[Forgot Password]
Login  Register Subscribe

23631

 
 

115083

 
 

97147

 
 

909

 
 

78730

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2011-4349

Date: (C)2011-12-10   (M)2015-12-16
 
CVSS Score: 4.6Access Vector: LOCAL
Exploitability Subscore: 3.9Access Complexity: LOW
Impact Subscore: 6.4Authentication: NONE
 Confidentiality: PARTIAL
 Integrity: PARTIAL
 Availability: PARTIAL











Multiple SQL injection vulnerabilities in (1) cd-mapping-db.c and (2) cd-device-db.c in colord before 0.1.15 allow local users to execute arbitrary SQL commands via vectors related to color devices and (a) device id, (b) property, or (c) profile id.

Reference:
SECUNIA-46940
SECUNIA-47160
BID-50814
FEDORA-2011-16451
FEDORA-2011-16453
http://www.openwall.com/lists/oss-security/2011/11/25/3
http://gitorious.org/colord/master/commit/1fadd90afcb4bbc47513466ee9bb1e4a8632ac3b
http://gitorious.org/colord/master/commit/36549e0ed255e7dfa7852d08a75dd5f00cbd270e
https://bugs.freedesktop.org/show_bug.cgi?id=42904
https://bugzilla.redhat.com/show_bug.cgi?id=757171

CWE    1
CWE-89
OVAL    1
oval:org.secpod.oval:def:700714

© 2013 SecPod Technologies