CVE-2011-4349 — Vulnetix

CVE-2011-4349 PUBLISHED CVSS 4.599999904632568 MEDIUM

Multiple SQL injection vulnerabilities in (1) cd-mapping-db.c and (2) cd-device-db.c in colord before 0.1.15 allow local users to execute arbitrary SQL commands via vectors related to color devices and (a) device id, (b) property, or (c) profile id.

EPSS 0.11% · 28.8th percentile

Risk Scores

CVSS 2.0

4.599999904632568

EPSS Score

0.11%

28.8th percentile

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a
freedesktop	colord	0.1.3, 0, 0.1.0

Exploit Intelligence

50814 (circl)
USN-1289-1 (circl)
46940 (circl)
[oss-security] 20111125 Re: CVE Request: colord sql injections (circl)
https://bugzilla.redhat.com/show_bug.cgi?id=757171 (circl)
47160 (circl)
http://gitorious.org/colord/master/commit/1fadd90afcb4bbc47513466ee9bb1e4a8632ac3b (circl)
FEDORA-2011-16451 (circl)
https://bugs.freedesktop.org/show_bug.cgi?id=42904 (circl)
http://gitorious.org/colord/master/commit/36549e0ed255e7dfa7852d08a75dd5f00cbd270e (circl)

…and 2 more exploits

Timeline

Dec 10, 2011 CVE Published
Feb 4, 2022 EPSS Score
Mar 29, 2022 EPSS Score
May 17, 2022 CVE Updated
May 20, 2022 EPSS Score
Jul 12, 2022 EPSS Score
Sep 4, 2022 EPSS Score
Oct 26, 2022 EPSS Score
Dec 18, 2022 EPSS Score
Feb 9, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 2, 2023 EPSS Score

References

50814 vdb
USN-1289-1 vendor-advisory
46940 third-party-advisory
http://www.openwall.com/lists/oss-security/2011/11/25/3 technical
[oss-security] 20111125 Re: CVE Request: colord sql injections mailing-list
https://bugzilla.redhat.com/show_bug.cgi?id=757171 url
47160 third-party-advisory
http://gitorious.org/colord/master/commit/1fadd90afcb4bbc47513466ee9bb1e4a8632ac3b url
FEDORA-2011-16451 vendor-advisory
https://bugs.freedesktop.org/show_bug.cgi?id=42904 url
http://gitorious.org/colord/master/commit/36549e0ed255e7dfa7852d08a75dd5f00cbd270e url
FEDORA-2011-16453 vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2011-4349 advisory

Open in Interactive Console →