Sudo_project Sudo
6 CVEs affecting Sudo_project Sudo. Latest disclosed: 2026-04-03. Critical: 0, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2017-1000368 | High | 8.2 | 2017-06-05 | Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation (embedded newlines) in the get_process_ttyname() function resulting in inf… |
CVE-2026-35535 | High | 7.4 | 2026-04-03 | In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not a fatal er… |
CVE-2015-8239 | High | 7.0 | 2017-10-10 | The SHA-2 digest support in the sudoers plugin in sudo after 1.8.7 allows local users with write permissions to parts of the called command to replace them bef… |
CVE-2017-1000367 | Medium | 6.4 | 2017-06-05 | Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in informa… |
CVE-2014-9680 | Low | 3.3 | 2017-04-24 | sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for re… |
CVE-2015-5602 | | 2015-11-17 | sudoedit in Sudo before 1.8.15 allows local users to gain privileges via a symlink attack on a file whose full path is defined using multiple wildcards in /etc… |