Lucene search
GoogleOSV:CVE-2021-23556HistoryMar 17, 2022 - 12:15 p.m.
CVE-2021-23556
2022-03-1712:15:07
Google
osv.dev
3
guake package
vulnerable
exposed methods
d-bus interface
malicious user
arbitrary command
d-bus method
exploitation
malicious program
The package guake before 3.8.5 are vulnerable to Exposed Dangerous Method or Function due to the exposure of execute_command and execute_command_by_uuid methods via the d-bus interface, which makes it possible for a malicious user to run an arbitrary command via the d-bus method. Note: Exploitation requires the user to have installed another malicious program that will be able to send dbus signals or run terminal commands.
Related
veracode
veracode
Arbitrary Command Execution
2022-03-18 03:43:25
ubuntucve
ubuntucve
CVE-2021-23556
2022-03-17 00:00:00
cvelist
cvelist
CVE-2021-23556 Exposed Dangerous Method or Function
2022-03-17 11:20:43
debiancve
debiancve
CVE-2021-23556
2022-03-17 12:15:07
prion
prion
Command injection
2022-03-17 12:15:00
nvd
nvd
CVE-2021-23556
2022-03-17 12:15:07
github
github
Command injection in guake
2022-03-18 00:01:11
osv
osv
Command injection in guake
2022-03-18 00:01:11
PYSEC-2022-165
2022-03-17 12:15:00
cve
cve
CVE-2021-23556
2022-03-17 12:15:07