Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1036716?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1036716?format=api", "purl": "pkg:deb/debian/sudo@1.8.10p3-1%2Bdeb8u5", "type": "deb", "namespace": "debian", "name": "sudo", "version": "1.8.10p3-1+deb8u5", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1.9.13p3-1+deb12u4", "latest_non_vulnerable_version": "1.9.17p2-5", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31219?format=api", "vulnerability_id": "VCID-1cuy-x9m9-p3c4", "summary": "Multiple vulnerabilities have been found in sudo, the worst of\n which could result in privilege escalation.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3156.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3156.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3156", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.92201", "scoring_system": "epss", "scoring_elements": "0.99718", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.92309", "scoring_system": "epss", "scoring_elements": "0.99721", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.92309", "scoring_system": "epss", "scoring_elements": "0.99722", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.92309", "scoring_system": "epss", "scoring_elements": "0.9972", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.92456", "scoring_system": "epss", "scoring_elements": "0.99737", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.92483", "scoring_system": "epss", "scoring_elements": "0.99733", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.92483", "scoring_system": "epss", "scoring_elements": "0.99732", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.92483", "scoring_system": "epss", "scoring_elements": "0.9973", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.92533", "scoring_system": "epss", "scoring_elements": "0.99742", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.92533", "scoring_system": "epss", "scoring_elements": "0.99743", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.92533", "scoring_system": "epss", "scoring_elements": "0.99744", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3156" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3156", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3156" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/01/27/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T15:43:52Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2021/01/27/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/02/15/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T15:43:52Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2021/02/15/1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1917684", "reference_id": "1917684", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1917684" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/01/27/2", "reference_id": "2", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T15:43:52Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2021/01/27/2" }, { "reference_url": "http://seclists.org/fulldisclosure/2024/Feb/3", "reference_id": "3", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T15:43:52Z/" } ], "url": "http://seclists.org/fulldisclosure/2024/Feb/3" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2021/01/26/3", "reference_id": "3", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T15:43:52Z/" } ], "url": "https://www.openwall.com/lists/oss-security/2021/01/26/3" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/01/26/3", "reference_id": "3", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T15:43:52Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2021/01/26/3" }, { "reference_url": "http://seclists.org/fulldisclosure/2021/Feb/42", "reference_id": "42", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T15:43:52Z/" } ], "url": "http://seclists.org/fulldisclosure/2021/Feb/42" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/01/30/6", "reference_id": "6", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T15:43:52Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/01/30/6" }, { "reference_url": "http://seclists.org/fulldisclosure/2021/Jan/79", "reference_id": "79", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T15:43:52Z/" } ], "url": "http://seclists.org/fulldisclosure/2021/Jan/79" }, { "reference_url": "https://www.kb.cert.org/vuls/id/794544", "reference_id": "794544", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T15:43:52Z/" } ], "url": "https://www.kb.cert.org/vuls/id/794544" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/01/30/8", "reference_id": "8", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T15:43:52Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/01/30/8" }, { "reference_url": "https://security.archlinux.org/ASA-202101-25", "reference_id": "ASA-202101-25", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202101-25" }, { "reference_url": "https://security.archlinux.org/AVG-1431", "reference_id": "AVG-1431", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1431" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CALA5FTXIQBRRYUA2ZQNJXB6OQMAXEII/", "reference_id": "CALA5FTXIQBRRYUA2ZQNJXB6OQMAXEII", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T15:43:52Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CALA5FTXIQBRRYUA2ZQNJXB6OQMAXEII/" }, { "reference_url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sudo-privesc-jan2021-qnYQfcM", "reference_id": "cisco-sa-sudo-privesc-jan2021-qnYQfcM", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T15:43:52Z/" } ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sudo-privesc-jan2021-qnYQfcM" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/local/49521.py", "reference_id": "CVE-2021-3156", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/local/49521.py" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/local/49522.c", "reference_id": "CVE-2021-3156", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/local/49522.c" }, { "reference_url": "https://www.debian.org/security/2021/dsa-4839", "reference_id": "dsa-4839", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T15:43:52Z/" } ], "url": "https://www.debian.org/security/2021/dsa-4839" }, { "reference_url": "http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html", "reference_id": "glibc-syslog-Heap-Based-Buffer-Overflow.html", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T15:43:52Z/" } ], "url": "http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html" }, { "reference_url": "https://security.gentoo.org/glsa/202101-33", "reference_id": "GLSA-202101-33", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T15:43:52Z/" } ], "url": "https://security.gentoo.org/glsa/202101-33" }, { "reference_url": "https://support.apple.com/kb/HT212177", "reference_id": "HT212177", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T15:43:52Z/" } ], "url": "https://support.apple.com/kb/HT212177" }, { "reference_url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10348", "reference_id": "index?page=content&id=SB10348", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T15:43:52Z/" } ], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10348" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LHXK6ICO5AYLGFK2TAX5MZKUXTUKWOJY/", "reference_id": "LHXK6ICO5AYLGFK2TAX5MZKUXTUKWOJY", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T15:43:52Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LHXK6ICO5AYLGFK2TAX5MZKUXTUKWOJY/" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00022.html", "reference_id": "msg00022.html", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T15:43:52Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00022.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210128-0001/", "reference_id": "ntap-20210128-0001", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T15:43:52Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20210128-0001/" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210128-0002/", "reference_id": "ntap-20210128-0002", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T15:43:52Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20210128-0002/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0218", "reference_id": "RHSA-2021:0218", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0218" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0219", "reference_id": "RHSA-2021:0219", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0219" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0220", "reference_id": "RHSA-2021:0220", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0220" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0221", "reference_id": "RHSA-2021:0221", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0221" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0222", "reference_id": "RHSA-2021:0222", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0222" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0223", "reference_id": "RHSA-2021:0223", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0223" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0224", "reference_id": "RHSA-2021:0224", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0224" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0225", "reference_id": "RHSA-2021:0225", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0225" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0226", "reference_id": "RHSA-2021:0226", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0226" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0227", "reference_id": "RHSA-2021:0227", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0227" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0395", "reference_id": "RHSA-2021:0395", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0395" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0401", "reference_id": "RHSA-2021:0401", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0401" }, { "reference_url": "https://www.beyondtrust.com/blog/entry/security-advisory-privilege-management-for-unix-linux-pmul-basic-and-privilege-management-for-mac-pmm-affected-by-sudo-vulnerability", "reference_id": "security-advisory-privilege-management-for-unix-linux-pmul-basic-and-privilege-management-for-mac-pmm-affected-by-sudo-vulnerability", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T15:43:52Z/" } ], "url": "https://www.beyondtrust.com/blog/entry/security-advisory-privilege-management-for-unix-linux-pmul-basic-and-privilege-management-for-mac-pmm-affected-by-sudo-vulnerability" }, { "reference_url": "https://www.sudo.ws/stable.html#1.9.5p2", "reference_id": "stable.html#1.9.5p2", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T15:43:52Z/" } ], "url": "https://www.sudo.ws/stable.html#1.9.5p2" }, { "reference_url": "http://packetstormsecurity.com/files/161293/Sudo-1.8.31p2-1.9.5p1-Buffer-Overflow.html", "reference_id": "Sudo-1.8.31p2-1.9.5p1-Buffer-Overflow.html", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T15:43:52Z/" } ], "url": "http://packetstormsecurity.com/files/161293/Sudo-1.8.31p2-1.9.5p1-Buffer-Overflow.html" }, { "reference_url": "http://packetstormsecurity.com/files/161270/Sudo-1.9.5p1-Buffer-Overflow-Privilege-Escalation.html", "reference_id": "Sudo-1.9.5p1-Buffer-Overflow-Privilege-Escalation.html", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T15:43:52Z/" } ], "url": "http://packetstormsecurity.com/files/161270/Sudo-1.9.5p1-Buffer-Overflow-Privilege-Escalation.html" }, { "reference_url": "http://packetstormsecurity.com/files/161230/Sudo-Buffer-Overflow-Privilege-Escalation.html", "reference_id": "Sudo-Buffer-Overflow-Privilege-Escalation.html", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T15:43:52Z/" } ], "url": "http://packetstormsecurity.com/files/161230/Sudo-Buffer-Overflow-Privilege-Escalation.html" }, { "reference_url": "https://www.vicarius.io/vsociety/posts/sudoedit-pwned-cve-2021-3156", "reference_id": "sudoedit-pwned-cve-2021-3156", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T15:43:52Z/" } ], "url": "https://www.vicarius.io/vsociety/posts/sudoedit-pwned-cve-2021-3156" }, { "reference_url": "http://packetstormsecurity.com/files/161160/Sudo-Heap-Based-Buffer-Overflow.html", "reference_id": "Sudo-Heap-Based-Buffer-Overflow.html", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T15:43:52Z/" } ], "url": "http://packetstormsecurity.com/files/161160/Sudo-Heap-Based-Buffer-Overflow.html" }, { "reference_url": "https://www.synology.com/security/advisory/Synology_SA_21_02", "reference_id": "Synology_SA_21_02", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T15:43:52Z/" } ], "url": "https://www.synology.com/security/advisory/Synology_SA_21_02" }, { "reference_url": "https://usn.ubuntu.com/4705-1/", "reference_id": "USN-4705-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4705-1/" }, { "reference_url": "https://usn.ubuntu.com/4705-2/", "reference_id": "USN-4705-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4705-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037908?format=api", "purl": "pkg:deb/debian/sudo@1.8.27-1%2Bdeb10u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1cuy-x9m9-p3c4" }, { "vulnerability": "VCID-3hfe-p6e3-tbe9" }, { "vulnerability": "VCID-7w9w-4whw-9bgk" }, { "vulnerability": "VCID-9fh6-mr57-wba8" }, { "vulnerability": "VCID-enw3-mnnx-myd5" }, { "vulnerability": "VCID-esf1-4zw7-5fcy" }, { "vulnerability": "VCID-ethj-8jmj-5fdh" }, { "vulnerability": "VCID-k42r-mk4h-mbbg" }, { "vulnerability": "VCID-ngg5-bqw7-bbc4" }, { "vulnerability": "VCID-p5yv-48ry-dfe7" }, { "vulnerability": "VCID-pj45-2vrx-6fcv" }, { "vulnerability": "VCID-pyfy-88dw-9ba8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/sudo@1.8.27-1%252Bdeb10u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1026139?format=api", "purl": "pkg:deb/debian/sudo@1.9.5p2-3%2Bdeb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3hfe-p6e3-tbe9" }, { "vulnerability": "VCID-e9ra-cfnz-m3hg" }, { "vulnerability": "VCID-ethj-8jmj-5fdh" }, { "vulnerability": "VCID-m9xh-9ac2-eycq" }, { "vulnerability": "VCID-ngg5-bqw7-bbc4" }, { "vulnerability": "VCID-pwmy-f5qe-s3d1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/sudo@1.9.5p2-3%252Bdeb11u1" } ], "aliases": [ "CVE-2021-3156" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1cuy-x9m9-p3c4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49312?format=api", "vulnerability_id": "VCID-3hfe-p6e3-tbe9", "summary": "Multiple vulnerabilities have been found in sudo, the worst of which can result in root privilege escalation.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28487.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28487.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28487", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.29098", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.333", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33344", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33378", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33381", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33339", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33316", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33356", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33332", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33297", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33145", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33129", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33049", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.32932", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33001", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33462", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28487" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28487", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28487" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179273", "reference_id": "2179273", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179273" }, { "reference_url": "https://security.gentoo.org/glsa/202309-12", "reference_id": "GLSA-202309-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202309-12" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0811", "reference_id": "RHSA-2024:0811", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0811" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1383", "reference_id": "RHSA-2024:1383", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1383" }, { "reference_url": "https://usn.ubuntu.com/6005-1/", "reference_id": "USN-6005-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6005-1/" }, { "reference_url": "https://usn.ubuntu.com/6005-2/", "reference_id": "USN-6005-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6005-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026140?format=api", "purl": "pkg:deb/debian/sudo@1.9.13p3-1%2Bdeb12u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-m9xh-9ac2-eycq" }, { "vulnerability": "VCID-pwmy-f5qe-s3d1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/sudo@1.9.13p3-1%252Bdeb12u3" } ], "aliases": [ "CVE-2023-28487" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3hfe-p6e3-tbe9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84818?format=api", "vulnerability_id": "VCID-71wy-ujxu-bbfj", "summary": "sudo: noexec bypass via wordexp()", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-2872.