Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2011-2200

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-22 Jun, 2011 | 22:00
Updated At-06 Aug, 2024 | 22:53
Rejected At-
Credits

The _dbus_header_byteswap function in dbus-marshal-header.c in D-Bus (aka DBus) 1.2.x before 1.2.28, 1.4.x before 1.4.12, and 1.5.x before 1.5.4 does not properly handle a non-native byte order, which allows local users to cause a denial of service (connection loss), obtain potentially sensitive information, or conduct unspecified state-modification attacks via crafted messages.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:22 Jun, 2011 | 22:00
Updated At:06 Aug, 2024 | 22:53
Rejected At:
â–¼CVE Numbering Authority (CNA)

The _dbus_header_byteswap function in dbus-marshal-header.c in D-Bus (aka DBus) 1.2.x before 1.2.28, 1.4.x before 1.4.12, and 1.5.x before 1.5.4 does not properly handle a non-native byte order, which allows local users to cause a denial of service (connection loss), obtain potentially sensitive information, or conduct unspecified state-modification attacks via crafted messages.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://openwall.com/lists/oss-security/2011/06/13/12
mailing-list
x_refsource_MLIST
http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.2&id=6519a1f77c61d753d4c97efd6e15630eb275336e
x_refsource_CONFIRM
http://cgit.freedesktop.org/dbus/dbus/tree/NEWS?h=dbus-1.4
x_refsource_CONFIRM
http://lists.freedesktop.org/archives/dbus/2011-May/014408.html
mailing-list
x_refsource_MLIST
http://www.redhat.com/support/errata/RHSA-2011-1132.html
vendor-advisory
x_refsource_REDHAT
https://exchange.xforce.ibmcloud.com/vulnerabilities/67974
vdb-entry
x_refsource_XF
https://bugs.freedesktop.org/show_bug.cgi?id=38120
x_refsource_CONFIRM
http://cgit.freedesktop.org/dbus/dbus/tree/NEWS?h=dbus-1.2
x_refsource_CONFIRM
http://secunia.com/advisories/44896
third-party-advisory
x_refsource_SECUNIA
https://bugzilla.redhat.com/show_bug.cgi?id=712676
x_refsource_CONFIRM
http://openwall.com/lists/oss-security/2011/06/12/1
mailing-list
x_refsource_MLIST
http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.4&id=c3223ba6c401ba81df1305851312a47c485e6cd7
x_refsource_CONFIRM
http://openwall.com/lists/oss-security/2011/06/12/2
mailing-list
x_refsource_MLIST
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
x_refsource_CONFIRM
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629938
x_refsource_CONFIRM
http://lists.freedesktop.org/archives/dbus/2007-March/007357.html
mailing-list
x_refsource_MLIST
Hyperlink: http://openwall.com/lists/oss-security/2011/06/13/12
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.2&id=6519a1f77c61d753d4c97efd6e15630eb275336e
Resource:
x_refsource_CONFIRM
Hyperlink: http://cgit.freedesktop.org/dbus/dbus/tree/NEWS?h=dbus-1.4
Resource:
x_refsource_CONFIRM
Hyperlink: http://lists.freedesktop.org/archives/dbus/2011-May/014408.html
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://www.redhat.com/support/errata/RHSA-2011-1132.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/67974
Resource:
vdb-entry
x_refsource_XF
Hyperlink: https://bugs.freedesktop.org/show_bug.cgi?id=38120
Resource:
x_refsource_CONFIRM
Hyperlink: http://cgit.freedesktop.org/dbus/dbus/tree/NEWS?h=dbus-1.2
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/44896
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=712676
Resource:
x_refsource_CONFIRM
Hyperlink: http://openwall.com/lists/oss-security/2011/06/12/1
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.4&id=c3223ba6c401ba81df1305851312a47c485e6cd7
Resource:
x_refsource_CONFIRM
Hyperlink: http://openwall.com/lists/oss-security/2011/06/12/2
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
Resource:
x_refsource_CONFIRM
Hyperlink: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629938
Resource:
x_refsource_CONFIRM
Hyperlink: http://lists.freedesktop.org/archives/dbus/2007-March/007357.html
Resource:
mailing-list
x_refsource_MLIST
â–¼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://openwall.com/lists/oss-security/2011/06/13/12
mailing-list
x_refsource_MLIST
x_transferred
http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.2&id=6519a1f77c61d753d4c97efd6e15630eb275336e
x_refsource_CONFIRM
x_transferred
http://cgit.freedesktop.org/dbus/dbus/tree/NEWS?h=dbus-1.4
x_refsource_CONFIRM
x_transferred
http://lists.freedesktop.org/archives/dbus/2011-May/014408.html
mailing-list
x_refsource_MLIST
x_transferred
http://www.redhat.com/support/errata/RHSA-2011-1132.html
vendor-advisory
x_refsource_REDHAT
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/67974
vdb-entry
x_refsource_XF
x_transferred
https://bugs.freedesktop.org/show_bug.cgi?id=38120
x_refsource_CONFIRM
x_transferred
http://cgit.freedesktop.org/dbus/dbus/tree/NEWS?h=dbus-1.2
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/44896
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://bugzilla.redhat.com/show_bug.cgi?id=712676
x_refsource_CONFIRM
x_transferred
http://openwall.com/lists/oss-security/2011/06/12/1
mailing-list
x_refsource_MLIST
x_transferred
http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.4&id=c3223ba6c401ba81df1305851312a47c485e6cd7
x_refsource_CONFIRM
x_transferred
http://openwall.com/lists/oss-security/2011/06/12/2
mailing-list
x_refsource_MLIST
x_transferred
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
x_refsource_CONFIRM
x_transferred
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629938
x_refsource_CONFIRM
x_transferred
http://lists.freedesktop.org/archives/dbus/2007-March/007357.html
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://openwall.com/lists/oss-security/2011/06/13/12
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.2&id=6519a1f77c61d753d4c97efd6e15630eb275336e
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://cgit.freedesktop.org/dbus/dbus/tree/NEWS?h=dbus-1.4
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://lists.freedesktop.org/archives/dbus/2011-May/014408.html
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2011-1132.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/67974
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: https://bugs.freedesktop.org/show_bug.cgi?id=38120
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://cgit.freedesktop.org/dbus/dbus/tree/NEWS?h=dbus-1.2
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/44896
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=712676
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://openwall.com/lists/oss-security/2011/06/12/1
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.4&id=c3223ba6c401ba81df1305851312a47c485e6cd7
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://openwall.com/lists/oss-security/2011/06/12/2
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629938
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://lists.freedesktop.org/archives/dbus/2007-March/007357.html
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:22 Jun, 2011 | 22:55
Updated At:29 Apr, 2026 | 01:13

