CVE-2010-2246

Published May 26, 2011

Last updated 5 years ago

CVSS info 5.1

Overview

Description: feh before 1.8, when the --wget-timestamp option is enabled, might allow remote attackers to execute arbitrary commands via shell metacharacters in a URL.
Source: secalert@redhat.com
NVD status: Analyzed

Risk scores

CVSS 2.0

Type: Primary
Base score: 5.1
Impact score: 6.4
Exploitability score: 4.9
Vector string: AV:N/AC:H/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-20

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:feh_project:feh:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "09377B37-329A-488D-9E9E-526A8DAF5B3B",
            "versionEndIncluding": "1.7"
          },
          {
            "criteria": "cpe:2.3:a:feh_project:feh:0.5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "94B06044-431D-436A-968A-E63DA7C98313"
          },
          {
            "criteria": "cpe:2.3:a:feh_project:feh:0.6.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9A8F51C2-220C-42D9-835E-F50449AB0AD6"
          },
          {
            "criteria": "cpe:2.3:a:feh_project:feh:0.7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CB81F274-614A-4777-A09F-7F18EEE5E560"
          },
          {
            "criteria": "cpe:2.3:a:feh_project:feh:0.9.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FAE1BC5D-D4F3-485E-AFE3-94C81F5A783A"
          },
          {
            "criteria": "cpe:2.3:a:feh_project:feh:1.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F983BC56-E0D3-4C51-B2BF-D6FB62E65687"
          },
          {
            "criteria": "cpe:2.3:a:feh_project:feh:1.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "24992069-559D-4766-8CE3-A8E652612C52"
          },
          {
            "criteria": "cpe:2.3:a:feh_project:feh:1.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4DF9DF47-988E-43BE-AB93-65298CA2B3EE"
          },
          {
            "criteria": "cpe:2.3:a:feh_project:feh:1.2.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "75375308-34D2-43AD-A375-3805D2CD832A"
          },
          {
            "criteria": "cpe:2.3:a:feh_project:feh:1.2.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E6A1208D-7E71-45D0-B7AD-D9E3FB838B0D"
          },
          {
            "criteria": "cpe:2.3:a:feh_project:feh:1.2.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "383331D2-5F26-4973-8060-F5032E70D5E2"
          },
          {
            "criteria": "cpe:2.3:a:feh_project:feh:1.2.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "21A561E5-B316-4E9D-AFF5-9B5BD622BEE0"
          },
          {
            "criteria": "cpe:2.3:a:feh_project:feh:1.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E54259EE-FDD6-4CFB-BCAF-D50C5F486EC1"
          },
          {
            "criteria": "cpe:2.3:a:feh_project:feh:1.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3AAFE373-EDD7-4BC6-8EAB-745B7016D402"
          },
          {
            "criteria": "cpe:2.3:a:feh_project:feh:1.3.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AB3EDBBE-075E-4E22-9B8D-5847813B1E9F"
          },
          {
            "criteria": "cpe:2.3:a:feh_project:feh:1.3.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E7F42B57-48F8-4829-9199-90CDDA81E20A"
          },
          {
            "criteria": "cpe:2.3:a:feh_project:feh:1.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D326B0BC-9573-4363-B82C-E35E06216D3E"
          },
          {
            "criteria": "cpe:2.3:a:feh_project:feh:1.4.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4E301ACD-A495-49B4-BF0A-99BF6E580B25"
          },
          {
            "criteria": "cpe:2.3:a:feh_project:feh:1.4.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "49068803-44F8-43FA-80F7-D358D62304DC"
          },
          {
            "criteria": "cpe:2.3:a:feh_project:feh:1.4.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F8DD385F-EAD2-4A9B-A14B-8623834FE5FA"
          },
          {
            "criteria": "cpe:2.3:a:feh_project:feh:1.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FC289CF0-2FA5-407A-8F24-CB90C36AA27B"
          },
          {
            "criteria": "cpe:2.3:a:feh_project:feh:1.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F369ACF2-5BDC-4157-9838-B7E364E3034E"
          },
          {
            "criteria": "cpe:2.3:a:feh_project:feh:1.6.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AB4AD21D-3F70-4507-AC69-2DB1D436A4F7"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References