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2016-2872.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7076.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7076.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-7076", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.22873", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.22703", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.22731", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.22725", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.2272", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.2262", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23042", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23086", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.22876", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.22948", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23019", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.22982", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.22926", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.22941", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.22935", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.22898", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-7076" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7076", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7076" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7076", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7076" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:M/Au:S/C:C/I:C/A:C" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20181127-0002/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20181127-0002/" }, { "reference_url": "https://www.sudo.ws/alerts/noexec_wordexp.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.sudo.ws/alerts/noexec_wordexp.html" }, { "reference_url": "http://www.securityfocus.com/bid/95778", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/95778" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384982", "reference_id": "1384982", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384982" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842507", "reference_id": "842507", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842507" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:sudo_project:sudo:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7076", "reference_id": "CVE-2016-7076", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:N/C:C/I:C/A:C" }, { "value": "6.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7076" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2872", "reference_id": "RHSA-2016:2872", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2872" }, { "reference_url": "https://usn.ubuntu.com/3968-1/", "reference_id": "USN-3968-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3968-1/" }, { "reference_url": "https://usn.ubuntu.com/3968-3/", "reference_id": "USN-3968-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3968-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036993?format=api", "purl": "pkg:deb/debian/sudo@1.8.19p1-2.1%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1cuy-x9m9-p3c4" }, { "vulnerability": "VCID-3hfe-p6e3-tbe9" }, { "vulnerability": "VCID-7w9w-4whw-9bgk" }, { "vulnerability": "VCID-9fh6-mr57-wba8" }, { "vulnerability": "VCID-9y5c-e765-tqgt" }, { "vulnerability": "VCID-enw3-mnnx-myd5" }, { "vulnerability": "VCID-esf1-4zw7-5fcy" }, { "vulnerability": "VCID-ethj-8jmj-5fdh" }, { "vulnerability": "VCID-k42r-mk4h-mbbg" }, { "vulnerability": "VCID-ngg5-bqw7-bbc4" }, { "vulnerability": "VCID-p5yv-48ry-dfe7" }, { "vulnerability": "VCID-pj45-2vrx-6fcv" }, { "vulnerability": "VCID-pyfy-88dw-9ba8" }, { "vulnerability": "VCID-zd6m-f7x1-kkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/sudo@1.8.19p1-2.1%252Bdeb9u2" } ], "aliases": [ "CVE-2016-7076" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-71wy-ujxu-bbfj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31218?format=api", "vulnerability_id": "VCID-7w9w-4whw-9bgk", "summary": "Multiple vulnerabilities have been found in sudo, the worst of\n which could result in privilege escalation.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23240.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23240.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-23240", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00208", "scoring_system": "epss", "scoring_elements": "0.42958", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00208", "scoring_system": "epss", "scoring_elements": "0.43163", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00208", "scoring_system": "epss", "scoring_elements": "0.43097", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00208", "scoring_system": "epss", "scoring_elements": "0.43099", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00208", "scoring_system": "epss", "scoring_elements": "0.43017", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00208", "scoring_system": "epss", "scoring_elements": "0.42882", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00225", "scoring_system": "epss", "scoring_elements": "0.45164", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00225", "scoring_system": "epss", "scoring_elements": "0.45239", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00225", "scoring_system": "epss", "scoring_elements": "0.45206", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00225", "scoring_system": "epss", "scoring_elements": "0.45208", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00225", "scoring_system": "epss", "scoring_elements": "0.4526", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00225", "scoring_system": "epss", "scoring_elements": "0.45254", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00225", "scoring_system": "epss", "scoring_elements": "0.45118", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00225", "scoring_system": "epss", "scoring_elements": "0.45222", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00225", "scoring_system": "epss", "scoring_elements": "0.45218", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00225", "scoring_system": "epss", "scoring_elements": "0.45199", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-23240" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23240", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23240" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1915053", "reference_id": "1915053", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1915053" }, { "reference_url": "https://security.archlinux.org/AVG-1432", "reference_id": "AVG-1432", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1432" }, { "reference_url": "https://security.gentoo.org/glsa/202101-33", "reference_id": "GLSA-202101-33", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202101-33" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1723", "reference_id": "RHSA-2021:1723", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1723" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026139?format=api", "purl": "pkg:deb/debian/sudo@1.9.5p2-3%2Bdeb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3hfe-p6e3-tbe9" }, { "vulnerability": "VCID-e9ra-cfnz-m3hg" }, { "vulnerability": "VCID-ethj-8jmj-5fdh" }, { "vulnerability": "VCID-m9xh-9ac2-eycq" }, { "vulnerability": "VCID-ngg5-bqw7-bbc4" }, { "vulnerability": "VCID-pwmy-f5qe-s3d1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/sudo@1.9.5p2-3%252Bdeb11u1" } ], "aliases": [ "CVE-2021-23240" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7w9w-4whw-9bgk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/85458?format=api", "vulnerability_id": "VCID-8r7f-bt93-qqcq", "summary": "sudo: Race condition when checking digests in sudoers", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8239.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8239.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8239", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00876", "scoring_system": "epss", "scoring_elements": "0.75414", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00876", "scoring_system": "epss", "scoring_elements": "0.75377", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00876", "scoring_system": "epss", "scoring_elements": "0.75384", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00876", "scoring_system": "epss", "scoring_elements": "0.75243", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00876", "scoring_system": "epss", "scoring_elements": "0.75246", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00876", "scoring_system": "epss", "scoring_elements": "0.75278", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00876", "scoring_system": "epss", "scoring_elements": "0.75255", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00876", "scoring_system": "epss", "scoring_elements": "0.75298", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00876", "scoring_system": "epss", "scoring_elements": "0.75308", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00876", "scoring_system": "epss", "scoring_elements": "0.75329", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00876", "scoring_system": "epss", "scoring_elements": "0.75296", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00876", "scoring_system": "epss", "scoring_elements": "0.75336", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00876", "scoring_system": "epss", "scoring_elements": "0.75342", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00876", "scoring_system": "epss", "scoring_elements": "0.75333", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00876", "scoring_system": "epss", "scoring_elements": "0.75368", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00876", "scoring_system": "epss", "scoring_elements": "0.75372", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8239" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8239", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8239" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:S/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://www.sudo.ws/repos/sudo/rev/0cd3cc8fa195", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.sudo.ws/repos/sudo/rev/0cd3cc8fa195" }, { "reference_url": "https://www.sudo.ws/repos/sudo/rev/24a3d9215c64", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.sudo.ws/repos/sudo/rev/24a3d9215c64" }, { "reference_url": "https://www.sudo.ws/repos/sudo/rev/397722cdd7ec", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.sudo.ws/repos/sudo/rev/397722cdd7ec" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2015/11/18/22", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2015/11/18/22" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1283635", "reference_id": "1283635", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1283635" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=805563", "reference_id": "805563", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=805563" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:sudo_project:sudo:1.8.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.10:b1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:sudo_project:sudo:1.8.10:b1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.10:b1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.10:b2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:sudo_project:sudo:1.8.10:b2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.10:b2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.10:b3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:sudo_project:sudo:1.8.10:b3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.10:b3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.10:b4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:sudo_project:sudo:1.8.10:b4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.10:b4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.10:p1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:sudo_project:sudo:1.8.10:p1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.10:p1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.10:p2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:sudo_project:sudo:1.8.10:p2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.10:p2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.10:p3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:sudo_project:sudo:1.8.10:p3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.10:p3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.10:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:sudo_project:sudo:1.8.10:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.10:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.10:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:sudo_project:sudo:1.8.10:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.10:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.10:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:sudo_project:sudo:1.8.10:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.10:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:sudo_project:sudo:1.8.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.11:b1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:sudo_project:sudo:1.8.11:b1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.11:b1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.11:b2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:sudo_project:sudo:1.8.11:b2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.11:b2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.11:b3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:sudo_project:sudo:1.8.11:b3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.11:b3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.11:b4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:sudo_project:sudo:1.8.11:b4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.11:b4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.11:p1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:sudo_project:sudo:1.8.11:p1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.11:p1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.11:p2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:sudo_project:sudo:1.8.11:p2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.11:p2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.11:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:sudo_project:sudo:1.8.11:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.11:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.11:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:sudo_project:sudo:1.8.11:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.11:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:sudo_project:sudo:1.8.