4.4
CVE-2014-1929
- EPSS 0.38%
- Veröffentlicht 25.10.2014 21:55:03
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Loginpython-gnupg 0.3.5 and 0.3.6 allows context-dependent attackers to have an unspecified impact via vectors related to "option injection through positional arguments." NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7323.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Python-gnupg Project ≫ Python-gnupg Version0.3.5
Python-gnupg Project ≫ Python-gnupg Version0.3.6
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.38% | 0.299 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.4 | 3.4 | 6.4 |
AV:L/AC:M/Au:N/C:P/I:P/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://secunia.com/advisories/59031
http://www.debian.org/security/2014/dsa-2946
http://seclists.org/oss-sec/2014/q1/245
http://seclists.org/oss-sec/2014/q1/335