The _dbus_header_byteswap function in dbus-marshal-header.c in D-Bus (aka DBus) 1.2.x before 1.2.28, 1.4.x before 1.4.12, and 1.5.x before 1.5.4 does not properly handle a non-native byte order, which allows local users to cause a denial of service (connection loss), obtain potentially sensitive information, or conduct unspecified state-modification attacks via crafted messages.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.04.6MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 4.6
Base severity: MEDIUM
Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P
CPE Matches

freedesktop.org
freedesktop
>>dbus>>1.5.0
cpe:2.3:a:freedesktop:dbus:1.5.0:*:*:*:*:*:*:*
freedesktop.org
freedesktop
>>dbus>>1.5.2
cpe:2.3:a:freedesktop:dbus:1.5.2:*:*:*:*:*:*:*
freedesktop.org
freedesktop
>>dbus>>1.4.0
cpe:2.3:a:freedesktop:dbus:1.4.0:*:*:*:*:*:*:*
freedesktop.org
freedesktop
>>dbus>>1.4.1
cpe:2.3:a:freedesktop:dbus:1.4.1:*:*:*:*:*:*:*
freedesktop.org
freedesktop
>>dbus>>1.4.4
cpe:2.3:a:freedesktop:dbus:1.4.4:*:*:*:*:*:*:*
freedesktop.org
freedesktop
>>dbus>>1.4.6
cpe:2.3:a:freedesktop:dbus:1.4.6:*:*:*:*:*:*:*
freedesktop.org
freedesktop
>>dbus>>1.4.8
cpe:2.3:a:freedesktop:dbus:1.4.8:*:*:*:*:*:*:*
freedesktop.org
freedesktop
>>dbus>>1.4.10
cpe:2.3:a:freedesktop:dbus:1.4.10:*:*:*:*:*:*:*
d-bus_project
d-bus_project
>>d-bus>>1.2.4.2
cpe:2.3:a:d-bus_project:d-bus:1.2.4.2:*:*:*:*:*:*:permissive
d-bus_project
d-bus_project
>>d-bus>>1.2.4.4
cpe:2.3:a:d-bus_project:d-bus:1.2.4.4:*:*:*:*:*:*:permissive
d-bus_project
d-bus_project
>>d-bus>>1.2.4.6
cpe:2.3:a:d-bus_project:d-bus:1.2.4.6:*:*:*:*:*:*:permissive
freedesktop.org
freedesktop
>>dbus>>1.2.1
cpe:2.3:a:freedesktop:dbus:1.2.1:*:*:*:*:*:*:*
freedesktop.org
freedesktop
>>dbus>>1.2.2
cpe:2.3:a:freedesktop:dbus:1.2.2:*:*:*:*:*:*:*
freedesktop.org
freedesktop
>>dbus>>1.2.3
cpe:2.3:a:freedesktop:dbus:1.2.3:*:*:*:*:*:*:*
freedesktop.org
freedesktop
>>dbus>>1.2.4
cpe:2.3:a:freedesktop:dbus:1.2.4:*:*:*:*:*:*:*
freedesktop.org
freedesktop
>>dbus>>1.2.6
cpe:2.3:a:freedesktop:dbus:1.2.6:*:*:*:*:*:*:*
freedesktop.org
freedesktop
>>dbus>>1.2.8
cpe:2.3:a:freedesktop:dbus:1.2.8:*:*:*:*:*:*:*
freedesktop.org
freedesktop
>>dbus>>1.2.10
cpe:2.3:a:freedesktop:dbus:1.2.10:*:*:*:*:*:*:*
freedesktop.org
freedesktop
>>dbus>>1.2.12
cpe:2.3:a:freedesktop:dbus:1.2.12:*:*:*:*:*:*:*
freedesktop.org
freedesktop
>>dbus>>1.2.14
cpe:2.3:a:freedesktop:dbus:1.2.14:*:*:*:*:*:*:*
freedesktop.org
freedesktop
>>dbus>>1.2.16
cpe:2.3:a:freedesktop:dbus:1.2.16:*:*:*:*:*:*:*
freedesktop.org
freedesktop
>>dbus>>1.2.18
cpe:2.3:a:freedesktop:dbus:1.2.18:*:*:*:*:*:*:*
freedesktop.org
freedesktop
>>dbus>>1.2.20
cpe:2.3:a:freedesktop:dbus:1.2.20:*:*:*:*:*:*:*
freedesktop.org
freedesktop
>>dbus>>1.2.22
cpe:2.3:a:freedesktop:dbus:1.2.22:*:*:*:*:*:*:*
freedesktop.org
freedesktop
>>dbus>>1.2.24
cpe:2.3:a:freedesktop:dbus:1.2.24:*:*:*:*:*:*:*
freedesktop.org
freedesktop
>>dbus>>1.2.26
cpe:2.3:a:freedesktop:dbus:1.2.26:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-20Primarynvd@nist.gov
CWE ID: CWE-20
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629938secalert@redhat.com
N/A
http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.2&id=6519a1f77c61d753d4c97efd6e15630eb275336esecalert@redhat.com
Patch
http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.4&id=c3223ba6c401ba81df1305851312a47c485e6cd7secalert@redhat.com
Patch
http://cgit.freedesktop.org/dbus/dbus/tree/NEWS?h=dbus-1.2secalert@redhat.com
Patch
http://cgit.freedesktop.org/dbus/dbus/tree/NEWS?h=dbus-1.4secalert@redhat.com
N/A
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705secalert@redhat.com
N/A
http://lists.freedesktop.org/archives/dbus/2007-March/007357.htmlsecalert@redhat.com
N/A
http://lists.freedesktop.org/archives/dbus/2011-May/014408.htmlsecalert@redhat.com
N/A
http://openwall.com/lists/oss-security/2011/06/12/1secalert@redhat.com
Patch
http://openwall.com/lists/oss-security/2011/06/12/2secalert@redhat.com
N/A
http://openwall.com/lists/oss-security/2011/06/13/12secalert@redhat.com
Patch
http://secunia.com/advisories/44896secalert@redhat.com
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2011-1132.htmlsecalert@redhat.com
N/A
https://bugs.freedesktop.org/show_bug.cgi?id=38120secalert@redhat.com
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=712676secalert@redhat.com
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/67974secalert@redhat.com
N/A
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629938af854a3a-2127-422b-91ae-364da2661108
N/A
http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.2&id=6519a1f77c61d753d4c97efd6e15630eb275336eaf854a3a-2127-422b-91ae-364da2661108
Patch
http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.4&id=c3223ba6c401ba81df1305851312a47c485e6cd7af854a3a-2127-422b-91ae-364da2661108
Patch
http://cgit.freedesktop.org/dbus/dbus/tree/NEWS?h=dbus-1.2af854a3a-2127-422b-91ae-364da2661108
Patch
http://cgit.freedesktop.org/dbus/dbus/tree/NEWS?h=dbus-1.4af854a3a-2127-422b-91ae-364da2661108
N/A
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705af854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.freedesktop.org/archives/dbus/2007-March/007357.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.freedesktop.org/archives/dbus/2011-May/014408.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://openwall.com/lists/oss-security/2011/06/12/1af854a3a-2127-422b-91ae-364da2661108
Patch
http://openwall.com/lists/oss-security/2011/06/12/2af854a3a-2127-422b-91ae-364da2661108
N/A
http://openwall.com/lists/oss-security/2011/06/13/12af854a3a-2127-422b-91ae-364da2661108
Patch
http://secunia.com/advisories/44896af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2011-1132.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
https://bugs.freedesktop.org/show_bug.cgi?id=38120af854a3a-2127-422b-91ae-364da2661108
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=712676af854a3a-2127-422b-91ae-364da2661108
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/67974af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629938
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.2&id=6519a1f77c61d753d4c97efd6e15630eb275336e
Source: secalert@redhat.com
Resource:
Patch
Hyperlink: http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.4&id=c3223ba6c401ba81df1305851312a47c485e6cd7
Source: secalert@redhat.com
Resource:
Patch
Hyperlink: http://cgit.freedesktop.org/dbus/dbus/tree/NEWS?h=dbus-1.2
Source: secalert@redhat.com
Resource:
Patch
Hyperlink: http://cgit.freedesktop.org/dbus/dbus/tree/NEWS?h=dbus-1.4
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.freedesktop.org/archives/dbus/2007-March/007357.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.freedesktop.org/archives/dbus/2011-May/014408.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://openwall.com/lists/oss-security/2011/06/12/1
Source: secalert@redhat.com
Resource:
Patch
Hyperlink: http://openwall.com/lists/oss-security/2011/06/12/2
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://openwall.com/lists/oss-security/2011/06/13/12
Source: secalert@redhat.com
Resource:
Patch
Hyperlink: http://secunia.com/advisories/44896
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://www.redhat.com/support/errata/RHSA-2011-1132.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://bugs.freedesktop.org/show_bug.cgi?id=38120
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=712676
Source: secalert@redhat.com
Resource:
Patch
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/67974
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629938
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.2&id=6519a1f77c61d753d4c97efd6e15630eb275336e
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.4&id=c3223ba6c401ba81df1305851312a47c485e6cd7
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://cgit.freedesktop.org/dbus/dbus/tree/NEWS?h=dbus-1.2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://cgit.freedesktop.org/dbus/dbus/tree/NEWS?h=dbus-1.4
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.freedesktop.org/archives/dbus/2007-March/007357.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.freedesktop.org/archives/dbus/2011-May/014408.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://openwall.com/lists/oss-security/2011/06/12/1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://openwall.com/lists/oss-security/2011/06/12/2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://openwall.com/lists/oss-security/2011/06/13/12
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://secunia.com/advisories/44896
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.redhat.com/support/errata/RHSA-2011-1132.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://bugs.freedesktop.org/show_bug.cgi?id=38120
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=712676
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/67974
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

