Vulnerabilities > Sleuthkit

DATE CVE VULNERABILITY TITLE RISK
2023-01-24 CVE-2022-45639 OS Command Injection vulnerability in Sleuthkit the Sleuth KIT 4.11.1
OS Command injection vulnerability in sleuthkit fls tool 4.11.1 allows attackers to execute arbitrary commands via a crafted value to the m parameter.
local
low complexity
sleuthkit CWE-78
7.8
2020-03-09 CVE-2020-10233 Out-of-bounds Read vulnerability in Sleuthkit the Sleuth KIT
In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a heap-based buffer over-read in ntfs_dinode_lookup in fs/ntfs.c.
network
low complexity
sleuthkit CWE-125
critical
9.1
2020-03-09 CVE-2020-10232 Out-of-bounds Write vulnerability in multiple products
In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a stack buffer overflow vulnerability in the YAFFS file timestamp parsing logic in yaffsfs_istat() in fs/yaffs.c.
network
low complexity
sleuthkit debian fedoraproject CWE-787
critical
9.8
2019-08-02 CVE-2019-14532 Off-by-one Error vulnerability in multiple products
An issue was discovered in The Sleuth Kit (TSK) 4.6.6.
network
low complexity
sleuthkit fedoraproject CWE-193
critical
9.8
2019-08-02 CVE-2019-14531 Out-of-bounds Read vulnerability in Sleuthkit the Sleuth KIT 4.6.6
An issue was discovered in The Sleuth Kit (TSK) 4.6.6.
network
low complexity
sleuthkit CWE-125
critical
9.8
2019-07-18 CVE-2019-1010065 Integer Overflow or Wraparound vulnerability in multiple products
The Sleuth Kit 4.6.0 and earlier is affected by: Integer Overflow.
network
low complexity
sleuthkit fedoraproject debian CWE-190
6.5
2018-12-20 CVE-2018-1000838 XXE vulnerability in Sleuthkit Autopsy
autopsy version <= 4.9.0 contains a XML External Entity (XXE) vulnerability in CaseMetadata XML Parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning.
network
low complexity
sleuthkit CWE-611
critical
10.0
2018-11-29 CVE-2018-19497 Out-of-bounds Read vulnerability in multiple products
In The Sleuth Kit (TSK) through 4.6.4, hfs_cat_traverse in tsk/fs/hfs.c does not properly determine when a key length is too large, which allows attackers to cause a denial of service (SEGV on unknown address with READ memory access in a tsk_getu16 call in hfs_dir_open_meta_cb in tsk/fs/hfs_dent.c).
network
low complexity
sleuthkit debian fedoraproject CWE-125
6.5
2018-06-05 CVE-2018-11740 Out-of-bounds Read vulnerability in Sleuthkit the Sleuth KIT
An issue was discovered in libtskbase.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1.
network
low complexity
sleuthkit CWE-125
8.1
2018-06-05 CVE-2018-11739 Out-of-bounds Read vulnerability in Sleuthkit the Sleuth KIT
An issue was discovered in libtskimg.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1.
network
low complexity
sleuthkit CWE-125
8.1