Lucene search

[email protected]CVE-2014-9622

HistoryJan 21, 2015 - 6:59 p.m.

CVE-2014-9622

2015-01-2118:59:00

CWE-77

[email protected]

web.nvd.nist.gov

cve

2014-9622

eval injection

xdg-utils

vulnerability

security

nvd

8.8 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.01 Low

EPSS

Percentile

83.7%

JSON

Eval injection vulnerability in xdg-utils 1.1.0 RC1, when no supported desktop environment is identified, allows context-dependent attackers to execute arbitrary code via the URL argument to xdg-open.

CPENameOperatorVersion
gentoo:xdg-utilsgentoo xdg-utilseq1.1.0

CPE	Name	Operator	Version
gentoo:xdg-utils	gentoo xdg-utils	eq	1.1.0

References

seclists.org/fulldisclosure/2014/Nov/36

secunia.com/advisories/62155

www.debian.org/security/2015/dsa-3131

www.openwall.com/lists/oss-security/2015/01/17/10

www.securityfocus.com/bid/71284

bugs.freedesktop.org/show_bug.cgi?id=66670

bugs.gentoo.org/show_bug.cgi?id=472888

security.gentoo.org/glsa/201701-09

8.8 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.01 Low

EPSS

Percentile

83.7%

JSON

Related for CVE-2014-9622

securityvulns2 mageia1 osv2 nessus3 prion1 debiancve1 ubuntucve1 openvas5 gentoo1 debian3 rosalinux1