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.12:b1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:sudo_project:sudo:1.8.12:b1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.12:b1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.12:b2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:sudo_project:sudo:1.8.12:b2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.12:b2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.12:b3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:sudo_project:sudo:1.8.12:b3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.12:b3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.12:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:sudo_project:sudo:1.8.12:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.12:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.12:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:sudo_project:sudo:1.8.12:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.12:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:sudo_project:sudo:1.8.13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.13:b1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:sudo_project:sudo:1.8.13:b1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.13:b1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.13:b2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:sudo_project:sudo:1.8.13:b2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.13:b2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.13:b3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:sudo_project:sudo:1.8.13:b3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.13:b3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.13:b4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:sudo_project:sudo:1.8.13:b4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.13:b4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.13:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:sudo_project:sudo:1.8.13:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.13:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.13:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:sudo_project:sudo:1.8.13:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.13:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.14:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:sudo_project:sudo:1.8.14:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.14:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.14:b1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:sudo_project:sudo:1.8.14:b1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.14:b1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.14:b2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:sudo_project:sudo:1.8.14:b2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.14:b2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.14:b3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:sudo_project:sudo:1.8.14:b3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.14:b3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.14:b4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:sudo_project:sudo:1.8.14:b4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.14:b4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.14:p1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:sudo_project:sudo:1.8.14:p1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.14:p1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.14:p2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:sudo_project:sudo:1.8.14:p2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.14:p2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.14:p3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:sudo_project:sudo:1.8.14:p3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.14:p3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.14:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:sudo_project:sudo:1.8.14:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.14:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.15:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:sudo_project:sudo:1.8.15:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.15:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.15:b1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:sudo_project:sudo:1.8.15:b1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.15:b1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.15:b2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:sudo_project:sudo:1.8.15:b2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.15:b2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.15:b3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:sudo_project:sudo:1.8.15:b3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.15:b3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.15:b4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:sudo_project:sudo:1.8.15:b4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.15:b4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.15:b5:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:sudo_project:sudo:1.8.15:b5:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.15:b5:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.15:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:sudo_project:sudo:1.8.15:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.15:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.15:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:sudo_project:sudo:1.8.15:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.15:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.15:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:sudo_project:sudo:1.8.15:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.15:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:sudo_project:sudo:1.8.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.8:b1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:sudo_project:sudo:1.8.8:b1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.8:b1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.8:b2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:sudo_project:sudo:1.8.8:b2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.8:b2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.8:b3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:sudo_project:sudo:1.8.8:b3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.8:b3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.8:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:sudo_project:sudo:1.8.8:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.8:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:sudo_project:sudo:1.8.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.9:b1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:sudo_project:sudo:1.8.9:b1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.9:b1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.9:b2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:sudo_project:sudo:1.8.9:b2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.9:b2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.9:p1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:sudo_project:sudo:1.8.9:p1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.9:p1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.9:p2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:sudo_project:sudo:1.8.9:p2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.9:p2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.9:p3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:sudo_project:sudo:1.8.9:p3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.9:p3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.9:p4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:sudo_project:sudo:1.8.9:p4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.9:p4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.9:p5:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:sudo_project:sudo:1.8.9:p5:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.9:p5:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.9:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:sudo_project:sudo:1.8.9:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.9:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.9:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:sudo_project:sudo:1.8.9:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.8.9:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8239", "reference_id": "CVE-2015-8239", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:M/Au:N/C:C/I:C/A:C" }, { "value": "7.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8239" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036993?format=api", "purl": "pkg:deb/debian/sudo@1.8.19p1-2.1%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1cuy-x9m9-p3c4" }, { "vulnerability": "VCID-3hfe-p6e3-tbe9" }, { "vulnerability": "VCID-7w9w-4whw-9bgk" }, { "vulnerability": "VCID-9fh6-mr57-wba8" }, { "vulnerability": "VCID-9y5c-e765-tqgt" }, { "vulnerability": "VCID-enw3-mnnx-myd5" }, { "vulnerability": "VCID-esf1-4zw7-5fcy" }, { "vulnerability": "VCID-ethj-8jmj-5fdh" }, { "vulnerability": "VCID-k42r-mk4h-mbbg" }, { "vulnerability": "VCID-ngg5-bqw7-bbc4" }, { "vulnerability": "VCID-p5yv-48ry-dfe7" }, { "vulnerability": "VCID-pj45-2vrx-6fcv" }, { "vulnerability": "VCID-pyfy-88dw-9ba8" }, { "vulnerability": "VCID-zd6m-f7x1-kkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/sudo@1.8.19p1-2.1%252Bdeb9u2" } ], "aliases": [ "CVE-2015-8239" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8r7f-bt93-qqcq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59345?format=api", "vulnerability_id": "VCID-9a7y-2e2u-ebbf", "summary": "sudo is vulnerable to an escalation of privileges via a symlink\n attack.", "references": [ { "reference_url": "http://bugzilla.sudo.ws/show_bug.cgi?id=707", "reference_id": "", "reference_type": "", "scores": [], "url": "http://bugzilla.sudo.ws/show_bug.cgi?id=707" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171024.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171024.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171054.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171054.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5602.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5602.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5602", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05506", "scoring_system": "epss", "scoring_elements": "0.90286", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.05506", "scoring_system": "epss", "scoring_elements": "0.9019", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.05506", "scoring_system": "epss", "scoring_elements": "0.90193", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.05506", "scoring_system": "epss", "scoring_elements": "0.90205", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.05506", "scoring_system": "epss", "scoring_elements": "0.9021", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.05506", "scoring_system": "epss", "scoring_elements": "0.90226", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.05506", "scoring_system": "epss", "scoring_elements": "0.90232", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.05506", "scoring_system": "epss", "scoring_elements": "0.90241", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.05506", "scoring_system": "epss", "scoring_elements": "0.9024", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.05506", "scoring_system": "epss", "scoring_elements": "0.90234", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.05506", "scoring_system": "epss", "scoring_elements": "0.90252", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.05506", "scoring_system": "epss", "scoring_elements": "0.90248", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.05506", "scoring_system": "epss", "scoring_elements": "0.90262", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.05506", "scoring_system": "epss", "scoring_elements": "0.90261", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.05506", "scoring_system": "epss", "scoring_elements": "0.90258", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.05506", "scoring_system": "epss", "scoring_elements": "0.9027", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5602" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5602", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5602" }, { "reference_url": "https://www.exploit-db.com/exploits/37710/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.exploit-db.com/exploits/37710/" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3440", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2016/dsa-3440" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "reference_url": "http://www.securitytracker.com/id/1034392", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1034392" }, { "reference_url": "http://www.sudo.ws/stable.html#1.8.15", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.sudo.ws/stable.html#1.8.15" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1277426", "reference_id": "1277426", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1277426" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=804149", "reference_id": "804149", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=804149" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:sudo_project:sudo:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5602", "reference_id": "CVE-2015-5602", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:N/C:C/I:C/A:C" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5602" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/37710.txt", "reference_id": "CVE-2015-5602;OSVDB-125548", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/37710.txt" }, { "reference_url": "https://security.gentoo.org/glsa/201606-13", "reference_id": "GLSA-201606-13", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201606-13" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036993?format=api", "purl": "pkg:deb/debian/sudo@1.8.19p1-2.1%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1cuy-x9m9-p3c4" }, { "vulnerability": "VCID-3hfe-p6e3-tbe9" }, { "vulnerability": "VCID-7w9w-4whw-9bgk" }, { "vulnerability": "VCID-9fh6-mr57-wba8" }, { "vulnerability": "VCID-9y5c-e765-tqgt" }, { "vulnerability": "VCID-enw3-mnnx-myd5" }, { "vulnerability": "VCID-esf1-4zw7-5fcy" }, { "vulnerability": "VCID-ethj-8jmj-5fdh" }, { "vulnerability": "VCID-k42r-mk4h-mbbg" }, { "vulnerability": "VCID-ngg5-bqw7-bbc4" }, { "vulnerability": "VCID-p5yv-48ry-dfe7" }, { "vulnerability": "VCID-pj45-2vrx-6fcv" }, { "vulnerability": "VCID-pyfy-88dw-9ba8" }, { "vulnerability": "VCID-zd6m-f7x1-kkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/sudo@1.8.19p1-2.1%252Bdeb9u2" } ], "aliases": [ "CVE-2015-5602" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9a7y-2e2u-ebbf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82263?format=api", "vulnerability_id": "VCID-9fh6-mr57-wba8", "summary": "sudo: Improper handling of ipa_hostname leads to privilege mismanagement", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-7090.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-7090.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-7090", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.24216", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.24252", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.24037", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.24105", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.24151", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.24169", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.24127", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.2407", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.24083", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.24053", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.23928", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.23915", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.23874", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.2376", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.23843", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-7090" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7090", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7090" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255723", "reference_id": "2255723", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255723" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026139?format=api", "purl": "pkg:deb/debian/sudo@1.9.5p2-3%2Bdeb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3hfe-p6e3-tbe9" }, { "vulnerability": "VCID-e9ra-cfnz-m3hg" }, { "vulnerability": "VCID-ethj-8jmj-5fdh" }, { "vulnerability": "VCID-m9xh-9ac2-eycq" }, { "vulnerability": "VCID-ngg5-bqw7-bbc4" }, { "vulnerability": "VCID-pwmy-f5qe-s3d1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/sudo@1.9.5p2-3%252Bdeb11u1" } ], "aliases": [ "CVE-2023-7090" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9fh6-mr57-wba8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48142?format=api", "vulnerability_id": "VCID-9y5c-e765-tqgt", "summary": "A vulnerability in sudo allows local users to gain root privileges.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000368.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000368.