pkg:Debian/sudo

All known vulnerabilities

• HIGH7.8CVE-2025-32463⚠ KEVSudo Inclusion of Functionality from Untrusted Control Sphere Vulnerability
  from 0, < 1.9.16p2-3
• HIGH7.8CVE-2021-3156⚠ KEVsudo - security update
  from 0, < 1.8.19p1-2.1+deb9u3
• HIGH7.8⚠ KEVsudo - security update
  from 0, < 1.8.27-1+deb10u3
• HIGH7.8⚠ KEVsudo - security update
  from 0, < 1.9.5p1-1.1
• HIGH8.8sudo - security update
  from 0, < 1.9.13p3-1+deb12u2
• HIGH8.8sudo - security update
  from 0, < 1.9.5p2-3+deb11u2
• HIGH8.8sudo - security update
  from 0, < 1.9.5p2-3+deb11u2
• HIGH8.8A flaw was found in sudo in the handling of ipa_hostname, where ipa_hostname from /etc/sssd/sssd.conf was not propagated in sudo.
  from 0, < 1.8.28p1-1
• HIGH8.8sudo - security update
  from 0, < 1.8.10p3-1+deb8u6
• HIGH8.8sudo - security update
  from 0, < 1.8.19p1-2.1+deb9u1
• HIGH8.8sudo - security update
  from 0, < 1.8.27-1.1
• HIGH8.2sudo - security update
  from 0, < 1.8.20p1-1.1
• HIGH8.2sudo - security update
  from 0, < 1.8.5p2-1+nmu3+deb7u4
• HIGH7.8sudo - security update
  from 0, < 1.8.27-1+deb10u5
• HIGH7.8sudo - security update
  from 0, < 1.9.5p2-3+deb11u1
• HIGH7.8sudo - security update
  from 0, < 1.9.5p2-3+deb11u1
• HIGH7.8selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges b…
  from 0, < 1.9.5-1
• HIGH7.8sudo - security update
  from 0, < 1.8.10p3-1+deb8u7
• HIGH7.8sudo - security update
  from 0, < 1.8.19p1-2.1+deb9u2
• HIGH7.8sudo - security update
  from 0, < 1.8.31-1
• HIGH7.8There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via "su - user -c program".
  from 0, < 1.7.4p4
• HIGH7.8sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp() C libr…
  from 0, < 1.8.18p1-1
• HIGH7.8parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly interpret a system group (aka %group) in the sudoers file during authorization…
  from 0, < 1.6.9p17-2
• HIGH7.5In Sudo through 1.8.29, the fact that a user has been blocked (e.g., by using the ! character in the shadow file instead of a password hash…
  from 0, < 1.8.31-1
• HIGH7.5In Sudo through 1.8.29, an attacker with access to a Runas ALL sudoer account can impersonate a nonexistent user by invoking sudo with a nu…
  from 0, < 1.8.31-1
• HIGH7.4In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the maile…
  from 0
• HIGH7.2Sudo before 1.9.13p2 has a double free in the per-command chroot feature.
  from 0, < 1.9.13p3-1
• HIGH7.1Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can r…
  from 0
• HIGH7.0Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes i…
  from 0
• HIGH7.0The SHA-2 digest support in the sudoers plugin in sudo after 1.8.7 allows local users with write permissions to parts of the called command…
  from 0, < 1.8.17p1-1
• HIGH7.0sudo - security update
  from 0, < 1.8.5p2-1+nmu3+deb7u2
• HIGH7.0sudo - security update
  from 0, < 1.8.15-1
• MEDIUM6.4sudo - security update
  from 0, < 1.8.20p1-1
• MEDIUM6.4sudo - security update
  from 0, < 1.8.10p3-1+deb8u4
• MEDIUM6.4sudo - security update
  from 0, < 1.8.5p2-1+nmu3+deb7u3
• MEDIUM5.3Sudo before 1.9.13 does not escape control characters in sudoreplay output.
