Vulnerability Description
Almanah Diary 0.9.0 and 0.10.0 does not encrypt the database when closed, which allows local users to obtain sensitive information by reading the database.
CVSS Score
2.1
LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Almanah Project | Almanah | 0.9.0 |
Related Weaknesses (CWE)
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702905
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00080.html
- http://www.openwall.com/lists/oss-security/2013/03/13/1
- https://bugzilla.gnome.org/show_bug.cgi?id=695117
- https://bugzilla.redhat.com/show_bug.cgi?id=920848
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702905
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00080.html
- http://www.openwall.com/lists/oss-security/2013/03/13/1
- https://bugzilla.gnome.org/show_bug.cgi?id=695117
- https://bugzilla.redhat.com/show_bug.cgi?id=920848
FAQ
What is CVE-2013-1853?
CVE-2013-1853 is a vulnerability with a CVSS score of 2.1 (LOW). Almanah Diary 0.9.0 and 0.10.0 does not encrypt the database when closed, which allows local users to obtain sensitive information by reading the database.
How severe is CVE-2013-1853?
CVE-2013-1853 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-1853?
Check the references section above for vendor advisories and patch information. Affected products include: Almanah Project Almanah.