10
CVE-2007-6610
- EPSS 2.28%
- Veröffentlicht 03.01.2008 20:46:00
- Zuletzt bearbeitet 16.06.2026 22:48:25
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
unp 1.0.12, and other versions before 1.0.14, does not properly escape file names, which might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename argument. NOTE: this might only be a vulnerability when unp is invoked by a third party product.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.28% | 0.809 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 10 | 10 | 10 |
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=448437
http://bugs.gentoo.org/show_bug.cgi?id=203106
http://osvdb.org/42759
http://secunia.com/advisories/28282
http://secunia.com/advisories/28388
http://security.gentoo.org/glsa/glsa-200801-01.xml
http://www.securityfocus.com/bid/27182