CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Nongnu: >> Gksu Security Vulnerabilities

CVE-2014-2886

GKSu 2.0.2, when sudo-mode is not enabled, uses " (double quote) characters in a gksu-run-helper argument, which allows attackers to execute arbitrary commands in certain situations involving an untrusted substring within this argument, as demonstrated by an untrusted filename encountered during installation of a VirtualBox extension pack.

CVSS Score

6.8

EPSS Score

0.004

Published

2014-09-18

Page 1

Vulnerabilities

Vulnerable Software

Nongnu: >> Gksu Security Vulnerabilities

Products

Pricing

Contact Us