  from 0, < 1.9.5p2-3+deb11u3
• MEDIUM5.3sudo - security update
  from 0, < 1.8.27-1+deb10u6
• MEDIUM5.3sudo - security update
  from 0, < 1.9.5p2-3+deb11u3
• MEDIUM5.3sudo - security update
  from 0, < 1.9.5p2-3+deb11u3
• LOW3.3sudo - security update
  from 0, < 1.8.12-1
• LOW3.3sudo - security update
  from 0, < 1.8.5p2-1+nmu2
• LOW2.5sudo - security update
  from 0, < 1.8.27-1+deb10u4
• LOW2.5sudo - security update
  from 0, < 1.9.5-1
• —sudo - security update
  from 0, < 1.8.15-1.1
• —sudo - security update
  from 0, < 1.8.5p2-1+nmu3+deb7u1
• —sudo - security update
  from 0, < 1.7.4p4-2.squeeze.6
• —sudo - security update
  from 0, < 1.7.4p4-2.squeeze.5
• —sudo - security update
  from 0, < 1.8.5p2-1
• —sudo before 1.7.10p5 and 1.8.x before 1.8.6p6, when the tty_tickets option is enabled, does not properly validate the controlling terminal…
  from 0, < 1.8.5p2-1+nmu1
• —sudo 1.3.5 through 1.7.10p5 and 1.8.0 through 1.8.6p6, when running on systems without /proc or the sysctl function with the tty_tickets op…
  from 0, < 1.8.5p2-1+nmu1
• —sudo 1.3.5 through 1.7.10 and 1.8.0 through 1.8.5, when the tty_tickets option is enabled, does not properly validate the controlling termi…
  from 0, < 1.8.5p2-1+nmu1
• —sudo - several issues
  from 0, < 1.8.5p2-1+nmu1
• —sudo - several issues
  from 0, < 1.7.4p4-2.squeeze.4
• —sudo - parsing error
  from 0, < 1.7.4p4-2.squeeze.3
• —sudo - parsing error
  from 0, < 1.8.3p2-1.1
• —Format string vulnerability in the sudo_debug function in Sudo 1.8.0 through 1.8.3p1 allows local users to execute arbitrary code via forma…
  from 0, < 1.8.3p2-1
• —check.c in sudo 1.7.x before 1.7.4p5, when a Runas group is configured, does not require a password for command execution that involves a g…
  from 0, < 1.7.4p4-6
• —Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not properly handle use of the -u option in conjunction with the -g opti…
  from 0, < 1.7.4p4-1
• —sudo - environment sanitization bypass
  from 0, < 1.6.9p17-3
• —sudo - environment sanitization bypass
  from 0, < 1.7.2p7-1
• —The command matching functionality in sudo 1.6.8 through 1.7.2p5 does not properly handle when a file in the current working directory has…
  from 0, < 1.7.2p6-1
• —sudo 1.6.x before 1.6.9p21, when the runas_default option is used, does not properly set group memberships, which allows local users to gai…
  from 0, < 1.7.0-1
• —sudo - several vulnerabilities
  from 0, < 1.7.2p1-1.2
• —sudo - several vulnerabilities
  from 0, < 1.6.9p17-2+lenny1
• —sudo in SUSE openSUSE 10.3 does not clear the stdin buffer when password entry times out, which might allow local users to obtain a passwor…
  from 0, < 1.6.9p12-1
• —sudo 1.6.8 and other versions does not clear the PYTHONINSPECT environment variable, which allows limited local users to gain privileges vi…
  from 0, < 1.6.8p12-1
• —sudo - missing input sanitising
  from 0, < 1.6.6-1.6
• —sudo - missing input sanitising
  from 0, < 1.6.8p12-1
• —sudo - missing input sanitising
  from 0, < 1.6.6-1.4
• —sudo - missing input sanitising
  from 0, < 1.6.8p9-3
• —sudo - pathname validation race
  from 0, < 1.6.8p9-1
• —sudo - pathname validation race
  from 0, < 1.6.6-1.3woody1
• —sudo - pathname validation race
  from 0, < 1.6.6-1.3woody1
• —Sudo VISudo 1.6.8 and earlier allows local users to corrupt arbitrary files via a symlink attack on temporary files.
  from 0
• —sudo - missing input sanitising
  from 0, < 1.6.6-1.3
• —sudo - missing input sanitising
  from 0, < 1.6.8p3-1
• —sudoedit (aka sudo -e) in sudo 1.6.8 opens a temporary file with root privileges, which allows local users to read arbitrary files via a sy…
  from 0, < 1.6.8p3-1