252Records found

CVE-2008-4311
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4.6||MEDIUM
EPSS-0.41% / 32.80%
||
7 Day CHG~0.00%
Published-10 Dec, 2008 | 00:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The default configuration of system.conf in D-Bus (aka DBus) before 1.2.6 omits the send_type attribute in certain rules, which allows local users to bypass intended access restrictions by (1) sending messages, related to send_requested_reply; and possibly (2) receiving messages, related to receive_requested_reply.

Action-Not Available
Vendor-n/afreedesktop.org
Product-dbusn/a
CVE-2018-17336
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.62% / 45.45%
||
7 Day CHG~0.00%
Published-22 Sep, 2018 | 16:00
Updated-05 Aug, 2024 | 10:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

UDisks 2.8.0 has a format string vulnerability in udisks_log in udiskslogging.c, allowing attackers to obtain sensitive information (stack contents), cause a denial of service (memory corruption), or possibly have unspecified other impact via a malformed filesystem label, as demonstrated by %d or %n substrings.

Action-Not Available
Vendor-n/afreedesktop.orgCanonical Ltd.
Product-udisksubuntu_linuxn/a
CWE ID-CWE-134
Use of Externally-Controlled Format String
CVE-2017-15131
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.32% / 23.95%
||
7 Day CHG~0.00%
Published-09 Jan, 2018 | 21:00
Updated-05 Aug, 2024 | 19:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

It was found that system umask policy is not being honored when creating XDG user directories, since Xsession sources xdg-user-dirs.sh before setting umask policy. This only affects xdg-user-dirs before 0.15.5 as shipped with Red Hat Enterprise Linux.

