Lucene search

[email protected]CVE-2014-4910

HistoryJul 24, 2014 - 2:55 p.m.

CVE-2014-4910

2014-07-2414:55:09

CWE-22

[email protected]

web.nvd.nist.gov

cve

2014

4910

directory traversal

x.org

xf86-video-intel

vulnerability

remote attack

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.9 Medium

AI Score

Confidence

Low

0.01 Low

EPSS

Percentile

83.7%

JSON

Directory traversal vulnerability in tools/backlight_helper.c in X.Org xf86-video-intel 2.99.911 allows remote attackers to create or overwrite arbitrary files via a … (dot dot) in the interface name.

Affected configurations

NVD

Node

xxf86-video-intelMatch2.99.911

CPENameOperatorVersion
x:xf86-video-intelx xf86-video-inteleq2.99.911

CPE	Name	Operator	Version
x:xf86-video-intel	x xf86-video-intel	eq	2.99.911

References

lists.x.org/archives/xorg-commit/2014-July/036840.html

osvdb.org/show/osvdb/108851

seclists.org/oss-sec/2014/q3/138

seclists.org/oss-sec/2014/q3/39

exchange.xforce.ibmcloud.com/vulnerabilities/94746

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.9 Medium

AI Score

Confidence

Low

0.01 Low

EPSS

Percentile

83.7%

JSON

Related for CVE-2014-4910

debiancve1 prion1 cvelist1 nvd1 ubuntucve1