Lucene search

[email protected]NVD:CVE-2013-0254

HistoryFeb 06, 2013 - 12:05 p.m.

CVE-2013-0254

2013-02-0612:05:43

CWE-264

[email protected]

web.nvd.nist.gov

3.6 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:P/A:N

5.6 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

The QSharedMemory class in Qt 5.0.0, 4.8.x before 4.8.5, 4.7.x before 4.7.6, and other versions including 4.4.0 uses weak permissions (world-readable and world-writable) for shared memory segments, which allows local users to read sensitive information or modify critical program data, as demonstrated by reading a pixmap being sent to an X server.

Affected configurations

NVD

Node

qtqtMatch1.41

qtqtMatch1.42

qtqtMatch1.43

qtqtMatch1.44

qtqtMatch1.45

Node

qtqtMatch2.0.0

qtqtMatch2.0.1

qtqtMatch2.0.2

Node

qtqtMatch3.3.0

qtqtMatch3.3.1

qtqtMatch3.3.2

qtqtMatch3.3.3

qtqtMatch3.3.4

qtqtMatch3.3.5

qtqtMatch3.3.6

Node

qtqtMatch4.0.0

qtqtMatch4.0.1

qtqtMatch4.1.0

qtqtMatch4.1.1

qtqtMatch4.1.2

qtqtMatch4.1.3

qtqtMatch4.1.4

qtqtMatch4.1.5

Node

qtqtMatch4.2.0

qtqtMatch4.2.1

qtqtMatch4.2.3

Node

qtqtMatch4.3.0

qtqtMatch4.3.1

qtqtMatch4.3.2

qtqtMatch4.3.3

qtqtMatch4.3.4

qtqtMatch4.3.5

Node

qtqtMatch4.4.0

qtqtMatch4.4.1

qtqtMatch4.4.2

qtqtMatch4.4.3

Node

qtqtMatch4.5.0

qtqtMatch4.5.1

qtqtMatch4.5.2

qtqtMatch4.5.3

Node

qtqtMatch4.6.0

qtqtMatch4.6.1

qtqtMatch4.6.2

qtqtMatch4.6.3

qtqtMatch4.6.4

qtqtMatch4.6.5

Node

qtqtMatch4.7.0

qtqtMatch4.7.1

qtqtMatch4.7.2

qtqtMatch4.7.3

qtqtMatch4.7.4

qtqtMatch4.7.5

qtqtMatch4.7.6

Node

qtqtMatch4.8.0

qtqtMatch4.8.1

qtqtMatch4.8.2

qtqtMatch4.8.3

qtqtMatch4.8.4

qtqtMatch4.8.5

Node

qtqtMatch5.0.0

qtqtMatch5.0.1

References

lists.opensuse.org/opensuse-updates/2013-03/msg00014.html

lists.opensuse.org/opensuse-updates/2013-03/msg00015.html

lists.opensuse.org/opensuse-updates/2013-03/msg00019.html

lists.qt-project.org/pipermail/announce/2013-February/000023.html

rhn.redhat.com/errata/RHSA-2013-0669.html

bugzilla.redhat.com/show_bug.cgi?id=907425

3.6 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:P/A:N

5.6 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2013-0254

redhat1 nessus13 openvas14 fedora2 ubuntucve1 oraclelinux1 centos1 veracode1 cve1 debiancve1 cvelist1 prion1 gentoo1 securityvulns2 ubuntu1 osv1 debian1