cbcvebase.

Tim Hockin Acpid vulnerabilities

6 known vulnerabilities affecting tim_hockin/acpid.

Total CVEs
6
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
MEDIUM5LOW1

Vulnerabilities

Page 1 of 1
CVE-2011-2777P4MEDIUMCVSS 4.4PoC≥ 0, < 1:2.0.14-12012-08-29
CVE-2011-2777 [MEDIUM] CVE-2011-2777: samples/powerbtn/powerbtn samples/powerbtn/powerbtn.sh in acpid (aka acpid2) 2.0.16 and earlier uses the pidof program incorrectly, which allows local users to gain privileges by running a program with the name kded4 and a DBUS_SESSION_BUS_ADDRESS environment variable containing commands.
osv
CVE-2011-1159P4LOWCVSS 2.1PoC≥ 0, < 1:2.0.9-12011-10-05
CVE-2011-1159 [LOW] CVE-2011-1159: acpid acpid.c in acpid before 2.0.9 does not properly handle a situation in which a process has connected to acpid.socket but is not reading any data, which allows local users to cause a denial of service (daemon hang) via a crafted application that performs a connect system call but no read system calls.
osv
CVE-2009-0798P4MEDIUMCVSS 5.0≤ 1.0.8v0.99.0+9 more2009-04-24
CVE-2009-0798 [MEDIUM] CWE-399 CVE-2009-0798: ACPI Event Daemon (acpid) before 1.0.10 allows remote attackers to cause a denial of service (CPU co ACPI Event Daemon (acpid) before 1.0.10 allows remote attackers to cause a denial of service (CPU consumption and connectivity loss) by opening a large number of UNIX sockets without closing them, which triggers an infinite loop.
nvdosv
CVE-2009-4033P4MEDIUMCVSS 6.9v1.0.42009-12-08
CVE-2009-4033 [MEDIUM] CWE-264 CVE-2009-4033: A certain Red Hat patch for acpid 1.0.4 effectively triggers a call to the open function with insuff A certain Red Hat patch for acpid 1.0.4 effectively triggers a call to the open function with insufficient arguments, which might allow local users to leverage weak permissions on /var/log/acpid, and obtain sensitive information by reading this file, cause a denial of service by overwriting this file, or gain privileges by executing this file.
nvd
CVE-2011-4578P4MEDIUMCVSS 4.6≥ 0, < 1:2.0.11-12012-08-29
CVE-2011-4578 [MEDIUM] CVE-2011-4578: event event.c in acpid (aka acpid2) before 2.0.11 does not have an appropriate umask setting during execution of event-handler scripts, which might allow local users to (1) perform write operations within directories created by a script, or (2) read files created by a script, via standard filesystem system calls.
osv
CVE-2009-4235P4MEDIUMCVSS 6.9v1.0.42009-12-08
CVE-2009-4235 [MEDIUM] CVE-2009-4235: acpid 1.0.4 sets an unrestrictive umask, which might allow local users to leverage weak permissions acpid 1.0.4 sets an unrestrictive umask, which might allow local users to leverage weak permissions on /var/log/acpid, and obtain sensitive information by reading this file or cause a denial of service by overwriting this file, a different vulnerability than CVE-2009-4033.
nvdosv
Tim Hockin Acpid vulnerabilities | cvebase