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000368", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00148", "scoring_system": "epss", "scoring_elements": "0.34928", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00148", "scoring_system": "epss", "scoring_elements": "0.35322", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00148", "scoring_system": "epss", "scoring_elements": "0.35088", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00148", "scoring_system": "epss", "scoring_elements": "0.35067", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00148", "scoring_system": "epss", "scoring_elements": "0.34978", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00148", "scoring_system": "epss", "scoring_elements": "0.34856", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00166", "scoring_system": "epss", "scoring_elements": "0.37612", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00166", "scoring_system": "epss", "scoring_elements": "0.37676", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00166", "scoring_system": "epss", "scoring_elements": "0.37691", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00166", "scoring_system": "epss", "scoring_elements": "0.37656", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00166", "scoring_system": "epss", "scoring_elements": "0.37628", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00166", "scoring_system": "epss", "scoring_elements": "0.37675", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00166", "scoring_system": "epss", "scoring_elements": "0.37657", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00166", "scoring_system": "epss", "scoring_elements": "0.37526", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00166", "scoring_system": "epss", "scoring_elements": "0.37733", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00166", "scoring_system": "epss", "scoring_elements": "0.37663", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00166", "scoring_system": "epss", "scoring_elements": "0.37708", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000368" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000368", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000368" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:N/C:C/I:C/A:C" }, { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1459152", "reference_id": "1459152", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1459152" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863897", "reference_id": "863897", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863897" }, { "reference_url": "https://security.gentoo.org/glsa/201710-04", "reference_id": "GLSA-201710-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201710-04" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1574", "reference_id": "RHSA-2017:1574", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1574" }, { "reference_url": "https://usn.ubuntu.com/3968-1/", "reference_id": "USN-3968-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3968-1/" }, { "reference_url": "https://usn.ubuntu.com/3968-2/", "reference_id": "USN-3968-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3968-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037908?format=api", "purl": "pkg:deb/debian/sudo@1.8.27-1%2Bdeb10u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1cuy-x9m9-p3c4" }, { "vulnerability": "VCID-3hfe-p6e3-tbe9" }, { "vulnerability": "VCID-7w9w-4whw-9bgk" }, { "vulnerability": "VCID-9fh6-mr57-wba8" }, { "vulnerability": "VCID-enw3-mnnx-myd5" }, { "vulnerability": "VCID-esf1-4zw7-5fcy" }, { "vulnerability": "VCID-ethj-8jmj-5fdh" }, { "vulnerability": "VCID-k42r-mk4h-mbbg" }, { "vulnerability": "VCID-ngg5-bqw7-bbc4" }, { "vulnerability": "VCID-p5yv-48ry-dfe7" }, { "vulnerability": "VCID-pj45-2vrx-6fcv" }, { "vulnerability": "VCID-pyfy-88dw-9ba8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/sudo@1.8.27-1%252Bdeb10u3" } ], "aliases": [ "CVE-2017-1000368" ], "risk_score": 3.3, "exploitability": "0.5", "weighted_severity": "6.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9y5c-e765-tqgt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56450?format=api", "vulnerability_id": "VCID-enw3-mnnx-myd5", "summary": "A vulnerability has been discovered in sudo which could result in root privilege escalation.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22809.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22809.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22809", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.48016", "scoring_system": "epss", "scoring_elements": "0.97709", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.48016", "scoring_system": "epss", "scoring_elements": "0.97742", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.48016", "scoring_system": "epss", "scoring_elements": "0.9774", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.48016", "scoring_system": "epss", "scoring_elements": "0.97731", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.48016", "scoring_system": "epss", "scoring_elements": "0.97728", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.48016", "scoring_system": "epss", "scoring_elements": "0.97723", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.48016", "scoring_system": "epss", "scoring_elements": "0.97722", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.48016", "scoring_system": "epss", "scoring_elements": "0.97719", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.48016", "scoring_system": "epss", "scoring_elements": "0.97717", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.48016", "scoring_system": "epss", "scoring_elements": "0.97713", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.48605", "scoring_system": "epss", "scoring_elements": "0.9776", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.48605", "scoring_system": "epss", "scoring_elements": "0.97761", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.48605", "scoring_system": "epss", "scoring_elements": "0.97767", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.5353", "scoring_system": "epss", "scoring_elements": "0.97974", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.54539", "scoring_system": "epss", "scoring_elements": "0.98017", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22809" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22809", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22809" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/01/19/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-04T15:43:57Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/01/19/1" }, { "reference_url": "http://seclists.org/fulldisclosure/2023/Aug/21", "reference_id": "21", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-04T15:43:57Z/" } ], "url": "http://seclists.org/fulldisclosure/2023/Aug/21" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161142", "reference_id": "2161142", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161142" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2QDGFCGAV5QRJCE6IXRXIS4XJHS57DDH/", "reference_id": "2QDGFCGAV5QRJCE6IXRXIS4XJHS57DDH", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-04T15:43:57Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2QDGFCGAV5QRJCE6IXRXIS4XJHS57DDH/" }, { "reference_url": "http://packetstormsecurity.com/files/174234/Cisco-ThousandEyes-Enterprise-Agent-Virtual-Appliance-Arbitrary-File-Modification.html", "reference_id": "Cisco-ThousandEyes-Enterprise-Agent-Virtual-Appliance-Arbitrary-File-Modification.html", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-04T15:43:57Z/" } ], "url": "http://packetstormsecurity.com/files/174234/Cisco-ThousandEyes-Enterprise-Agent-Virtual-Appliance-Arbitrary-File-Modification.html" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/51217.sh", "reference_id": "CVE-2023-22809", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/51217.sh" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5321", "reference_id": "dsa-5321", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-04T15:43:57Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5321" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G4YNBTTKTRT2ME3NTSXAPTOKYUE47XHZ/", "reference_id": "G4YNBTTKTRT2ME3NTSXAPTOKYUE47XHZ", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-04T15:43:57Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G4YNBTTKTRT2ME3NTSXAPTOKYUE47XHZ/" }, { "reference_url": "https://security.gentoo.org/glsa/202305-12", "reference_id": "GLSA-202305-12", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-04T15:43:57Z/" } ], "url": "https://security.gentoo.org/glsa/202305-12" }, { "reference_url": "https://support.apple.com/kb/HT213758", "reference_id": "HT213758", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-04T15:43:57Z/" } ], "url": "https://support.apple.com/kb/HT213758" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00012.html", "reference_id": "msg00012.html", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-04T15:43:57Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00012.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230127-0015/", "reference_id": "ntap-20230127-0015", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-04T15:43:57Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20230127-0015/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0280", "reference_id": "RHSA-2023:0280", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0280" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0281", "reference_id": "RHSA-2023:0281", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0281" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0282", "reference_id": "RHSA-2023:0282", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0282" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0283", "reference_id": "RHSA-2023:0283", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0283" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0284", "reference_id": "RHSA-2023:0284", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0284" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0287", "reference_id": "RHSA-2023:0287", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0287" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0291", "reference_id": "RHSA-2023:0291", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0291" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0292", "reference_id": "RHSA-2023:0292", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0292" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0293", "reference_id": "RHSA-2023:0293", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0293" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0859", "reference_id": "RHSA-2023:0859", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0859" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3262", "reference_id": "RHSA-2023:3262", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3262" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3264", "reference_id": "RHSA-2023:3264", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3264" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3276", "reference_id": "RHSA-2023:3276", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3276" }, { "reference_url": "http://packetstormsecurity.com/files/171644/sudo-1.9.12p1-Privilege-Escalation.html", "reference_id": "sudo-1.9.12p1-Privilege-Escalation.html", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-04T15:43:57Z/" } ], "url": "http://packetstormsecurity.com/files/171644/sudo-1.9.12p1-Privilege-Escalation.html" }, { "reference_url": "https://www.synacktiv.com/sites/default/files/2023-01/sudo-CVE-2023-22809.pdf", "reference_id": "sudo-CVE-2023-22809.pdf", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-04T15:43:57Z/" } ], "url": "https://www.synacktiv.com/sites/default/files/2023-01/sudo-CVE-2023-22809.pdf" }, { "reference_url": "https://www.sudo.ws/security/advisories/sudoedit_any/", "reference_id": "sudoedit_any", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-04T15:43:57Z/" } ], "url": "https://www.sudo.ws/security/advisories/sudoedit_any/" }, { "reference_url": "http://packetstormsecurity.com/files/172509/Sudoedit-Extra-Arguments-Privilege-Escalation.html", "reference_id": "Sudoedit-Extra-Arguments-Privilege-Escalation.html", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-04T15:43:57Z/" } ], "url": "http://packetstormsecurity.com/files/172509/Sudoedit-Extra-Arguments-Privilege-Escalation.html" }, { "reference_url": "https://usn.ubuntu.com/5811-1/", "reference_id": "USN-5811-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5811-1/" }, { "reference_url": "https://usn.ubuntu.com/5811-2/", "reference_id": "USN-5811-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5811-2/" }, { "reference_url": "https://usn.ubuntu.com/5811-3/", "reference_id": "USN-5811-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5811-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026139?format=api", "purl": "pkg:deb/debian/sudo@1.9.5p2-3%2Bdeb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3hfe-p6e3-tbe9" }, { "vulnerability": "VCID-e9ra-cfnz-m3hg" }, { "vulnerability": "VCID-ethj-8jmj-5fdh" }, { "vulnerability": "VCID-m9xh-9ac2-eycq" }, { "vulnerability": "VCID-ngg5-bqw7-bbc4" }, { "vulnerability": "VCID-pwmy-f5qe-s3d1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/sudo@1.9.5p2-3%252Bdeb11u1" } ], "aliases": [ "CVE-2023-22809" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-enw3-mnnx-myd5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81718?format=api", "vulnerability_id": "VCID-esf1-4zw7-5fcy", "summary": "sudo: attacker with access to a Runas ALL sudoer account can impersonate a nonexistent user", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19232.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19232.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-19232", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02868", "scoring_system": "epss", "scoring_elements": "0.862", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02868", "scoring_system": "epss", "scoring_elements": "0.8621", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02868", "scoring_system": "epss", "scoring_elements": "0.86224", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02868", "scoring_system": "epss", "scoring_elements": "0.86243", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02868", "scoring_system": "epss", "scoring_elements": "0.86254", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02868", "scoring_system": "epss", "scoring_elements": "0.86268", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02868", "scoring_system": "epss", "scoring_elements": "0.86266", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02868", "scoring_system": "epss", "scoring_elements": "0.86262", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02868", "scoring_system": "epss", "scoring_elements": "0.86277", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.02868", "scoring_system": "epss", "scoring_elements": "0.86282", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.02868", "scoring_system": "epss", "scoring_elements": "0.86275", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.02868", "scoring_system": "epss", "scoring_elements": "0.86294", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.02868", "scoring_system": "epss", "scoring_elements": "0.86304", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.02868", "scoring_system": "epss", "scoring_elements": "0.86323", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.02868", "scoring_system": "epss", "scoring_elements": "0.86345", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-19232" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19232", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19232" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1786704", "reference_id": "1786704", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1786704" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947225", "reference_id": "947225", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947225" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1804", "reference_id": "RHSA-2020:1804", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1804" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026139?format=api", "purl": "pkg:deb/debian/sudo@1.9.5p2-3%2Bdeb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3hfe-p6e3-tbe9" }, { "vulnerability": "VCID-e9ra-cfnz-m3hg" }, { "vulnerability": "VCID-ethj-8jmj-5fdh" }, { "vulnerability": "VCID-m9xh-9ac2-eycq" }, { "vulnerability": "VCID-ngg5-bqw7-bbc4" }, { "vulnerability": "VCID-pwmy-f5qe-s3d1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/sudo@1.9.5p2-3%252Bdeb11u1" } ], "aliases": [ "CVE-2019-19232" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-esf1-4zw7-5fcy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49311?format=api", "vulnerability_id": "VCID-ethj-8jmj-5fdh", "summary": "Multiple vulnerabilities have been found in sudo, the worst of which can result in root privilege escalation.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28486.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28486.