VYPR
Vendor

Gratisoft

Products
1
CVEs
8
Across products
8
Status
Private

Products

1

Recent CVEs

8
  • CVE-2009-0034HigJan 30, 2009
    risk 0.51cvss 7.8epss 0.00

    parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via…

  • CVE-2002-0184HigMay 16, 2002
    risk 0.47cvss 7.8epss 0.01

    Sudo before 1.6.6 contains an off-by-one error that can result in a heap-based buffer overflow that may allow local users to gain root privileges via special characters in the -p (prompt) argument, which are not properly expanded.

  • CVE-2021-3156KEVJan 26, 2021
    risk 0.22cvss epss 0.99

    Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.

  • CVE-2023-22809Jan 18, 2023
    risk 0.07cvss epss 0.55

    In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to…

  • CVE-2001-0279May 3, 2001
    risk 0.03cvss epss 0.01

    Buffer overflow in sudo earlier than 1.6.3p6 allows local users to gain root privileges.

  • CVE-2023-42465Dec 22, 2023
    risk 0.00cvss epss 0.01

    Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because the values do not resist flips of a single bit.

  • CVE-2022-43995Nov 2, 2022
    risk 0.00cvss epss 0.00

    Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven…

  • CVE-1999-0958Jan 12, 1998
    risk 0.00cvss epss 0.00

    sudo 1.5.x allows local users to execute arbitrary commands via a .. (dot dot) attack.