cbcvebase.
CVE-2014-6262
published 2020-02-12

CVE-2014-6262: Multiple format string vulnerabilities in the python module in RRDtool, as used in Zenoss Core before 4.2.5 and other products, allow remote attackers to…

PriorityP342high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
7.25%
93.6th percentile
Multiple format string vulnerabilities in the python module in RRDtool, as used in Zenoss Core before 4.2.5 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted third argument to the rrdtool.graph function, aka ZEN-15415, a related issue to CVE-2013-2131.

Affected

3 ranges
VendorProductVersion rangeFixed in
debiandebian_linux
debianrrdtool< rrdtool 1.5.4-1 (bookworm)rrdtool 1.5.4-1 (bookworm)
zenosszenoss_core< 4.2.54.2.5

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_debian5.0MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.