apk package
wolfi/py3.12-pyudev
pkg:apk/wolfi/py3.12-pyudev
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2011-0640 | — | < 0.24.4-r0 | 0.24.4-r0 | Jan 25, 2011 | The default configuration of udev on Linux does not warn the user before enabling additional Human Interface Device (HID) functionality over USB, which allows user-assisted attackers to execute arbitrary programs via crafted USB data, as demonstrated by keyboard and mouse data se | ||
| CVE-2010-4176 | — | < 0.24.4-r0 | 0.24.4-r0 | Dec 7, 2010 | plymouth-pretrigger.sh in dracut and udev, when running on Fedora 13 and 14, sets weak permissions for the /dev/systty device file, which allows remote authenticated users to read terminal data from tty0 for local users. | ||
| CVE-2009-1186 | — | < 0.24.4-r0 | 0.24.4-r0 | Apr 17, 2009 | Buffer overflow in the util_path_encode function in udev/lib/libudev-util.c in udev before 1.4.1 allows local users to cause a denial of service (service outage) via vectors that trigger a call with crafted arguments. | ||
| CVE-2009-1185 | — | < 0.24.4-r0 | 0.24.4-r0 | Apr 17, 2009 | udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space. |
- CVE-2011-0640Jan 25, 2011affected < 0.24.4-r0fixed 0.24.4-r0
The default configuration of udev on Linux does not warn the user before enabling additional Human Interface Device (HID) functionality over USB, which allows user-assisted attackers to execute arbitrary programs via crafted USB data, as demonstrated by keyboard and mouse data se
- CVE-2010-4176Dec 7, 2010affected < 0.24.4-r0fixed 0.24.4-r0
plymouth-pretrigger.sh in dracut and udev, when running on Fedora 13 and 14, sets weak permissions for the /dev/systty device file, which allows remote authenticated users to read terminal data from tty0 for local users.
- CVE-2009-1186Apr 17, 2009affected < 0.24.4-r0fixed 0.24.4-r0
Buffer overflow in the util_path_encode function in udev/lib/libudev-util.c in udev before 1.4.1 allows local users to cause a denial of service (service outage) via vectors that trigger a call with crafted arguments.
- CVE-2009-1185Apr 17, 2009affected < 0.24.4-r0fixed 0.24.4-r0
udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space.