Action-Not Available
Vendor-freedesktop.orgRed Hat, Inc.
Product-xdg-user-dirsenterprise_linuxRHEL shipped xdg-user-dirs and gnome-session
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2008-1658
Matching Score-8
Assigner-Canonical Ltd.
ShareView Details
Matching Score-8
Assigner-Canonical Ltd.
CVSS Score-4.6||MEDIUM
EPSS-0.68% / 47.78%
||
7 Day CHG~0.00%
Published-11 Apr, 2008 | 10:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Format string vulnerability in the grant helper (polkit-grant-helper.c) in PolicyKit 0.7 and earlier allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via format strings in a password.

Action-Not Available
Vendor-n/afreedesktop.org
Product-policykitn/a
CWE ID-CWE-134
Use of Externally-Controlled Format String
CVE-2008-0595
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4.6||MEDIUM
EPSS-0.41% / 32.68%
||
7 Day CHG~0.00%
Published-29 Feb, 2008 | 19:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL interface.

Action-Not Available
Vendor-n/aMandriva (Mandrakesoft)freedesktop.orgRed Hat, Inc.Fedora Project
Product-dbusfedoramandrake_linuxenterprise_linuxn/a
CWE ID-CWE-863
Incorrect Authorization
CVE-2011-4349
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4.6||MEDIUM
EPSS-0.47% / 37.58%
||
7 Day CHG~0.00%
Published-10 Dec, 2011 | 17:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple SQL injection vulnerabilities in (1) cd-mapping-db.c and (2) cd-device-db.c in colord before 0.1.15 allow local users to execute arbitrary SQL commands via vectors related to color devices and (a) device id, (b) property, or (c) profile id.

Action-Not Available
Vendor-n/afreedesktop.org
Product-colordn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2013-4474
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-10.48% / 95.20%
||
7 Day CHG~0.00%
Published-23 Nov, 2013 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Format string vulnerability in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.3 allows remote attackers to cause a denial of service (crash) via format string specifiers in a destination filename.

Action-Not Available
Vendor-n/afreedesktop.orgCanonical Ltd.
Product-ubuntu_linuxpopplern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-2168
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-1.9||LOW
EPSS-0.38% / 30.29%
||
7 Day CHG~0.00%
Published-03 Jul, 2013 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The _dbus_printf_string_upper_bound function in dbus/dbus-sysdeps-unix.c in D-Bus (aka DBus) 1.4.x before 1.4.26, 1.6.x before 1.6.12, and 1.7.x before 1.7.4 allows local users to cause a denial of service (service crash) via a crafted message.

Action-Not Available
Vendor-n/afreedesktop.orgopenSUSE
Product-dbusopensusen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-0292
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.2||HIGH
EPSS-1.09% / 61.31%
||
7 Day CHG~0.00%
Published-04 Mar, 2013 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The dbus_g_proxy_manager_filter function in dbus-gproxy in Dbus-glib before 0.100.1 does not properly verify the sender of NameOwnerChanged signals, which allows local users to gain privileges via a spoofed signal.

Action-Not Available
Vendor-n/afreedesktop.org
Product-dbus-glibn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2022-42012
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.31% / 67.16%
||
7 Day CHG~0.00%
Published-09 Oct, 2022 | 00:00
Updated-09 Jun, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format.

Action-Not Available
Vendor-n/aFedora Projectfreedesktop.org
Product-fedoradbusn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2024-6239
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.78% / 51.58%
||
7 Day CHG~0.00%
Published-21 Jun, 2024 | 13:28
Updated-20 Nov, 2025 | 19:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Poppler: pdfinfo: crash in broken documents when using -dests parameter

A flaw was found in the Poppler's Pdfinfo utility. This issue occurs when using -dests parameter with pdfinfo utility. By using certain malformed input files, an attacker could cause the utility to crash, leading to a denial of service.

Action-Not Available
Vendor-Red Hat, Inc.freedesktop.org
Product-enterprise_linuxpopplerRed Hat Enterprise Linux 10Red Hat Enterprise Linux 9Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8
CWE ID-CWE-20
Improper Input Validation
CVE-2010-5110
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-2.98% / 85.62%
||
7 Day CHG~0.00%
Published-29 Aug, 2014 | 17:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

DCTStream.cc in Poppler before 0.13.3 allows remote attackers to cause a denial of service (crash) via a crafted PDF file.

Action-Not Available
Vendor-n/afreedesktop.org
Product-popplern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-20662
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-2.24% / 80.72%
||
7 Day CHG~0.00%
Published-03 Jan, 2019 | 13:00
Updated-05 Aug, 2024 | 12:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing.

Action-Not Available
Vendor-n/aFedora Projectfreedesktop.orgDebian GNU/LinuxRed Hat, Inc.Canonical Ltd.
Product-enterprise_linux_serverubuntu_linuxdebian_linuxenterprise_linux_server_ausenterprise_linux_workstationenterprise_linuxfedoraenterprise_linux_eusenterprise_linux_server_tusenterprise_linux_desktoppopplern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-20551
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.95% / 77.79%
||
7 Day CHG~0.00%
Published-28 Dec, 2018 | 04:00
Updated-05 Aug, 2024 | 12:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A reachable Object::getString assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to construction of invalid rich media annotation assets in the AnnotRichMedia class in Annot.c.

Action-Not Available
Vendor-n/afreedesktop.orgCanonical Ltd.
Product-ubuntu_linuxpopplern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-20650
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-2.68% / 83.99%
||
7 Day CHG~0.00%
Published-01 Jan, 2019 | 16:00
Updated-05 Aug, 2024 | 12:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach.

