations that use a netmask syntax, which allows local users to bypass intended command restrictions in. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Sudo
NVD
EPSS 46% 4.3 CVSS 7.2
HIGH POC THREAT Act Now

Format string vulnerability in the sudo_debug function in Sudo 1.8.0 through 1.8.3p1 allows local users to execute arbitrary code via format string sequences in the program name for sudo. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 45.6%.

RCE Sudo
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy