CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2018-17336 – udisks: Format string vulnerability in udisks_log in udiskslogging.c
https://notcve.org/view.php?id=CVE-2018-17336
22 Sep 2018 — UDisks 2.8.0 has a format string vulnerability in udisks_log in udiskslogging.c, allowing attackers to obtain sensitive information (stack contents), cause a denial of service (memory corruption), or possibly have unspecified other impact via a malformed filesystem label, as demonstrated by %d or %n substrings. UDisks 2.8.0 tiene una vulnerabilidad de cadena de formato en udisks_log en udiskslogging.c, lo que permite a los atacantes obtener información sensible (contenido de la pila), causar una denegación ... • https://access.redhat.com/errata/RHSA-2019:2178 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2014-0004 – udisks2: stack-based buffer overflow when handling long path names
https://notcve.org/view.php?id=CVE-2014-0004
10 Mar 2014 — Stack-based buffer overflow in udisks before 1.0.5 and 2.x before 2.1.3 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long mount point. Desbordamiento de buffer basado en pila en udisks anterior a 1.0.5 y 2.x anterior a 2.1.3 permite a usuarios locales causar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de un punto de montaje largo. The udisks package provides a daemon, a D-Bus API, and command line utilities for ma... • http://lists.freedesktop.org/archives/devkit-devel/2014-March/001568.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2010-1149
https://notcve.org/view.php?id=CVE-2010-1149
12 Apr 2010 — probers/udisks-dm-export.c in udisks before 1.0.1 exports UDISKS_DM_TARGETS_PARAMS information to udev even for a crypt UDISKS_DM_TARGETS_TYPE, which allows local users to discover encryption keys by (1) running a certain udevadm command or (2) reading a certain file under /dev/.udev/db/. probers/udisks-dm-export.c en udisks anteriores a v1.0.1 exporta información UDISKS_DM_TARGETS_PARAMS a udev incluso para UDISKS_DM_TARGETS_TYPE cifrados, lo que permite a usuarios locales descubrir las claves de cifrado m... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=576687 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •