Augeas 0.9.0

CPE Details

Augeas 0.9.0
augeas
augeas
0.9.0
2013-11-25
15h50 +00:00
2013-11-25
17h37 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:augeas:augeas:0.9.0:*:*:*:*:*:*:*

Informations

Vendor

augeas

Product

augeas

Version

0.9.0

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2017-7555 2017-08-17 19h00 +00:00 Augeas versions up to and including 1.8.0 are vulnerable to heap-based buffer overflow due to improper handling of escaped strings. Attacker could send crafted strings that would cause the application using augeas to copy past the end of a buffer, leading to a crash or possible code execution.
9.8
Critical
CVE-2012-0786 2013-11-23 17h00 +00:00 The transform_save function in transform.c in Augeas before 1.0.0 allows local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on a .augnew file.
3.3
CVE-2012-0787 2013-11-23 17h00 +00:00 The clone_file function in transfer.c in Augeas before 1.0.0, when copy_if_rename_fails is set and EXDEV or EBUSY is returned by the rename function, allows local users to overwrite arbitrary files and obtain sensitive information via a bind mount on the (1) .augsave or (2) destination file when using the backup save option, or (3) .augnew file when using the newfile save option.
3.7
CVE-2012-6607 2013-11-23 17h00 +00:00 The transform_save function in transform.c in Augeas before 1.0.0 allows local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on a .augsave file in a backup save action, a different vector than CVE-2012-0786.
3.3
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.