Action-Not Available
Vendor-n/aDebian GNU/LinuxRed Hat, Inc.Canonical Ltd.freedesktop.org
Product-enterprise_linux_serverubuntu_linuxdebian_linuxenterprise_linux_server_ausenterprise_linux_workstationenterprise_linuxenterprise_linux_eusenterprise_linux_server_tusenterprise_linux_desktoppopplern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-14617
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.94% / 56.72%
||
7 Day CHG~0.00%
Published-20 Sep, 2017 | 21:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Poppler 0.59.0, a floating point exception occurs in the ImageStream class in Stream.cc, which may lead to a potential attack when handling malicious PDF files.

Action-Not Available
Vendor-n/afreedesktop.org
Product-popplern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-14520
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.21% / 64.78%
||
7 Day CHG~0.00%
Published-17 Sep, 2017 | 23:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Poppler 0.59.0, a floating point exception occurs in Splash::scaleImageYuXd() in Splash.cc, which may lead to a potential attack when handling malicious PDF files.

Action-Not Available
Vendor-n/afreedesktop.org
Product-popplern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-14518
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.21% / 64.77%
||
7 Day CHG~0.00%
Published-17 Sep, 2017 | 23:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Poppler 0.59.0, a floating point exception exists in the isImageInterpolationRequired() function in Splash.cc via a crafted PDF document.

Action-Not Available
Vendor-n/afreedesktop.org
Product-popplern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-3533
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.42% / 33.59%
||
7 Day CHG~0.00%
Published-19 Jul, 2014 | 19:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service (disconnect) via a certain sequence of crafted messages that cause the dbus-daemon to forward a message containing an invalid file descriptor.

Action-Not Available
Vendor-mageia_projectn/afreedesktop.orgopenSUSEDebian GNU/Linux
Product-dbusdebian_linuxmageiaopensusen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-3532
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.45% / 35.74%
||
7 Day CHG~0.00%
Published-19 Jul, 2014 | 19:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux 2.6.37-rc4 or later, allows local users to cause a denial of service (system-bus disconnect of other services or applications) by sending a message containing a file descriptor, then exceeding the maximum recursion depth before the initial message is forwarded.

Action-Not Available
Vendor-mageian/aopenSUSEOracle CorporationLinux Kernel Organization, Incfreedesktop.orgDebian GNU/Linux
Product-debian_linuxdbusmageiasolarislinux_kernelopensusen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2009-1189
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-3.6||LOW
EPSS-1.33% / 67.65%
||
7 Day CHG~0.00%
Published-27 Apr, 2009 | 17:43
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The _dbus_validate_signature_with_reason function (dbus-marshal-validate.c) in D-Bus (aka DBus) before 1.2.14 uses incorrect logic to validate a basic type, which allows remote attackers to spoof a signature via a crafted key. NOTE: this is due to an incorrect fix for CVE-2008-3834.

Action-Not Available
Vendor-n/afreedesktop.org
Product-dbusn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-3834
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-4.62% / 90.57%
||
7 Day CHG~0.00%
Published-07 Oct, 2008 | 19:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The dbus_signature_validate function in the D-bus library (libdbus) before 1.2.4 allows remote attackers to cause a denial of service (application abort) via a message containing a malformed signature, which triggers a failed assertion error.

Action-Not Available
Vendor-n/afreedesktop.org
Product-dbusdbus1.0dbus1.1.0n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-1000
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.4||MEDIUM
EPSS-2.90% / 85.25%
||
7 Day CHG~0.00%
Published-18 Feb, 2011 | 23:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

jingle-factory.c in Telepathy Gabble 0.11 before 0.11.7, 0.10 before 0.10.5, and 0.8 before 0.8.15 allows remote attackers to sniff audio and video calls via a crafted google:jingleinfo stanza that specifies an alternate server for streamed media.

Action-Not Available
Vendor-n/afreedesktop.org
Product-telepathy_gabblen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2020-16127
Matching Score-6
Assigner-Canonical Ltd.
ShareView Details
Matching Score-6
Assigner-Canonical Ltd.
CVSS Score-2.8||LOW
EPSS-0.41% / 32.77%
||
7 Day CHG~0.00%
Published-11 Nov, 2020 | 04:10
Updated-16 Sep, 2024 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
accountsservice .pam_environment infinite loop

An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, would perform unbounded read operations on user-controlled ~/.pam_environment files, allowing an infinite loop if /dev/zero is symlinked to this location.

Action-Not Available
Vendor-freedesktop.org
Product-accountsserviceaccountsservice
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2014-1928
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.60% / 44.60%
||
7 Day CHG~0.00%
Published-25 Oct, 2014 | 21:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The shell_quote function in python-gnupg 0.3.5 does not properly escape characters, which allows context-dependent attackers to execute arbitrary code via shell metacharacters in unspecified vectors, as demonstrated using "\" (backslash) characters to form multi-command sequences, a different vulnerability than CVE-2014-1927. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7323.

Action-Not Available
Vendor-python-gnupg_projectn/a
Product-python-gnupgn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2019-17347
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.35% / 27.25%
||
7 Day CHG~0.00%
Published-08 Oct, 2019 | 00:02
Updated-05 Aug, 2024 | 01:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because a guest can manipulate its virtualised %cr4 in a way that is incompatible with Linux (and possibly other guest kernels).

Action-Not Available
Vendor-n/aDebian GNU/LinuxXen Project
Product-xendebian_linuxn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-3951
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.46% / 36.36%
||
7 Day CHG~0.00%
Published-05 Jun, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

sys/openbsd/stack_protector.c in libc in Apple iOS 6.1.3 and Mac OS X 10.8.x does not properly parse the Apple strings employed in the user-space stack-cookie implementation, which allows local users to bypass cookie randomization by executing a program with a call-path beginning with the stack-guard= substring, as demonstrated by an iOS untethering attack or an attack against a setuid Mac OS X program.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osmac_os_xwatchosn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2012-3409
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.41% / 32.79%
||
7 Day CHG~0.00%
Published-20 Dec, 2019 | 13:33
Updated-06 Aug, 2024 | 20:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ecryptfs-utils: suid helper does not restrict mounting filesystems with nosuid,nodev which creates a possible privilege escalation

Action-Not Available
Vendor-ecryptfsecryptfs-utilsDebian GNU/Linux
Product-ecryptfs-utilsdebian_linuxecryptfs-utils
CWE ID-CWE-20
Improper Input Validation
CVE-2020-13465
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.54% / 41.35%
||
7 Day CHG~0.00%
Published-31 Aug, 2020 | 15:23
Updated-04 Aug, 2024 | 12:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The security protection in Gigadevice GD32F103 devices allows physical attackers to redirect the control flow and execute arbitrary code via the debug interface.

