Augeas 1.1.0

CPE Details

Augeas 1.1.0
augeas
augeas
1.1.0
2014-01-23
16h47 +00:00
2014-01-27
13h14 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:augeas:augeas:1.1.0:*:*:*:*:*:*:*

Informations

Vendor

augeas

Product

augeas

Version

1.1.0

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2017-7555 2017-08-17 19h00 +00:00 Augeas versions up to and including 1.8.0 are vulnerable to heap-based buffer overflow due to improper handling of escaped strings. Attacker could send crafted strings that would cause the application using augeas to copy past the end of a buffer, leading to a crash or possible code execution.
9.8
Critical
CVE-2013-6412 2014-01-22 23h00 +00:00 The transform_save function in transform.c in Augeas 1.0.0 through 1.1.0 does not properly calculate the permission values when the umask contains a "7," which causes world-writable permissions to be used for new files and allows local users to modify the files via unspecified vectors.
4.6
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.