Skip to main content

Irods

4 CVEs product

Monthly

CVE-2024-38462 CRITICAL PATCH Act Now

iRODS before 4.3.2 provides an msiSendMail function with a problematic dependency on the mail binary, such as in the mailMS.cpp#L94-L106 reference. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Irods
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-38461 HIGH This Week

irodsServerMonPerf in iRODS before 4.3.2 attempts to proceed with use of a path even if it is not a directory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Irods
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2017-8799 CRITICAL PATCH Act Now

Untrusted input execution via igetwild in all iRODS versions before 4.1.11 and 4.2.1 allows other iRODS users (potentially anonymous) to execute remote shell commands via iRODS virtual pathnames. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Irods
NVD GitHub
CVSS 3.0
9.8
EPSS
0.9%
CVE-2012-5895 CRITICAL Act Now

Multiple unspecified vulnerabilities in iRODS before 3.1 have unknown impact and attack vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Irods
NVD
CVSS 2.0
10.0
EPSS
0.4%
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

iRODS before 4.3.2 provides an msiSendMail function with a problematic dependency on the mail binary, such as in the mailMS.cpp#L94-L106 reference. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Irods
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

irodsServerMonPerf in iRODS before 4.3.2 attempts to proceed with use of a path even if it is not a directory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Irods
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Untrusted input execution via igetwild in all iRODS versions before 4.1.11 and 4.2.1 allows other iRODS users (potentially anonymous) to execute remote shell commands via iRODS virtual pathnames. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Irods
NVD GitHub
EPSS 0% CVSS 10.0
CRITICAL Act Now

Multiple unspecified vulnerabilities in iRODS before 3.1 have unknown impact and attack vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Irods
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy