{"url":"http://public2.vulnerablecode.io/api/packages/127693?format=json","purl":"pkg:rpm/redhat/sudo@1.7.2p1-8?arch=el5_5","type":"rpm","namespace":"redhat","name":"sudo","version":"1.7.2p1-8","qualifiers":{"arch":"el5_5"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56508?format=json","vulnerability_id":"VCID-fant-y91b-rubf","summary":"The secure path feature and group handling in sudo allow local attackers to\n    escalate privileges.","references":[{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047516.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047516.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2956.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2956.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-2956","reference_id":"","reference_type":"","scores":[{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.2317","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23217","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23396","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23436","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23221","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23294","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23344","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23365","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23327","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.2327","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23287","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23282","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23264","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23074","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23067","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.2306","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.22952","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23036","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23111","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23075","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23091","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-2956"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2956","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2956"},{"reference_url":"http://secunia.com/advisories/40508","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/40508"},{"reference_url":"http://secunia.com/advisories/41316","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/41316"},{"reference_url":"http://secunia.com/advisories/42787","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/42787"},{"reference_url":"http://security.gentoo.org/glsa/glsa-201009-03.xml","reference_id":"","reference_type":"","scores":[],"url":"http://security.gentoo.org/glsa/glsa-201009-03.xml"},{"reference_url":"http://wiki.rpath.com/Advisories:rPSA-2010-0075","reference_id":"","reference_type":"","scores":[],"url":"http://wiki.rpath.com/Advisories:rPSA-2010-0075"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2010:175","reference_id":"","reference_type":"","scores":[],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2010:175"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2010-0675.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.redhat.com/support/errata/RHSA-2010-0675.html"},{"reference_url":"http://www.securityfocus.com/archive/1/514489/100/0/threaded","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/archive/1/514489/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/archive/1/515545/100/0/threaded","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/archive/1/515545/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/bid/43019","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/43019"},{"reference_url":"http://www.securitytracker.com/id?1024392","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id?1024392"},{"reference_url":"http://www.sudo.ws/sudo/alerts/runas_group.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.sudo.ws/sudo/alerts/runas_group.html"},{"reference_url":"http://www.ubuntu.com/usn/USN-983-1","reference_id":"","reference_type":"","scores":[],"url":"http://www.ubuntu.com/usn/USN-983-1"},{"reference_url":"http://www.vmware.com/security/advisories/VMSA-2011-0001.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.vmware.com/security/advisories/VMSA-2011-0001.html"},{"reference_url":"http://www.vupen.com/english/advisories/2010/2312","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2010/2312"},{"reference_url":"http://www.vupen.com/english/advisories/2010/2318","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2010/2318"},{"reference_url":"http://www.vupen.com/english/advisories/2010/2320","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2010/2320"},{"reference_url":"http://www.vupen.com/english/advisories/2010/2358","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2010/2358"},{"reference_url":"http://www.vupen.com/english/advisories/2011/0025","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2011/0025"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=595935","reference_id":"595935","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=595935"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=628628","reference_id":"628628","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=628628"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:todd_miller:sudo:1.7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.7.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:todd_miller:sudo:1.7.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.7.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.7.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:todd_miller:sudo:1.7.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.7.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.7.2p1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:todd_miller:sudo:1.7.2p1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.7.2p1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.7.2p2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:todd_miller:sudo:1.7.2p2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.7.2p2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.7.2p3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:todd_miller:sudo:1.7.2p3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.7.2p3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.7.2p4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:todd_miller:sudo:1.7.2p4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.7.2p4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.7.2p5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:todd_miller:sudo:1.7.2p5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.7.2p5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.7.2p6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:todd_miller:sudo:1.7.2p6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.7.2p6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.7.2p7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:todd_miller:sudo:1.7.2p7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.7.2p7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.7.3b1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:todd_miller:sudo:1.7.3b1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.7.3b1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.7.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:todd_miller:sudo:1.7.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.7.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.7.4p1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:todd_miller:sudo:1.7.4p1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.7.4p1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.7.4p2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:todd_miller:sudo:1.7.4p2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.7.4p2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.7.4p3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:todd_miller:sudo:1.7.4p3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.7.4p3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2010-2956","reference_id":"CVE-2010-2956","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:N/C:C/I:C/A:C"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2010-2956"},{"reference_url":"https://security.gentoo.org/glsa/201009-03","reference_id":"GLSA-201009-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201009-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0675","reference_id":"RHSA-2010:0675","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0675"},{"reference_url":"https://usn.ubuntu.com/983-1/","reference_id":"USN-983-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/983-1/"}],"fixed_packages":[],"aliases":["CVE-2010-2956"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fant-y91b-rubf"}],"fixing_vulnerabilities":[],"risk_score":"2.8","resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/sudo@1.7.2p1-8%3Farch=el5_5"}