7.5
CVE-2014-1921
- EPSS 1.56%
- Veröffentlicht 14.02.2014 15:55:06
- Zuletzt bearbeitet 29.04.2026 01:13:23
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Loginparcimonie before 0.8.1, when using a large keyring, sleeps for the same amount of time between fetches, which allows attackers to correlate key fetches via unspecified vectors.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Parcimonie Project ≫ Parcimonie Version <= 0.7.1-1
Parcimonie Project ≫ Parcimonie Version0.6-1
Parcimonie Project ≫ Parcimonie Version0.6-3
Parcimonie Project ≫ Parcimonie Version0.7-1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.56% | 0.72 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.
http://seclists.org/oss-sec/2014/q1/305
http://seclists.org/oss-sec/2014/q1/308
http://www.debian.org/security/2014/dsa-2860
http://www.securityfocus.com/bid/65505
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=738134
https://exchange.xforce.ibmcloud.com/vulnerabilities/91118
https://gaffer.ptitcanardnoir.org/intrigeri/files/parcimonie/App-Parcimonie-0.8.1.tar.gz