Action-Not Available
Vendor-gigadevicen/a
Product-gd32f103_firmwaregd32f103n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-18155
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.23% / 13.22%
||
7 Day CHG~0.00%
Published-12 Jul, 2018 | 14:00
Updated-16 Sep, 2024 | 23:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

While playing HEVC content using HD DMB in Snapdragon Automobile and Snapdragon Mobile in version MSM8996AU, SD 450, SD 625, SD 820, SD 820A, SD 835, an uninitialized variable can be used leading to a kernel fault.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_625sd_820_firmwaresd_835_firmwaremsm8996ausd_820sd_625_firmwaresd_450sd_820amsm8996au_firmwaresd_835sd_450_firmwaresd_820a_firmwareSnapdragon Automobile, Snapdragon Mobile
CWE ID-CWE-20
Improper Input Validation
CVE-2020-12122
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.47% / 37.07%
||
7 Day CHG~0.00%
Published-05 Feb, 2021 | 19:02
Updated-04 Aug, 2024 | 11:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Max Secure Max Spyware Detector 1.0.0.044, the driver file (MaxProc64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x2200019. (This also extends to the various other products from Max Secure that include MaxProc64.sys.)

Action-Not Available
Vendor-maxpcsecuren/a
Product-max_spyware_detectorn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2019-1656
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.39% / 30.66%
||
7 Day CHG~0.00%
Published-24 Jan, 2019 | 16:00
Updated-21 Nov, 2024 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Enterprise NFV Infrastructure Software Linux Shell Access Vulnerability

A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to access the shell of the underlying Linux operating system on the affected device. The vulnerability is due to improper input validation in the affected software. An attacker could exploit this vulnerability by sending crafted commands to the affected device. An exploit could allow the attacker to gain shell access with a nonroot user account to the underlying Linux operating system on the affected device and potentially access system configuration files with sensitive information. This vulnerability only affects console connections from CIMC. It does not apply to remote connections, such as telnet or SSH.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-enterprise_nfv_infrastructure_softwareCisco Enterprise NFV Infrastructure Software
CWE ID-CWE-20
Improper Input Validation
CVE-2019-1726
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.42% / 34.03%
||
7 Day CHG~0.00%
Published-15 May, 2019 | 16:40
Updated-21 Nov, 2024 | 19:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS Software CLI Bypass to Internal Service Vulnerability

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to access internal services that should be restricted on an affected device, such as the NX-API. The vulnerability is due to insufficient validation of arguments passed to a certain CLI command. An attacker could exploit this vulnerability by including malicious input as the argument to the affected command. A successful exploit could allow the attacker to bypass intended restrictions and access internal services of the device. An attacker would need valid device credentials to exploit this vulnerability.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_3500nexus_3100vmds_9500mds_9000nexus_9200nexus_5600nx-osnexus_3200mds_9700ucs_6296upnexus_6000ucs_6248upnexus_5500nexus_3400nexus_3100nexus_9000mds_9100nexus_9500nexus_3548-xnexus_3100-znexus_7000nexus_3524-xlnexus_9300nexus_3548-xlnexus_3000nexus_3600mds_9200nexus_7700nexus_3524-xCisco NX-OS Software
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-10028
Matching Score-4
Assigner-Zephyr Project
ShareView Details
Matching Score-4
Assigner-Zephyr Project
CVSS Score-7.8||HIGH
EPSS-0.40% / 31.59%
||
7 Day CHG~0.00%
Published-11 May, 2020 | 22:26
Updated-16 Sep, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Syscalls In GPIO Subsystem Performs No Argument Validation

Multiple syscalls with insufficient argument validation See NCC-ZEP-006 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions.

Action-Not Available
Vendor-Zephyr Project
Product-zephyrzephyr
CWE ID-CWE-20
Improper Input Validation
CVE-2020-0572
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.34% / 26.14%
||
7 Day CHG~0.00%
Published-12 Nov, 2020 | 18:56
Updated-04 Aug, 2024 | 06:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in the firmware for Intel(R) Server Board S2600ST and S2600WF families may allow a privileged user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-server_board_s2600stqrserver_board_s2600wf0rserver_board_s2600wf_firmwareserver_board_s2600stbrserver_board_s2600st_firmwareserver_board_s2600wfqrserver_board_s2600wftrIntel(R) Server Board S2600ST and S2600WF families
CWE ID-CWE-20
Improper Input Validation
CVE-2022-33704
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-8.5||HIGH
EPSS-0.10% / 1.13%
||
7 Day CHG~0.00%
Published-11 Jul, 2022 | 13:36
Updated-03 Aug, 2024 | 08:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper validation vulnerability in ucmRetParcelable of KnoxSDK prior to SMR Jul-2022 Release 1 allows attackers to launch certain activities.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CVE-2022-33703
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-8.5||HIGH
EPSS-0.08% / 0.25%
||
7 Day CHG~0.00%
Published-11 Jul, 2022 | 13:36
Updated-03 Aug, 2024 | 08:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper validation vulnerability in CACertificateInfo prior to SMR Jul-2022 Release 1 allows attackers to launch certain activities.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CVE-2019-15959
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.6||MEDIUM
EPSS-0.36% / 28.35%
||
7 Day CHG~0.00%
Published-23 Sep, 2020 | 00:27
Updated-13 Nov, 2024 | 18:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business SPA500 Series IP Phones Local Script Execution Vulnerability

