Required CVE Record Information
Description
Multiple SQL injection vulnerabilities in (1) cd-mapping-db.c and (2) cd-device-db.c in colord before 0.1.15 allow local users to execute arbitrary SQL commands via vectors related to color devices and (a) device id, (b) property, or (c) profile id.
References 12 Total
- securityfocus.com: 50814 vdb-entry
- ubuntu.com: USN-1289-1 vendor-advisory
- secunia.com: 46940 third-party-advisory
- openwall.com: [oss-security] 20111125 Re: CVE Request: colord sql injections mailing-list
- https://bugzilla.redhat.com/show_bug.cgi?id=757171
- secunia.com: 47160 third-party-advisory
- http://gitorious.org/colord/master/commit/1fadd90afcb4bbc47513466ee9bb1e4a8632ac3b
- lists.fedoraproject.org: FEDORA-2011-16451 vendor-advisory
- https://bugs.freedesktop.org/show_bug.cgi?id=42904
- http://gitorious.org/colord/master/commit/36549e0ed255e7dfa7852d08a75dd5f00cbd270e
- lists.fedoraproject.org: FEDORA-2011-16453 vendor-advisory
- openwall.com: [oss-security] 20111125 Re: CVE Request: colord sql injections mailing-list
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 12 Total
- securityfocus.com: 50814 vdb-entryx_transferred
- ubuntu.com: USN-1289-1 vendor-advisoryx_transferred
- secunia.com: 46940 third-party-advisoryx_transferred
- openwall.com: [oss-security] 20111125 Re: CVE Request: colord sql injections mailing-listx_transferred
- https://bugzilla.redhat.com/show_bug.cgi?id=757171 x_transferred
- secunia.com: 47160 third-party-advisoryx_transferred
- http://gitorious.org/colord/master/commit/1fadd90afcb4bbc47513466ee9bb1e4a8632ac3b x_transferred
- lists.fedoraproject.org: FEDORA-2011-16451 vendor-advisoryx_transferred
- https://bugs.freedesktop.org/show_bug.cgi?id=42904 x_transferred
- http://gitorious.org/colord/master/commit/36549e0ed255e7dfa7852d08a75dd5f00cbd270e x_transferred
- lists.fedoraproject.org: FEDORA-2011-16453 vendor-advisoryx_transferred
- openwall.com: [oss-security] 20111125 Re: CVE Request: colord sql injections mailing-listx_transferred