Search Results (Refine Search)
- CPE Product Version: cpe:/a:sudo_project:sudo:1.8.3:p2
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2014-9680 |
sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access (but not view file contents) by running a program within an sudo session, as demonstrated by interfering with terminal output, discarding kernel-log messages, or repositioning tape drives. Published: April 24, 2017; 2:59:00 AM -0400 |
V3.0: 3.3 LOW V2.0: 2.1 LOW |