A vulnerability in Cisco Small Business SPA500 Series IP Phones could allow a physically proximate attacker to execute arbitrary commands on the device. The vulnerability is due to the presence of development testing and verification scripts that remained on the device. An attacker could exploit this vulnerability by accessing the physical interface of a device and inserting a USB storage device. A successful exploit could allow the attacker to execute scripts on the device in an elevated security context.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-spa500sspa500dsspa512gspa525gspa525g2spa500_series_ip_phones_firmwarespa501gspa514gspa502gspa504gCisco SPA525G2 5-line IP Phone
CWE ID-CWE-20
Improper Input Validation
CVE-2022-31762
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.8||HIGH
EPSS-0.18% / 7.47%
||
7 Day CHG~0.00%
Published-13 Jun, 2022 | 14:56
Updated-03 Aug, 2024 | 07:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The AMS module has a vulnerability in input validation. Successful exploitation of this vulnerability may cause privilege escalation.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-magic_uiemuiharmonyosMagic UIHarmonyOSEMUI
CWE ID-CWE-20
Improper Input Validation
CVE-2022-30726
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-6.2||MEDIUM
EPSS-0.10% / 0.79%
||
7 Day CHG~0.00%
Published-07 Jun, 2022 | 18:03
Updated-03 Aug, 2024 | 06:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unprotected component vulnerability in DeviceSearchTrampoline in SecSettingsIntelligence prior to SMR Jun-2022 Release 1 allows local attackers to launch activities of SecSettingsIntelligence.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CVE-2022-30786
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.43% / 34.66%
||
7 Day CHG~0.00%
Published-26 May, 2022 | 00:00
Updated-02 Dec, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A crafted NTFS image can cause a heap-based buffer overflow in ntfs_names_full_collate in NTFS-3G through 2021.8.22.

Action-Not Available
Vendor-tuxeran/aFedora ProjectDebian GNU/Linux
Product-debian_linuxntfs-3gfedoran/a
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-30789
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.43% / 34.66%
||
7 Day CHG~0.00%
Published-26 May, 2022 | 00:00
Updated-02 Dec, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A crafted NTFS image can cause a heap-based buffer overflow in ntfs_check_log_client_array in NTFS-3G through 2021.8.22.

Action-Not Available
Vendor-tuxeran/aFedora ProjectDebian GNU/Linux
Product-debian_linuxntfs-3gfedoran/a
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-30784
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.40% / 31.86%
||
7 Day CHG~0.00%
Published-26 May, 2022 | 00:00
Updated-02 Dec, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_value in NTFS-3G through 2021.8.22.

Action-Not Available
Vendor-tuxeran/aFedora ProjectDebian GNU/Linux
Product-debian_linuxntfs-3gfedoran/a
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-30788
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.43% / 34.66%
||
7 Day CHG~0.00%
Published-26 May, 2022 | 00:00
Updated-02 Dec, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A crafted NTFS image can cause a heap-based buffer overflow in ntfs_mft_rec_alloc in NTFS-3G through 2021.8.22.

Action-Not Available
Vendor-tuxeran/aFedora ProjectDebian GNU/Linux
Product-debian_linuxntfs-3gfedoran/a
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-28193
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-5.6||MEDIUM
EPSS-0.26% / 16.79%
||
7 Day CHG~0.00%
Published-27 Apr, 2022 | 17:57
Updated-03 Aug, 2024 | 05:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot module tegrabl_cbo.c, where insufficient validation of untrusted data may allow a local attacker with elevated privileges to cause a memory buffer overflow, which may lead to code execution, loss of integrity, limited denial of service, and some impact to confidentiality.

Action-Not Available
Vendor-NVIDIA Corporation
Product-jetson_agx_xavierjetson_linuxjetson_xavier_nxJetson AGX Xavier series, Jetson Xavier NX
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-27833
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-4.4||MEDIUM
EPSS-0.10% / 1.25%
||
7 Day CHG~0.00%
Published-11 Apr, 2022 | 19:37
Updated-03 Aug, 2024 | 05:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in DSP driver prior to SMR Apr-2022 Release 1 allows out-of-bounds write by integer overflow.

Action-Not Available
Vendor-Google LLCSamsungSamsung Electronics
Product-androidexynos_9830exynos_980exynos_2100Samsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2022-28195
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-5.7||MEDIUM
EPSS-0.23% / 13.93%
||
7 Day CHG~0.00%
Published-27 Apr, 2022 | 17:57
Updated-03 Aug, 2024 | 05:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot ext4_read_file function, where insufficient validation of untrusted data may allow a highly privileged local attacker to cause a integer overflow, which may lead to code execution, escalation of privileges, limited denial of service, and some impact to confidentiality and integrity. The scope of impact can extend to other components.

