CVE-2025-32462
- EPSS 17.4%
- Veröffentlicht 30.06.2025 00:00:00
- Zuletzt bearbeitet 03.11.2025 20:18:27
Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines.
CVE-2025-32463
- EPSS 23.09%
- Veröffentlicht 30.06.2025 00:00:00
- Zuletzt bearbeitet 05.11.2025 19:26:48
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
CVE-2019-19232
- EPSS 2.87%
- Veröffentlicht 19.12.2019 21:15:13
- Zuletzt bearbeitet 21.11.2024 04:34:23
In Sudo through 1.8.29, an attacker with access to a Runas ALL sudoer account can impersonate a nonexistent user by invoking sudo with a numeric uid that is not associated with any user. NOTE: The software maintainer believes that this is not a vulne...
CVE-2019-19234
- EPSS 4.08%
- Veröffentlicht 19.12.2019 21:15:13
- Zuletzt bearbeitet 21.11.2024 04:34:23
In Sudo through 1.8.29, the fact that a user has been blocked (e.g., by using the ! character in the shadow file instead of a password hash) is not considered, allowing an attacker (who has access to a Runas ALL sudoer account) to impersonate any blo...