Filtered by vendor Sudo Project
Subscribe
Search
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-23239 | 3 Fedoraproject, Netapp, Sudo Project | 4 Fedora, Hci Management Node, Solidfire and 1 more | 2021-02-10 | 1.9 LOW | 2.5 LOW |
| The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path. | |||||
| CVE-2014-9680 | 1 Sudo Project | 1 Sudo | 2018-01-05 | 2.1 LOW | 3.3 LOW |
| sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access (but not view file contents) by running a program within an sudo session, as demonstrated by interfering with terminal output, discarding kernel-log messages, or repositioning tape drives. | |||||