Action-Not Available
Vendor-NVIDIA Corporation
Product-jetson_agx_xavierjetson_linuxjetson_xavier_nxJetson AGX Xavier series, Jetson Xavier NX
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2022-24382
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.23% / 13.47%
||
7 Day CHG~0.00%
Published-12 May, 2022 | 16:35
Updated-05 May, 2025 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in firmware for some Intel(R) NUCs may allow a privileged user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-nuc_11_pro_kit_nuc11tnhi30l_firmwarenuc11dbbi7_firmwarenuc_9_pro_compute_element_nuc9vxqnb_firmwarenuc_11_pro_kit_nuc11tnki7nuc11pa_firmwarenuc8i3cysnnuc_9_pro_kit_nuc9vxqnx_firmwarenuc_11_compute_element_cm11ebi58w_firmwarenuc_11_pro_board_nuc11tnbi50znuc_11_pro_kit_nuc11tnki30z_firmwarenuc_8_compute_element_cm8pcbnuc_8_compute_element_cm8pcb_firmwarelapkc71fnuc_11_pro_board_nuc11tnbi70z_firmwarenuc_11_pro_board_nuc11tnbi7nuc_11_compute_element_cm11ebc4w_firmwarenuc_11_pro_kit_nuc11tnki50znuc_11_pro_kit_nuc11tnki5nuc_kit_nuc8i5benuc8i3cysmlapbc710nuc_11_pro_kit_nuc11tnhi50znuc_8_compute_element_cm8i3cbnuc8i3cysn_firmwarenuc_kit_nuc8i5be_firmwarenuc11pahnuc_11_pro_board_nuc11tnbi30z_firmwarenuc_9_pro_kit_nuc9v7qnx_firmwarenuc_8_compute_element_cm8ccbnuc11dbbi9_firmwarenuc_11_pro_board_nuc11tnbi5nuc_9_pro_compute_element_nuc9v7qnblapbc710_firmwarelapkc51enuc_11_pro_kit_nuc11tnki3nuc_11_pro_kit_nuc11tnki70znuc_8_compute_element_cm8i7cblapkc71f_firmwarenuc_11_enthusiast_kit_nuc11phki7cnuc11panuc_11_pro_kit_nuc11tnhi70lnuc_11_pro_kit_nuc11tnhi50lnuc_8_compute_element_cm8i7cb_firmwarenuc9i9qnnuc_11_pro_board_nuc11tnbi70znuc_11_pro_kit_nuc11tnhi30znuc_11_pro_kit_nuc11tnhi50w_firmwarelapbc510_firmwarenuc_11_compute_element_cm11ebi716wnuc_11_pro_kit_nuc11tnki30znuc_kit_nuc8i3b_firmwarenuc11btmi9nuc11btmi7nuc9i7qnnuc9i7qn_firmwarenuc_8_compute_element_cm8i5cb_firmwarenuc_11_compute_element_cm11ebi38w_firmwarenuc_11_pro_kit_nuc11tnhi70l_firmwarenuc_11_pro_kit_nuc11tnhi70qnuc_11_pro_kit_nuc11tnhi70znuc9i5qn_firmwarenuc_kit_nuc8i7be_firmwarenuc_11_pro_kit_nuc11tnhi30lnuc8i3cysm_firmwarelapkc71e_firmwarenuc_11_pro_kit_nuc11tnhi30z_firmwarenuc_11_pro_board_nuc11tnbi5_firmwarenuc_11_pro_kit_nuc11tnki50z_firmwarenuc11paq_firmwarenuc_11_pro_board_nuc11tnbi3_firmwarenuc_11_pro_kit_nuc11tnhi5_firmwarenuc_11_pro_kit_nuc11tnhi7_firmwarenuc_kit_nuc8i3bnuc_11_pro_kit_nuc11tnhi50l_firmwarenuc_11_enthusiast_mini_pc_nuc11phki7caanuc11btmi9_firmwarenuc_9_pro_kit_nuc9vxqnxnuc_11_pro_board_nuc11tnbi30znuc_11_pro_kit_nuc11tnhi3nuc_11_enthusiast_kit_nuc11phki7c_firmwarenuc_11_pro_board_nuc11tnbi3nuc_11_pro_kit_nuc11tnhi7nuc_11_pro_board_nuc11tnbi7_firmwarenuc_11_pro_kit_nuc11tnki5_firmwarelapbc510nuc_11_pro_kit_nuc11tnki3_firmwarenuc_8_compute_element_cm8i5cbnuc_11_pro_kit_nuc11tnhi70q_firmwarenuc11pah_firmwarenuc_8_compute_element_cm8i3cb_firmwarelapkc51e_firmwarenuc_11_compute_element_cm11ebi716w_firmwarenuc11paqnuc_9_pro_compute_element_nuc9v7qnb_firmwarenuc_11_pro_kit_nuc11tnki70z_firmwarenuc_9_pro_kit_nuc9v7qnxnuc_11_compute_element_cm11ebi58wnuc_11_pro_kit_nuc11tnhi5nuc_11_pro_kit_nuc11tnhi3_firmwarenuc_11_pro_board_nuc11tnbi50z_firmwarenuc_11_compute_element_cm11ebc4wnuc11dbbi9nuc11btmi7_firmwarenuc_11_pro_kit_nuc11tnhi50wnuc_kit_nuc8i7benuc_11_pro_kit_nuc11tnki7_firmwarenuc_11_pro_kit_nuc11tnhi30p_firmwarenuc_11_pro_kit_nuc11tnhi30pnuc_11_pro_kit_nuc11tnhi70z_firmwarenuc_8_compute_element_cm8ccb_firmwarenuc_11_enthusiast_mini_pc_nuc11phki7caa_firmwarenuc9i5qnnuc11dbbi7nuc9i9qn_firmwarenuc_11_pro_kit_nuc11tnhi50z_firmwarenuc_9_pro_compute_element_nuc9vxqnblapkc71enuc_11_compute_element_cm11ebi38wIntel(R) NUCs
CWE ID-CWE-20
Improper Input Validation
CVE-2019-4001
Matching Score-4
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-4
Assigner-Tenable Network Security, Inc.
CVSS Score-7.8||HIGH
EPSS-0.57% / 42.80%
||
7 Day CHG~0.00%
Published-24 Mar, 2020 | 21:04
Updated-04 Aug, 2024 | 19:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in Druva inSync Client 6.5.0 allows a local, authenticated attacker to execute arbitrary NodeJS code.

Action-Not Available
Vendor-druvan/a
Product-insyncDruva inSync Client
CWE ID-CWE-20
Improper Input Validation
CVE-2019-14905
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.3||HIGH
EPSS-0.74% / 49.97%
||
7 Day CHG~0.00%
Published-31 Mar, 2020 | 16:20
Updated-05 Aug, 2024 | 00:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxos_file_copy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS command injections. This could result in a loss of confidentiality of the system among other issues.

Action-Not Available
Vendor-Red Hat, Inc.openSUSEFedora Project
Product-ceph_storagecloudforms_management_engineopenstackfedorabackports_sleansible_engineansible_towerleapAnsible
CWE ID-CWE-73
External Control of File Name or Path
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • Next
Details not found