Jhead
by Sentex
CVEs (4)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2008-4641 | 0.00 | — | 0.02 | Oct 21, 2008 | The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows attackers to execute arbitrary commands via shell metacharacters in unspecified input. | ||
| CVE-2008-4640 | 0.00 | — | 0.00 | Oct 21, 2008 | The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to delete arbitrary files via vectors involving a modified input filename in which (1) a final "z" character is replaced by a "t" character or (2) a final "t" character is replaced by a "z" character. | ||
| CVE-2008-4639 | 0.00 | — | 0.00 | Oct 21, 2008 | jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file. | ||
| CVE-2008-4575 | 0.00 | — | 0.01 | Oct 15, 2008 | Buffer overflow in the DoCommand function in jhead before 2.84 might allow context-dependent attackers to cause a denial of service (crash) via (1) a long -cmd argument and (2) unspecified vectors related to "a bunch of potential string overflows." |
- CVE-2008-4641Oct 21, 2008risk 0.00cvss —epss 0.02
The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows attackers to execute arbitrary commands via shell metacharacters in unspecified input.
- CVE-2008-4640Oct 21, 2008risk 0.00cvss —epss 0.00
The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to delete arbitrary files via vectors involving a modified input filename in which (1) a final "z" character is replaced by a "t" character or (2) a final "t" character is replaced by a "z" character.
- CVE-2008-4639Oct 21, 2008risk 0.00cvss —epss 0.00
jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file.
- CVE-2008-4575Oct 15, 2008risk 0.00cvss —epss 0.01
Buffer overflow in the DoCommand function in jhead before 2.84 might allow context-dependent attackers to cause a denial of service (crash) via (1) a long -cmd argument and (2) unspecified vectors related to "a bunch of potential string overflows."