crates.io package
simple-wayland-hotkey-daemon
pkg:cargo/simple-wayland-hotkey-daemon
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-27817 | — | <= 1.1.5 | — | Apr 14, 2022 | SWHKD 1.1.5 consumes the keyboard events of unintended users. This could potentially cause an information leak, but is usually a denial of functionality. | ||
| CVE-2022-27814 | — | < 1.2.0 | 1.2.0 | Apr 14, 2022 | SWHKD 1.1.5 allows arbitrary file-existence tests via the -c option. | ||
| CVE-2022-27818 | — | < 1.2.0 | 1.2.0 | Apr 7, 2022 | SWHKD 1.1.5 unsafely uses the /tmp/swhkd.sock pathname. There can be an information leak or denial of service. | ||
| CVE-2022-27819 | — | < 1.2.0 | 1.2.0 | Apr 7, 2022 | SWHKD 1.1.5 allows unsafe parsing via the -c option. An information leak might occur but there is a simple denial of service (memory exhaustion) upon an attempt to parse a large or infinite file (such as a block or character device). | ||
| CVE-2022-27816 | — | < 1.2.0 | 1.2.0 | Mar 30, 2022 | SWHKD 1.1.5 unsafely uses the /tmp/swhks.pid pathname. There can be data loss or a denial of service. | ||
| CVE-2022-27815 | — | < 1.2.0 | 1.2.0 | Mar 29, 2022 | SWHKD 1.1.5 unsafely uses the /tmp/swhkd.pid pathname. There can be an information leak or denial of service. |
- CVE-2022-27817Apr 14, 2022affected <= 1.1.5
SWHKD 1.1.5 consumes the keyboard events of unintended users. This could potentially cause an information leak, but is usually a denial of functionality.
- CVE-2022-27814Apr 14, 2022affected < 1.2.0fixed 1.2.0
SWHKD 1.1.5 allows arbitrary file-existence tests via the -c option.
- CVE-2022-27818Apr 7, 2022affected < 1.2.0fixed 1.2.0
SWHKD 1.1.5 unsafely uses the /tmp/swhkd.sock pathname. There can be an information leak or denial of service.
- CVE-2022-27819Apr 7, 2022affected < 1.2.0fixed 1.2.0
SWHKD 1.1.5 allows unsafe parsing via the -c option. An information leak might occur but there is a simple denial of service (memory exhaustion) upon an attempt to parse a large or infinite file (such as a block or character device).
- CVE-2022-27816Mar 30, 2022affected < 1.2.0fixed 1.2.0
SWHKD 1.1.5 unsafely uses the /tmp/swhks.pid pathname. There can be data loss or a denial of service.
- CVE-2022-27815Mar 29, 2022affected < 1.2.0fixed 1.2.0
SWHKD 1.1.5 unsafely uses the /tmp/swhkd.pid pathname. There can be an information leak or denial of service.