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28486", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.29098", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.333", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33344", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33378", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33381", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33339", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33316", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33356", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33332", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33297", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33145", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33129", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33049", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.32932", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33001", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33462", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28486" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28486", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28486" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179272", "reference_id": "2179272", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179272" }, { "reference_url": "https://security.gentoo.org/glsa/202309-12", "reference_id": "GLSA-202309-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202309-12" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0811", "reference_id": "RHSA-2024:0811", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0811" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1383", "reference_id": "RHSA-2024:1383", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1383" }, { "reference_url": "https://usn.ubuntu.com/6005-1/", "reference_id": "USN-6005-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6005-1/" }, { "reference_url": "https://usn.ubuntu.com/6005-2/", "reference_id": "USN-6005-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6005-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026140?format=api", "purl": "pkg:deb/debian/sudo@1.9.13p3-1%2Bdeb12u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-m9xh-9ac2-eycq" }, { "vulnerability": "VCID-pwmy-f5qe-s3d1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/sudo@1.9.13p3-1%252Bdeb12u3" } ], "aliases": [ "CVE-2023-28486" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ethj-8jmj-5fdh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51623?format=api", "vulnerability_id": "VCID-j63t-xqk3-p3dk", "summary": "A vulnerability in sudo could allow a local attacker to read\n arbitrary files or bypass security restrictions.", "references": [ { "reference_url": "http://openwall.com/lists/oss-security/2014/10/15/24", "reference_id": "", "reference_type": "", "scores": [], "url": "http://openwall.com/lists/oss-security/2014/10/15/24" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-1409.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2015-1409.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9680.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9680.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9680", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0041", "scoring_system": "epss", "scoring_elements": "0.61304", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.0041", "scoring_system": "epss", "scoring_elements": "0.6136", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0041", "scoring_system": "epss", "scoring_elements": "0.61354", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0041", "scoring_system": "epss", "scoring_elements": "0.61207", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0041", "scoring_system": "epss", "scoring_elements": "0.61287", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0041", "scoring_system": "epss", "scoring_elements": "0.61315", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0041", "scoring_system": "epss", "scoring_elements": "0.61284", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0041", "scoring_system": "epss", "scoring_elements": "0.61331", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0041", "scoring_system": "epss", "scoring_elements": "0.61346", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0041", "scoring_system": "epss", "scoring_elements": "0.61367", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0041", "scoring_system": "epss", "scoring_elements": "0.61352", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.0041", "scoring_system": "epss", "scoring_elements": "0.61333", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0041", "scoring_system": "epss", "scoring_elements": "0.61372", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0041", "scoring_system": "epss", "scoring_elements": "0.61376", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0041", "scoring_system": "epss", "scoring_elements": "0.61356", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0041", "scoring_system": "epss", "scoring_elements": "0.61345", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9680" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9680", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9680" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:M/Au:S/C:C/I:C/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "http://www.securitytracker.com/id/1033158", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1033158" }, { "reference_url": "http://www.sudo.ws/alerts/tz.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.sudo.ws/alerts/tz.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191144", "reference_id": "1191144", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191144" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772707", "reference_id": "772707", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772707" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:*:p2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:sudo_project:sudo:*:p2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:*:p2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-9680", "reference_id": "CVE-2014-9680", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:N/C:P/I:N/A:N" }, { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-9680" }, { "reference_url": "https://security.gentoo.org/glsa/201504-02", "reference_id": "GLSA-201504-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201504-02" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1409", "reference_id": "RHSA-2015:1409", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:1409" }, { "reference_url": "https://usn.ubuntu.com/2533-1/", "reference_id": "USN-2533-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2533-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036993?format=api", "purl": "pkg:deb/debian/sudo@1.8.19p1-2.1%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1cuy-x9m9-p3c4" }, { "vulnerability": "VCID-3hfe-p6e3-tbe9" }, { "vulnerability": "VCID-7w9w-4whw-9bgk" }, { "vulnerability": "VCID-9fh6-mr57-wba8" }, { "vulnerability": "VCID-9y5c-e765-tqgt" }, { "vulnerability": "VCID-enw3-mnnx-myd5" }, { "vulnerability": "VCID-esf1-4zw7-5fcy" }, { "vulnerability": "VCID-ethj-8jmj-5fdh" }, { "vulnerability": "VCID-k42r-mk4h-mbbg" }, { "vulnerability": "VCID-ngg5-bqw7-bbc4" }, { "vulnerability": "VCID-p5yv-48ry-dfe7" }, { "vulnerability": "VCID-pj45-2vrx-6fcv" }, { "vulnerability": "VCID-pyfy-88dw-9ba8" }, { "vulnerability": "VCID-zd6m-f7x1-kkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/sudo@1.8.19p1-2.1%252Bdeb9u2" } ], "aliases": [ "CVE-2014-9680" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j63t-xqk3-p3dk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31216?format=api", "vulnerability_id": "VCID-k42r-mk4h-mbbg", "summary": "Multiple vulnerabilities have been found in sudo, the worst of\n which could result in privilege escalation.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23239.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23239.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-23239", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26482", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26681", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26624", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26616", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26545", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26412", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.3593", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.36002", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.36008", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.3597", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.35945", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.35985", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.35971", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.35875", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.36095", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.35979", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.36066", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-23239" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23239", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23239" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1915052", "reference_id": "1915052", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1915052" }, { "reference_url": "https://security.archlinux.org/ASA-202101-25", "reference_id": "ASA-202101-25", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202101-25" }, { "reference_url": "https://security.archlinux.org/AVG-1431", "reference_id": "AVG-1431", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1431" }, { "reference_url": "https://security.gentoo.org/glsa/202101-33", "reference_id": "GLSA-202101-33", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202101-33" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1723", "reference_id": "RHSA-2021:1723", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1723" }, { "reference_url": "https://usn.ubuntu.com/4705-1/", "reference_id": "USN-4705-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4705-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026139?format=api", "purl": "pkg:deb/debian/sudo@1.9.5p2-3%2Bdeb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3hfe-p6e3-tbe9" }, { "vulnerability": "VCID-e9ra-cfnz-m3hg" }, { "vulnerability": "VCID-ethj-8jmj-5fdh" }, { "vulnerability": "VCID-m9xh-9ac2-eycq" }, { "vulnerability": "VCID-ngg5-bqw7-bbc4" }, { "vulnerability": "VCID-pwmy-f5qe-s3d1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/sudo@1.9.5p2-3%252Bdeb11u1" } ], "aliases": [ "CVE-2021-23239" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k42r-mk4h-mbbg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84817?format=api", "vulnerability_id": "VCID-kzje-6t7q-rudw", "summary": "sudo: noexec bypass via system() and popen()", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-2872.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2016-2872.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7032.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7032.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-7032", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14645", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14537", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14582", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14525", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14401", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14696", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.1477", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14576", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14665", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14724", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14685", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14647", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14591", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14483", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14488", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14553", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14584", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-7032" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7032", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7032" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:M/Au:S/C:C/I:C/A:C" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://www.sudo.ws/alerts/noexec_bypass.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.sudo.ws/alerts/noexec_bypass.html" }, { "reference_url": "http://www.securityfocus.com/bid/95776", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/95776" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372830", "reference_id": "1372830", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372830" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.6.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:todd_miller:sudo:1.6.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.6.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.6.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:todd_miller:sudo:1.6.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.6.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:todd_miller:sudo:1.7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.7.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:todd_miller:sudo:1.7.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.7.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.7.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:todd_miller:sudo:1.7.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.7.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.7.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:todd_miller:sudo:1.7.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.7.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.7.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:todd_miller:sudo:1.7.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.7.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.7.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:todd_miller:sudo:1.7.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.7.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.7.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:todd_miller:sudo:1.7.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.7.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.7.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:todd_miller:sudo:1.7.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.7.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.7.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:todd_miller:sudo:1.7.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.7.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.7.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:todd_miller:sudo:1.7.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.7.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.7.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:todd_miller:sudo:1.7.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.7.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:todd_miller:sudo:1.8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.8.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:todd_miller:sudo:1.8.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.8.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.8.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:todd_miller:sudo:1.8.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.8.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.8.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:todd_miller:sudo:1.8.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.8.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.8.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:todd_miller:sudo:1.8.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.8.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.8.13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:todd_miller:sudo:1.8.13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.8.13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.8.14:p3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:todd_miller:sudo:1.8.14:p3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.8.14:p3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.8.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:todd_miller:sudo:1.8.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.8.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.8.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:todd_miller:sudo:1.8.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.8.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.8.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:todd_miller:sudo:1.8.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.8.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.8.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:todd_miller:sudo:1.8.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.8.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.8.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:todd_miller:sudo:1.8.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.8.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.8.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:todd_miller:sudo:1.8.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.8.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.8.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:todd_miller:sudo:1.8.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.8.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.8.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:todd_miller:sudo:1.8.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.8.