) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
Search Parameters:
- CPE Product Version: cpe:/a:sudo_project:sudo:1.8.9:p2
There are 2 matching records.
Displaying matches 1 through 2.
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2015-8239 |
The SHA-2 digest support in the sudoers plugin in sudo after 1.8.7 allows local users with write permissions to parts of the called command to replace them before it is executed. Published: October 10, 2017; 12:29:00 PM -0400 |
V3.0: 7.0 HIGH V2.0: 6.9 MEDIUM |
| CVE-2014-9680 |
sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access (but not view file contents) by running a program within an sudo session, as demonstrated by interfering with terminal output, discarding kernel-log messages, or repositioning tape drives. Published: April 24, 2017; 2:59:00 AM -0400 |
V3.0: 3.3 LOW V2.0: 2.1 LOW |