How severe is CVE-2023-24040?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.1 out of 10.

What type of vulnerability is CVE-2023-24040?

This is classified as CWE-74, which is a common weakness in software security.

CVE-2023-24040 - HIGH Severity | CVSS 7.1

Vulnerability Description

dtprintinfo in Common Desktop Environment 1.6 has a bug in the parser of lpstat (an invoked external command) during listing of the names of available printers. This allows low-privileged local users to inject arbitrary printer names via the $HOME/.printers file. This injection allows those users to manipulate the control flow and disclose memory contents on Solaris 10 systems. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Related Vulnerabilities

CVE-2017-18863

HIGH

CVSS:7.1(High)

Certain NETGEAR devices are affected by command execution via a PHP form. This affects WN604 3.3.3 and earlier, WNAP210v2 3.5.20.0 and earlier, WNAP320 3.5.20.0 and earlier, WNDAP350 3.5.20.0 and earl...

CWE-742017

CVE-2021-43818

HIGH

CVSS:7.1(High)

lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content ...

CWE-742021

CVE-2020-15238

HIGH

CVSS:7.0(High)

Blueman is a GTK+ Bluetooth Manager. In Blueman before 2.1.4, the DhcpClient method of the D-Bus interface to blueman-mechanism is prone to an argument injection vulnerability. The impact highly depen...

CWE-742020

CVE-2020-27212

HIGH

CVSS:7.0(High)

STMicroelectronics STM32L4 devices through 2020-10-19 have incorrect access control. The flash read-out protection (RDP) can be degraded from RDP level 2 (no access via debug interface) to level 1 (li...

CWE-742020

CVE-2021-20509

HIGH

CVSS:7.0(High)

IBM Maximo Asset Management 7.6.0 and 7.6.1 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file cont...

CWE-742021

CVE-2011-2538

HIGH

CVSS:7.2(High)

Cisco Video Communications Server (VCS) before X7.0.3 contains a command injection vulnerability which allows remote, authenticated attackers to execute arbitrary commands.

CWE-742011