CVE ID | Published | Description | Score | Severity |
---|---|---|---|---|
Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because the values do not resist flips of a single bit. | 7 |
High |
||
Sudo before 1.9.13 does not escape control characters in log messages. | 5.3 |
Medium |
||
Sudo before 1.9.13 does not escape control characters in sudoreplay output. | 5.3 |
Medium |
||
Sudo before 1.9.13p2 has a double free in the per-command chroot feature. | 7.2 |
High |