CVE ID | Publié | Description | Score | Gravité |
---|---|---|---|---|
Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because the values do not resist flips of a single bit. | 7 |
Haute |
||
Sudo before 1.9.13 does not escape control characters in log messages. | 5.3 |
Moyen |
||
Sudo before 1.9.13 does not escape control characters in sudoreplay output. | 5.3 |
Moyen |
||
Sudo before 1.9.13p2 has a double free in the per-command chroot feature. | 7.2 |
Haute |