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7032", "reference_id": "CVE-2016-7032", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:M/Au:N/C:C/I:C/A:C" }, { "value": "7.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7032" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2872", "reference_id": "RHSA-2016:2872", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2872" }, { "reference_url": "https://usn.ubuntu.com/3968-3/", "reference_id": "USN-3968-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3968-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036993?format=api", "purl": "pkg:deb/debian/sudo@1.8.19p1-2.1%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1cuy-x9m9-p3c4" }, { "vulnerability": "VCID-3hfe-p6e3-tbe9" }, { "vulnerability": "VCID-7w9w-4whw-9bgk" }, { "vulnerability": "VCID-9fh6-mr57-wba8" }, { "vulnerability": "VCID-9y5c-e765-tqgt" }, { "vulnerability": "VCID-enw3-mnnx-myd5" }, { "vulnerability": "VCID-esf1-4zw7-5fcy" }, { "vulnerability": "VCID-ethj-8jmj-5fdh" }, { "vulnerability": "VCID-k42r-mk4h-mbbg" }, { "vulnerability": "VCID-ngg5-bqw7-bbc4" }, { "vulnerability": "VCID-p5yv-48ry-dfe7" }, { "vulnerability": "VCID-pj45-2vrx-6fcv" }, { "vulnerability": "VCID-pyfy-88dw-9ba8" }, { "vulnerability": "VCID-zd6m-f7x1-kkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/sudo@1.8.19p1-2.1%252Bdeb9u2" } ], "aliases": [ "CVE-2016-7032" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kzje-6t7q-rudw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36653?format=api", "vulnerability_id": "VCID-ngg5-bqw7-bbc4", "summary": "Multiple vulnerabilities have been discovered in sudo, the worst of which could result in privilege escalation.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32462.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32462.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-32462", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.21724", "scoring_system": "epss", "scoring_elements": "0.95744", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.21724", "scoring_system": "epss", "scoring_elements": "0.95716", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.21724", "scoring_system": "epss", "scoring_elements": "0.95743", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.21724", "scoring_system": "epss", "scoring_elements": "0.95739", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.21724", "scoring_system": "epss", "scoring_elements": "0.95735", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.21724", "scoring_system": "epss", "scoring_elements": "0.95727", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.21724", "scoring_system": "epss", "scoring_elements": "0.95723", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.21724", "scoring_system": "epss", "scoring_elements": "0.95761", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.21724", "scoring_system": "epss", "scoring_elements": "0.95759", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.21724", "scoring_system": "epss", "scoring_elements": "0.95757", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.21724", "scoring_system": "epss", "scoring_elements": "0.95754", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.21724", "scoring_system": "epss", "scoring_elements": "0.95742", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.30014", "scoring_system": "epss", "scoring_elements": "0.96669", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.30014", "scoring_system": "epss", "scoring_elements": "0.96679", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.30014", "scoring_system": "epss", "scoring_elements": "0.96682", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.33452", "scoring_system": "epss", "scoring_elements": "0.96945", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-32462" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32462", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32462" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2025/06/30/2", "reference_id": "2", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-01T13:25:34Z/" } ], "url": "https://www.openwall.com/lists/oss-security/2025/06/30/2" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374692", "reference_id": "2374692", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374692" }, { "reference_url": "https://www.sudo.ws/security/advisories/", "reference_id": "advisories", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-01T13:25:34Z/" } ], "url": "https://www.sudo.ws/security/advisories/" }, { "reference_url": "https://www.sudo.ws/releases/changelog/", "reference_id": "changelog", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-01T13:25:34Z/" } ], "url": "https://www.sudo.ws/releases/changelog/" }, { "reference_url": "https://access.redhat.com/security/cve/cve-2025-32462", "reference_id": "cve-2025-32462", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-01T13:25:34Z/" } ], "url": "https://access.redhat.com/security/cve/cve-2025-32462" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/52354.txt", "reference_id": "CVE-2025-32462", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/52354.txt" }, { "reference_url": "https://security-tracker.debian.org/tracker/CVE-2025-32462", "reference_id": "CVE-2025-32462", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-01T13:25:34Z/" } ], "url": "https://security-tracker.debian.org/tracker/CVE-2025-32462" }, { "reference_url": "https://explore.alas.aws.amazon.com/CVE-2025-32462.html", "reference_id": "CVE-2025-32462.html", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-01T13:25:34Z/" } ], "url": "https://explore.alas.aws.amazon.com/CVE-2025-32462.html" }, { "reference_url": "https://www.suse.com/security/cve/CVE-2025-32462.html", "reference_id": "CVE-2025-32462.html", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-01T13:25:34Z/" } ], "url": "https://www.suse.com/security/cve/CVE-2025-32462.html" }, { "reference_url": "https://security.gentoo.org/glsa/202507-01", "reference_id": "GLSA-202507-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202507-01" }, { "reference_url": "https://www.sudo.ws/security/advisories/host_any/", "reference_id": "host_any", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-01T13:25:34Z/" } ], "url": "https://www.sudo.ws/security/advisories/host_any/" }, { "reference_url": "https://lists.debian.org/debian-security-announce/2025/msg00118.html", "reference_id": "msg00118.html", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-01T13:25:34Z/" } ], "url": "https://lists.debian.org/debian-security-announce/2025/msg00118.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10110", "reference_id": "RHSA-2025:10110", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10110" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10383", "reference_id": "RHSA-2025:10383", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10383" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10518", "reference_id": "RHSA-2025:10518", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10518" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10520", "reference_id": "RHSA-2025:10520", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10520" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10707", "reference_id": "RHSA-2025:10707", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10707" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10767", "reference_id": "RHSA-2025:10767", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10767" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10771", "reference_id": "RHSA-2025:10771", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10771" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10779", "reference_id": "RHSA-2025:10779", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10779" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10781", "reference_id": "RHSA-2025:10781", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10781" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10835", "reference_id": "RHSA-2025:10835", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10835" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10836", "reference_id": "RHSA-2025:10836", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10836" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10871", "reference_id": "RHSA-2025:10871", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10871" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:11537", "reference_id": "RHSA-2025:11537", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:11537" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12323", "reference_id": "RHSA-2025:12323", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:12323" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12370", "reference_id": "RHSA-2025:12370", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:12370" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12437", "reference_id": "RHSA-2025:12437", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:12437" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13289", "reference_id": "RHSA-2025:13289", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13289" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15672", "reference_id": "RHSA-2025:15672", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15672" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9978", "reference_id": "RHSA-2025:9978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9978" }, { "reference_url": "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2025-32462", "reference_id": "show_bug.cgi?id=CVE-2025-32462", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-01T13:25:34Z/" } ], "url": "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2025-32462" }, { "reference_url": "https://www.secpod.com/blog/sudo-lpe-vulnerabilities-resolved-what-you-need-to-know-about-cve-2025-32462-and-cve-2025-32463/", "reference_id": "sudo-lpe-vulnerabilities-resolved-what-you-need-to-know-about-cve-2025-32462-and-cve-2025-32463", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-01T13:25:34Z/" } ], "url": "https://www.secpod.com/blog/sudo-lpe-vulnerabilities-resolved-what-you-need-to-know-about-cve-2025-32462-and-cve-2025-32463/" }, { "reference_url": "https://ubuntu.com/security/notices/USN-7604-1", "reference_id": "USN-7604-1", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-01T13:25:34Z/" } ], "url": "https://ubuntu.com/security/notices/USN-7604-1" }, { "reference_url": "https://usn.ubuntu.com/7604-1/", "reference_id": "USN-7604-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7604-1/" }, { "reference_url": "https://usn.ubuntu.com/7604-2/", "reference_id": "USN-7604-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7604-2/" }, { "reference_url": "https://www.stratascale.com/vulnerability-alert-CVE-2025-32462-sudo-host", "reference_id": "vulnerability-alert-CVE-2025-32462-sudo-host", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-01T13:25:34Z/" } ], "url": "https://www.stratascale.com/vulnerability-alert-CVE-2025-32462-sudo-host" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026140?format=api", "purl": "pkg:deb/debian/sudo@1.9.13p3-1%2Bdeb12u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-m9xh-9ac2-eycq" }, { "vulnerability": "VCID-pwmy-f5qe-s3d1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/sudo@1.9.13p3-1%252Bdeb12u3" } ], "aliases": [ "CVE-2025-32462" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ngg5-bqw7-bbc4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34977?format=api", "vulnerability_id": "VCID-p5yv-48ry-dfe7", "summary": "Multiple vulnerabilities have been found in sudo, the worst of\n which could result in privilege escalation.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-18634.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-18634.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-18634", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.87468", "scoring_system": "epss", "scoring_elements": "0.99467", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.87468", "scoring_system": "epss", "scoring_elements": "0.99459", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.87468", "scoring_system": "epss", "scoring_elements": "0.99462", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.87468", "scoring_system": "epss", "scoring_elements": "0.99463", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.87468", "scoring_system": "epss", "scoring_elements": "0.99465", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.87468", "scoring_system": "epss", "scoring_elements": "0.99466", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.87468", "scoring_system": "epss", "scoring_elements": "0.99455", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.87468", "scoring_system": "epss", "scoring_elements": "0.99456", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.87468", "scoring_system": "epss", "scoring_elements": "0.99457", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.87468", "scoring_system": "epss", "scoring_elements": "0.99458", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.87602", "scoring_system": "epss", "scoring_elements": "0.99468", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.88561", "scoring_system": "epss", "scoring_elements": "0.995", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.88561", "scoring_system": "epss", "scoring_elements": "0.99498", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-18634" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18634", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18634" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1796944", "reference_id": "1796944", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1796944" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950371", "reference_id": "950371", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950371" }, { "reference_url": "https://security.archlinux.org/ASA-202002-2", "reference_id": "ASA-202002-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202002-2" }, { "reference_url": "https://security.archlinux.org/AVG-1093", "reference_id": "AVG-1093", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1093" }, { "reference_url": "https://github.com/Plazmaz/CVE-2019-18634/blob/b348e738a83fd4180b3ec26ed216535547f3bb8a/self-contained.sh", "reference_id": "CVE-2019-18634", "reference_type": "exploit", "scores": [], "url": "https://github.com/Plazmaz/CVE-2019-18634/blob/b348e738a83fd4180b3ec26ed216535547f3bb8a/self-contained.sh" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/47995.txt", "reference_id": "CVE-2019-18634", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/47995.txt" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/48052.sh", "reference_id": "CVE-2019-18634", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/48052.sh" }, { "reference_url": "https://security.gentoo.org/glsa/202003-12", "reference_id": "GLSA-202003-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-12" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0487", "reference_id": "RHSA-2020:0487", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0487" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0509", "reference_id": "RHSA-2020:0509", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0509" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0540", "reference_id": "RHSA-2020:0540", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0540" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0726", "reference_id": "RHSA-2020:0726", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0726" }, { "reference_url": "https://usn.ubuntu.com/4263-1/", "reference_id": "USN-4263-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4263-1/" }, { "reference_url": "https://usn.ubuntu.com/4263-2/", "reference_id": "USN-4263-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4263-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036993?format=api", "purl": "pkg:deb/debian/sudo@1.8.19p1-2.1%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1cuy-x9m9-p3c4" }, { "vulnerability": "VCID-3hfe-p6e3-tbe9" }, { "vulnerability": "VCID-7w9w-4whw-9bgk" }, { "vulnerability": "VCID-9fh6-mr57-wba8" }, { "vulnerability": "VCID-9y5c-e765-tqgt" }, { "vulnerability": "VCID-enw3-mnnx-myd5" }, { "vulnerability": "VCID-esf1-4zw7-5fcy" }, { "vulnerability": "VCID-ethj-8jmj-5fdh" }, { "vulnerability": "VCID-k42r-mk4h-mbbg" }, { "vulnerability": "VCID-ngg5-bqw7-bbc4" }, { "vulnerability": "VCID-p5yv-48ry-dfe7" }, { "vulnerability": "VCID-pj45-2vrx-6fcv" }, { "vulnerability": "VCID-pyfy-88dw-9ba8" }, { "vulnerability": "VCID-zd6m-f7x1-kkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/sudo@1.8.19p1-2.1%252Bdeb9u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1026139?format=api", "purl": "pkg:deb/debian/sudo@1.9.5p2-3%2Bdeb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3hfe-p6e3-tbe9" }, { "vulnerability": "VCID-e9ra-cfnz-m3hg" }, { "vulnerability": "VCID-ethj-8jmj-5fdh" }, { "vulnerability": "VCID-m9xh-9ac2-eycq" }, { "vulnerability": "VCID-ngg5-bqw7-bbc4" }, { "vulnerability": "VCID-pwmy-f5qe-s3d1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/sudo@1.9.5p2-3%252Bdeb11u1" } ], "aliases": [ "CVE-2019-18634" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p5yv-48ry-dfe7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34976?format=api", "vulnerability_id": "VCID-pj45-2vrx-6fcv", "summary": "Multiple vulnerabilities have been found in sudo, the worst of\n which could result in privilege escalation.