Shodan
Vulnerabilities
Vulnerable Software
Sane-Project:  >> Sane Backends  Security Vulnerabilities
CVE-2023-46052
Sane 1.2.1 heap bounds overwrite in init_options() from backend/test.c via a long init_mode string in a configuration file. NOTE: this is disputed because there is no expectation that test.c code should be executed with an attacker-controlled configuration file.
CVSS Score
7.1
EPSS Score
0.001
Published
2024-03-27
CVE-2023-46047
An issue in Sane 1.2.1 allows a local attacker to execute arbitrary code via a crafted file to the sanei_configure_attach() function. NOTE: this is disputed because there is no expectation that the product should be starting with an attacker-controlled configuration file.
CVSS Score
7.3
EPSS Score
0.0
Published
2024-03-27
CVE-2020-12862
An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-082.
CVSS Score
4.3
EPSS Score
0.002
Published
2020-06-24
CVE-2020-12863
An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-083.
CVSS Score
4.3
EPSS Score
0.002
Published
2020-06-24
CVE-2020-12864
An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-081.
CVSS Score
4.3
EPSS Score
0.002
Published
2020-06-24
CVE-2020-12865
A heap buffer overflow in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-084.
CVSS Score
8.0
EPSS Score
0.003
Published
2020-06-24
CVE-2020-12866
A NULL pointer dereference in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, GHSL-2020-079.
CVSS Score
5.7
EPSS Score
0.002
Published
2020-06-24
CVE-2020-12861
A heap buffer overflow in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-080.
CVSS Score
8.8
EPSS Score
0.005
Published
2020-06-24
CVE-2020-12867
A NULL pointer dereference in sanei_epson_net_read in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, aka GHSL-2020-075.
CVSS Score
5.5
EPSS Score
0.001
Published
2020-06-01


Products
Pricing
Contact Us

Shodan ® - All rights reserved