7.2
CVE-2013-0292
- EPSS 0.23%
- Published 05.03.2013 21:38:56
- Last modified 11.04.2025 00:51:21
- Source secalert@redhat.com
- Teams watchlist Login
- Open Login
The dbus_g_proxy_manager_filter function in dbus-gproxy in Dbus-glib before 0.100.1 does not properly verify the sender of NameOwnerChanged signals, which allows local users to gain privileges via a spoofed signal.
Data is provided by the National Vulnerability Database (NVD)
Freedesktop ≫ Dbus-glib Version <= 0.100
Freedesktop ≫ Dbus-glib Version0.72
Freedesktop ≫ Dbus-glib Version0.73
Freedesktop ≫ Dbus-glib Version0.74
Freedesktop ≫ Dbus-glib Version0.76
Freedesktop ≫ Dbus-glib Version0.78
Freedesktop ≫ Dbus-glib Version0.80
Freedesktop ≫ Dbus-glib Version0.82
Freedesktop ≫ Dbus-glib Version0.84
Freedesktop ≫ Dbus-glib Version0.86
Freedesktop ≫ Dbus-glib Version0.88
Freedesktop ≫ Dbus-glib Version0.90
Freedesktop ≫ Dbus-glib Version0.92
Freedesktop ≫ Dbus-glib Version0.94
Freedesktop ≫ Dbus-glib Version0.96
Freedesktop ≫ Dbus-glib Version0.98
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.23% | 0.461 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.2 | 3.9 | 10 |
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.