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00042.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00042.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00047.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00047.html" }, { "reference_url": "http://packetstormsecurity.com/files/154853/Slackware-Security-Advisory-sudo-Updates.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://packetstormsecurity.com/files/154853/Slackware-Security-Advisory-sudo-Updates.html" }, { "reference_url": "https://access.redhat.com/errata/RHBA-2019:3248", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHBA-2019:3248" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14287.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14287.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14287", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.85814", "scoring_system": "epss", "scoring_elements": "0.99377", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.85814", "scoring_system": "epss", "scoring_elements": "0.99389", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.85814", "scoring_system": "epss", "scoring_elements": "0.99386", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.85814", "scoring_system": "epss", "scoring_elements": "0.99385", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.85814", "scoring_system": "epss", "scoring_elements": "0.99387", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.85814", "scoring_system": "epss", "scoring_elements": "0.99388", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.85814", "scoring_system": "epss", "scoring_elements": "0.99378", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.85814", "scoring_system": "epss", "scoring_elements": "0.99379", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.85814", "scoring_system": "epss", "scoring_elements": "0.99381", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.85814", "scoring_system": "epss", "scoring_elements": "0.99382", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.85814", "scoring_system": "epss", "scoring_elements": "0.99384", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14287" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14287", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14287" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00022.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00022.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IP7SIOAVLSKJGMTIULX52VQUPTVSC43U/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IP7SIOAVLSKJGMTIULX52VQUPTVSC43U/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NPLAM57TPJQGKQMNG6RHFBLACD6K356N/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NPLAM57TPJQGKQMNG6RHFBLACD6K356N/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TUVAOZBYUHZS56A5FQSCDVGXT7PW7FL2/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TUVAOZBYUHZS56A5FQSCDVGXT7PW7FL2/" }, { "reference_url": "https://resources.whitesourcesoftware.com/blog-whitesource/new-vulnerability-in-sudo-cve-2019-14287", "reference_id": "", "reference_type": "", "scores": [], "url": "https://resources.whitesourcesoftware.com/blog-whitesource/new-vulnerability-in-sudo-cve-2019-14287" }, { "reference_url": "https://seclists.org/bugtraq/2019/Oct/20", "reference_id": "", "reference_type": "", "scores": [], "url": "https://seclists.org/bugtraq/2019/Oct/20" }, { "reference_url": "https://seclists.org/bugtraq/2019/Oct/21", "reference_id": "", "reference_type": "", "scores": [], "url": "https://seclists.org/bugtraq/2019/Oct/21" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20191017-0003/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20191017-0003/" }, { "reference_url": "https://support.f5.com/csp/article/K53746212?utm_source=f5support&%3Butm_medium=RSS", "reference_id": "", "reference_type": "", "scores": [], "url": "https://support.f5.com/csp/article/K53746212?utm_source=f5support&%3Butm_medium=RSS" }, { "reference_url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03976en_us", "reference_id": "", "reference_type": "", "scores": [], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03976en_us" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4543", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2019/dsa-4543" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2019/10/15/2", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.openwall.com/lists/oss-security/2019/10/15/2" }, { "reference_url": "https://www.sudo.ws/alerts/minus_1_uid.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.sudo.ws/alerts/minus_1_uid.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2019/10/14/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2019/10/14/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2019/10/24/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2019/10/24/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2019/10/29/3", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2019/10/29/3" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/09/14/2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2021/09/14/2" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760531", "reference_id": "1760531", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760531" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942322", "reference_id": "942322", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942322" }, { "reference_url": "https://security.archlinux.org/ASA-201910-9", "reference_id": "ASA-201910-9", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201910-9" }, { "reference_url": "https://security.archlinux.org/AVG-1047", "reference_id": "AVG-1047", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1047" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:element_software_management_node:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:netapp:element_software_management_node:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:element_software_management_node:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:4.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:openshift_container_platform:4.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:4.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:virtualization:4.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:virtualization:4.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:virtualization:4.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:sudo_project:sudo:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/47502.py", "reference_id": "CVE-2019-14287", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/47502.py" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14287", "reference_id": "CVE-2019-14287", "reference_type": "", "scores": [ { "value": "9.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:C/I:C/A:C" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14287" }, { "reference_url": "https://security.gentoo.org/glsa/202003-12", "reference_id": "GLSA-202003-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-12" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3197", "reference_id": "RHSA-2019:3197", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3197" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3204", "reference_id": "RHSA-2019:3204", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3204" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3205", "reference_id": "RHSA-2019:3205", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3205" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3209", "reference_id": "RHSA-2019:3209", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3209" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3219", "reference_id": "RHSA-2019:3219", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3219" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3278", "reference_id": "RHSA-2019:3278", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3278" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3694", "reference_id": "RHSA-2019:3694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3694" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3754", "reference_id": "RHSA-2019:3754", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3754" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3755", "reference_id": "RHSA-2019:3755", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3755" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3895", "reference_id": "RHSA-2019:3895", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3895" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3916", "reference_id": "RHSA-2019:3916", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3916" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3941", "reference_id": "RHSA-2019:3941", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3941" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4191", "reference_id": "RHSA-2019:4191", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:4191" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0388", "reference_id": "RHSA-2020:0388", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0388" }, { "reference_url": "https://usn.ubuntu.com/4154-1/", "reference_id": "USN-4154-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4154-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036993?format=api", "purl": "pkg:deb/debian/sudo@1.8.19p1-2.1%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1cuy-x9m9-p3c4" }, { "vulnerability": "VCID-3hfe-p6e3-tbe9" }, { "vulnerability": "VCID-7w9w-4whw-9bgk" }, { "vulnerability": "VCID-9fh6-mr57-wba8" }, { "vulnerability": "VCID-9y5c-e765-tqgt" }, { "vulnerability": "VCID-enw3-mnnx-myd5" }, { "vulnerability": "VCID-esf1-4zw7-5fcy" }, { "vulnerability": "VCID-ethj-8jmj-5fdh" }, { "vulnerability": "VCID-k42r-mk4h-mbbg" }, { "vulnerability": "VCID-ngg5-bqw7-bbc4" }, { "vulnerability": "VCID-p5yv-48ry-dfe7" }, { "vulnerability": "VCID-pj45-2vrx-6fcv" }, { "vulnerability": "VCID-pyfy-88dw-9ba8" }, { "vulnerability": "VCID-zd6m-f7x1-kkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/sudo@1.8.19p1-2.1%252Bdeb9u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037908?format=api", "purl": "pkg:deb/debian/sudo@1.8.27-1%2Bdeb10u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1cuy-x9m9-p3c4" }, { "vulnerability": "VCID-3hfe-p6e3-tbe9" }, { "vulnerability": "VCID-7w9w-4whw-9bgk" }, { "vulnerability": "VCID-9fh6-mr57-wba8" }, { "vulnerability": "VCID-enw3-mnnx-myd5" }, { "vulnerability": "VCID-esf1-4zw7-5fcy" }, { "vulnerability": "VCID-ethj-8jmj-5fdh" }, { "vulnerability": "VCID-k42r-mk4h-mbbg" }, { "vulnerability": "VCID-ngg5-bqw7-bbc4" }, { "vulnerability": "VCID-p5yv-48ry-dfe7" }, { "vulnerability": "VCID-pj45-2vrx-6fcv" }, { "vulnerability": "VCID-pyfy-88dw-9ba8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/sudo@1.8.27-1%252Bdeb10u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1026139?format=api", "purl": "pkg:deb/debian/sudo@1.9.5p2-3%2Bdeb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3hfe-p6e3-tbe9" }, { "vulnerability": "VCID-e9ra-cfnz-m3hg" }, { "vulnerability": "VCID-ethj-8jmj-5fdh" }, { "vulnerability": "VCID-m9xh-9ac2-eycq" }, { "vulnerability": "VCID-ngg5-bqw7-bbc4" }, { "vulnerability": "VCID-pwmy-f5qe-s3d1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/sudo@1.9.5p2-3%252Bdeb11u1" } ], "aliases": [ "CVE-2019-14287" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pj45-2vrx-6fcv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81719?format=api", "vulnerability_id": "VCID-pyfy-88dw-9ba8", "summary": "sudo: by using ! character in the shadow file instead of a password hash can access to a run as all sudoer account", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19234.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19234.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-19234", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04075", "scoring_system": "epss", "scoring_elements": "0.88492", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.04075", "scoring_system": "epss", "scoring_elements": "0.885", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.04075", "scoring_system": "epss", "scoring_elements": "0.88517", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.04075", "scoring_system": "epss", "scoring_elements": "0.8852", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.04075", "scoring_system": "epss", "scoring_elements": "0.88539", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.04075", "scoring_system": "epss", "scoring_elements": "0.88544", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.04075", "scoring_system": "epss", "scoring_elements": "0.88555", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.04075", "scoring_system": "epss", "scoring_elements": "0.88548", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.04075", "scoring_system": "epss", "scoring_elements": "0.88547", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.04075", "scoring_system": "epss", "scoring_elements": "0.88561", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.04075", "scoring_system": "epss", "scoring_elements": "0.88557", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.04075", "scoring_system": "epss", "scoring_elements": "0.88556", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.04075", "scoring_system": "epss", "scoring_elements": "0.88573", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.04075", "scoring_system": "epss", "scoring_elements": "0.88578", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.04075", "scoring_system": "epss", "scoring_elements": "0.88577", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.04075", "scoring_system": "epss", "scoring_elements": "0.8859", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.04075", "scoring_system": "epss", "scoring_elements": "0.88605", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-19234" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19234", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19234" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1786708", "reference_id": "1786708", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1786708" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947225", "reference_id": "947225", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947225" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1804", "reference_id": "RHSA-2020:1804", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1804" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026139?format=api", "purl": "pkg:deb/debian/sudo@1.9.5p2-3%2Bdeb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3hfe-p6e3-tbe9" }, { "vulnerability": "VCID-e9ra-cfnz-m3hg" }, { "vulnerability": "VCID-ethj-8jmj-5fdh" }, { "vulnerability": "VCID-m9xh-9ac2-eycq" }, { "vulnerability": "VCID-ngg5-bqw7-bbc4" }, { "vulnerability": "VCID-pwmy-f5qe-s3d1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/sudo@1.9.5p2-3%252Bdeb11u1" } ], "aliases": [ "CVE-2019-19234" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pyfy-88dw-9ba8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36531?format=api", "vulnerability_id": "VCID-zd6m-f7x1-kkaa", "summary": "A vulnerability in sudo allows local users to gain root privileges.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000367.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000367.