) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
Search Parameters:
- CPE Product Version: cpe:/a:sudo_project:sudo:1.8.3:p2
There are 1 matching records.
Displaying matches 1 through 1.
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2014-9680 |
sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access (but not view file contents) by running a program within an sudo session, as demonstrated by interfering with terminal output, discarding kernel-log messages, or repositioning tape drives. Published: April 24, 2017; 2:59:00 AM -0400 |
V3.0: 3.3 LOW V2.0: 2.1 LOW |