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000367", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.19435", "scoring_system": "epss", "scoring_elements": "0.95348", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.19435", "scoring_system": "epss", "scoring_elements": "0.95383", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.19435", "scoring_system": "epss", "scoring_elements": "0.95385", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.19435", "scoring_system": "epss", "scoring_elements": "0.95393", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.19435", "scoring_system": "epss", "scoring_elements": "0.95397", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.19435", "scoring_system": "epss", "scoring_elements": "0.954", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.19435", "scoring_system": "epss", "scoring_elements": "0.95401", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.19435", "scoring_system": "epss", "scoring_elements": "0.95403", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.19435", "scoring_system": "epss", "scoring_elements": "0.95358", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.19435", "scoring_system": "epss", "scoring_elements": "0.95364", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.19435", "scoring_system": "epss", "scoring_elements": "0.95369", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.19435", "scoring_system": "epss", "scoring_elements": "0.95376", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.19435", "scoring_system": "epss", "scoring_elements": "0.95378", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.19918", "scoring_system": "epss", "scoring_elements": "0.95495", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.19918", "scoring_system": "epss", "scoring_elements": "0.95479", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.19918", "scoring_system": "epss", "scoring_elements": "0.95488", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000367" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000367", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000367" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:M/Au:N/C:C/I:C/A:C" }, { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1453074", "reference_id": "1453074", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1453074" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863731", "reference_id": "863731", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863731" }, { "reference_url": "https://security.archlinux.org/ASA-201705-25", "reference_id": "ASA-201705-25", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201705-25" }, { "reference_url": "https://security.archlinux.org/AVG-282", "reference_id": "AVG-282", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-282" }, { "reference_url": "http://seclists.org/oss-sec/2017/q2/470", "reference_id": "CVE-2017-1000367", "reference_type": "exploit", "scores": [], "url": "http://seclists.org/oss-sec/2017/q2/470" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/42183.c", "reference_id": "CVE-2017-1000367", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/42183.c" }, { "reference_url": "https://security.gentoo.org/glsa/201705-15", "reference_id": "GLSA-201705-15", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201705-15" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1381", "reference_id": "RHSA-2017:1381", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1381" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1382", "reference_id": "RHSA-2017:1382", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1382" }, { "reference_url": "https://usn.ubuntu.com/3304-1/", "reference_id": "USN-3304-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3304-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037908?format=api", "purl": "pkg:deb/debian/sudo@1.8.27-1%2Bdeb10u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1cuy-x9m9-p3c4" }, { "vulnerability": "VCID-3hfe-p6e3-tbe9" }, { "vulnerability": "VCID-7w9w-4whw-9bgk" }, { "vulnerability": "VCID-9fh6-mr57-wba8" }, { "vulnerability": "VCID-enw3-mnnx-myd5" }, { "vulnerability": "VCID-esf1-4zw7-5fcy" }, { "vulnerability": "VCID-ethj-8jmj-5fdh" }, { "vulnerability": "VCID-k42r-mk4h-mbbg" }, { "vulnerability": "VCID-ngg5-bqw7-bbc4" }, { "vulnerability": "VCID-p5yv-48ry-dfe7" }, { "vulnerability": "VCID-pj45-2vrx-6fcv" }, { "vulnerability": "VCID-pyfy-88dw-9ba8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/sudo@1.8.27-1%252Bdeb10u3" } ], "aliases": [ "CVE-2017-1000367" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zd6m-f7x1-kkaa" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59345?format=api", "vulnerability_id": "VCID-9a7y-2e2u-ebbf", "summary": "sudo is vulnerable to an escalation of privileges via a symlink\n attack.", "references": [ { "reference_url": "http://bugzilla.sudo.ws/show_bug.cgi?id=707", "reference_id": "", "reference_type": "", "scores": [], "url": "http://bugzilla.sudo.ws/show_bug.cgi?id=707" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171024.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171024.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171054.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171054.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5602.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5602.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5602", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05506", "scoring_system": "epss", "scoring_elements": "0.90286", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.05506", "scoring_system": "epss", "scoring_elements": "0.9019", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.05506", "scoring_system": "epss", "scoring_elements": "0.90193", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.05506", "scoring_system": "epss", "scoring_elements": "0.90205", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.05506", "scoring_system": "epss", "scoring_elements": "0.9021", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.05506", "scoring_system": "epss", "scoring_elements": "0.90226", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.05506", "scoring_system": "epss", "scoring_elements": "0.90232", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.05506", "scoring_system": "epss", "scoring_elements": "0.90241", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.05506", "scoring_system": "epss", "scoring_elements": "0.9024", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.05506", "scoring_system": "epss", "scoring_elements": "0.90234", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.05506", "scoring_system": "epss", "scoring_elements": "0.90252", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.05506", "scoring_system": "epss", "scoring_elements": "0.90248", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.05506", "scoring_system": "epss", "scoring_elements": "0.90262", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.05506", "scoring_system": "epss", "scoring_elements": "0.90261", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.05506", "scoring_system": "epss", "scoring_elements": "0.90258", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.05506", "scoring_system": "epss", "scoring_elements": "0.9027", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5602" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5602", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5602" }, { "reference_url": "https://www.exploit-db.com/exploits/37710/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.exploit-db.com/exploits/37710/" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3440", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2016/dsa-3440" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "reference_url": "http://www.securitytracker.com/id/1034392", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1034392" }, { "reference_url": "http://www.sudo.ws/stable.html#1.8.15", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.sudo.ws/stable.html#1.8.15" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1277426", "reference_id": "1277426", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1277426" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=804149", "reference_id": "804149", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=804149" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:sudo_project:sudo:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5602", "reference_id": "CVE-2015-5602", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:N/C:C/I:C/A:C" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5602" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/37710.txt", "reference_id": "CVE-2015-5602;OSVDB-125548", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/37710.txt" }, { "reference_url": "https://security.gentoo.org/glsa/201606-13", "reference_id": "GLSA-201606-13", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201606-13" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/572138?format=api", "purl": "pkg:deb/debian/sudo@1.8.5p2-1%2Bnmu3%2Bdeb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1cuy-x9m9-p3c4" }, { "vulnerability": "VCID-3hfe-p6e3-tbe9" }, { "vulnerability": "VCID-71wy-ujxu-bbfj" }, { "vulnerability": "VCID-7w9w-4whw-9bgk" }, { "vulnerability": "VCID-8r7f-bt93-qqcq" }, { "vulnerability": "VCID-9a7y-2e2u-ebbf" }, { "vulnerability": "VCID-9fh6-mr57-wba8" }, { "vulnerability": "VCID-9y5c-e765-tqgt" }, { "vulnerability": "VCID-enw3-mnnx-myd5" }, { "vulnerability": "VCID-esf1-4zw7-5fcy" }, { "vulnerability": "VCID-ethj-8jmj-5fdh" }, { "vulnerability": "VCID-j63t-xqk3-p3dk" }, { "vulnerability": "VCID-k42r-mk4h-mbbg" }, { "vulnerability": "VCID-kzje-6t7q-rudw" }, { "vulnerability": "VCID-ngg5-bqw7-bbc4" }, { "vulnerability": "VCID-p5yv-48ry-dfe7" }, { "vulnerability": "VCID-pj45-2vrx-6fcv" }, { "vulnerability": "VCID-pyfy-88dw-9ba8" }, { "vulnerability": "VCID-zd6m-f7x1-kkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/sudo@1.8.5p2-1%252Bnmu3%252Bdeb7u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1036716?format=api", "purl": "pkg:deb/debian/sudo@1.8.10p3-1%2Bdeb8u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1cuy-x9m9-p3c4" }, { "vulnerability": "VCID-3hfe-p6e3-tbe9" }, { "vulnerability": "VCID-71wy-ujxu-bbfj" }, { "vulnerability": "VCID-7w9w-4whw-9bgk" }, { "vulnerability": "VCID-8r7f-bt93-qqcq" }, { "vulnerability": "VCID-9a7y-2e2u-ebbf" }, { "vulnerability": "VCID-9fh6-mr57-wba8" }, { "vulnerability": "VCID-9y5c-e765-tqgt" }, { "vulnerability": "VCID-enw3-mnnx-myd5" }, { "vulnerability": "VCID-esf1-4zw7-5fcy" }, { "vulnerability": "VCID-ethj-8jmj-5fdh" }, { "vulnerability": "VCID-j63t-xqk3-p3dk" }, { "vulnerability": "VCID-k42r-mk4h-mbbg" }, { "vulnerability": "VCID-kzje-6t7q-rudw" }, { "vulnerability": "VCID-ngg5-bqw7-bbc4" }, { "vulnerability": "VCID-p5yv-48ry-dfe7" }, { "vulnerability": "VCID-pj45-2vrx-6fcv" }, { "vulnerability": "VCID-pyfy-88dw-9ba8" }, { "vulnerability": "VCID-zd6m-f7x1-kkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/sudo@1.8.10p3-1%252Bdeb8u5" }, { "url": "http://public2.vulnerablecode.io/api/packages/1036993?format=api", "purl": "pkg:deb/debian/sudo@1.8.19p1-2.1%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1cuy-x9m9-p3c4" }, { "vulnerability": "VCID-3hfe-p6e3-tbe9" }, { "vulnerability": "VCID-7w9w-4whw-9bgk" }, { "vulnerability": "VCID-9fh6-mr57-wba8" }, { "vulnerability": "VCID-9y5c-e765-tqgt" }, { "vulnerability": "VCID-enw3-mnnx-myd5" }, { "vulnerability": "VCID-esf1-4zw7-5fcy" }, { "vulnerability": "VCID-ethj-8jmj-5fdh" }, { "vulnerability": "VCID-k42r-mk4h-mbbg" }, { "vulnerability": "VCID-ngg5-bqw7-bbc4" }, { "vulnerability": "VCID-p5yv-48ry-dfe7" }, { "vulnerability": "VCID-pj45-2vrx-6fcv" }, { "vulnerability": "VCID-pyfy-88dw-9ba8" }, { "vulnerability": "VCID-zd6m-f7x1-kkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/sudo@1.8.19p1-2.1%252Bdeb9u2" } ], "aliases": [ "CVE-2015-5602" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9a7y-2e2u-ebbf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36531?format=api", "vulnerability_id": "VCID-zd6m-f7x1-kkaa", "summary": "A vulnerability in sudo allows local users to gain root privileges.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000367.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000367.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000367", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.19435", "scoring_system": "epss", "scoring_elements": "0.95348", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.19435", "scoring_system": "epss", "scoring_elements": "0.95383", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.19435", "scoring_system": "epss", "scoring_elements": "0.95385", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.19435", "scoring_system": "epss", "scoring_elements": "0.95393", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.19435", "scoring_system": "epss", "scoring_elements": "0.95397", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.19435", "scoring_system": "epss", "scoring_elements": "0.954", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.19435", "scoring_system": "epss", "scoring_elements": "0.95401", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.19435", "scoring_system": "epss", "scoring_elements": "0.95403", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.19435", "scoring_system": "epss", "scoring_elements": "0.95358", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.19435", "scoring_system": "epss", "scoring_elements": "0.95364", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.19435", "scoring_system": "epss", "scoring_elements": "0.95369", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.19435", "scoring_system": "epss", "scoring_elements": "0.95376", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.19435", "scoring_system": "epss", "scoring_elements": "0.95378", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.19918", "scoring_system": "epss", "scoring_elements": "0.95495", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.19918", "scoring_system": "epss", "scoring_elements": "0.95479", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.19918", "scoring_system": "epss", "scoring_elements": "0.95488", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000367" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000367", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000367" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:M/Au:N/C:C/I:C/A:C" }, { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1453074", "reference_id": "1453074", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1453074" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863731", "reference_id": "863731", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863731" }, { "reference_url": "https://security.archlinux.org/ASA-201705-25", "reference_id": "ASA-201705-25", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201705-25" }, { "reference_url": "https://security.archlinux.org/AVG-282", "reference_id": "AVG-282", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-282" }, { "reference_url": "http://seclists.org/oss-sec/2017/q2/470", "reference_id": "CVE-2017-1000367", "reference_type": "exploit", "scores": [], "url": "http://seclists.org/oss-sec/2017/q2/470" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/42183.c", "reference_id": "CVE-2017-1000367", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/42183.c" }, { "reference_url": "https://security.gentoo.org/glsa/201705-15", "reference_id": "GLSA-201705-15", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201705-15" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1381", "reference_id": "RHSA-2017:1381", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1381" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1382", "reference_id": "RHSA-2017:1382", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1382" }, { "reference_url": "https://usn.ubuntu.com/3304-1/", "reference_id": "USN-3304-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3304-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036716?format=api", "purl": "pkg:deb/debian/sudo@1.8.10p3-1%2Bdeb8u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1cuy-x9m9-p3c4" }, { "vulnerability": "VCID-3hfe-p6e3-tbe9" }, { "vulnerability": "VCID-71wy-ujxu-bbfj" }, { "vulnerability": "VCID-7w9w-4whw-9bgk" }, { "vulnerability": "VCID-8r7f-bt93-qqcq" }, { "vulnerability": "VCID-9a7y-2e2u-ebbf" }, { "vulnerability": "VCID-9fh6-mr57-wba8" }, { "vulnerability": "VCID-9y5c-e765-tqgt" }, { "vulnerability": "VCID-enw3-mnnx-myd5" }, { "vulnerability": "VCID-esf1-4zw7-5fcy" }, { "vulnerability": "VCID-ethj-8jmj-5fdh" }, { "vulnerability": "VCID-j63t-xqk3-p3dk" }, { "vulnerability": "VCID-k42r-mk4h-mbbg" }, { "vulnerability": "VCID-kzje-6t7q-rudw" }, { "vulnerability": "VCID-ngg5-bqw7-bbc4" }, { "vulnerability": "VCID-p5yv-48ry-dfe7" }, { "vulnerability": "VCID-pj45-2vrx-6fcv" }, { "vulnerability": "VCID-pyfy-88dw-9ba8" }, { "vulnerability": "VCID-zd6m-f7x1-kkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/sudo@1.8.10p3-1%252Bdeb8u5" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037908?format=api", "purl": "pkg:deb/debian/sudo@1.8.27-1%2Bdeb10u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1cuy-x9m9-p3c4" }, { "vulnerability": "VCID-3hfe-p6e3-tbe9" }, { "vulnerability": "VCID-7w9w-4whw-9bgk" }, { "vulnerability": "VCID-9fh6-mr57-wba8" }, { "vulnerability": "VCID-enw3-mnnx-myd5" }, { "vulnerability": "VCID-esf1-4zw7-5fcy" }, { "vulnerability": "VCID-ethj-8jmj-5fdh" }, { "vulnerability": "VCID-k42r-mk4h-mbbg" }, { "vulnerability": "VCID-ngg5-bqw7-bbc4" }, { "vulnerability": "VCID-p5yv-48ry-dfe7" }, { "vulnerability": "VCID-pj45-2vrx-6fcv" }, { "vulnerability": "VCID-pyfy-88dw-9ba8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/sudo@1.8.27-1%252Bdeb10u3" } ], "aliases": [ "CVE-2017-1000367" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zd6m-f7x1-kkaa" } ], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/sudo@1.8.10p3-1%252Bdeb8u5" }