Aggregates CVE and security vulnerability intelligence across all augeas-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Common weakness patterns include vendor risk path handling, vendor risk buffer overflow, and vendor risk memory corruption, with potential vendor impact application crash across vendor surface production workloads use cases.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2025-2588 | A vulnerability has been found in Hercules Augeas 1.14.1 and classified as problematic. This vulnerability affects the function re_case_expand of the file src/fa.c. The manipulation of the argument re leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. | [email protected] | 4.8 | 0.03% | 2025-03-21 | 2025-04-01 |
| CVE-2017-7555 | Augeas versions up to and including 1.8.0 are vulnerable to heap-based buffer overflow due to improper handling of escaped strings. Attacker could send crafted strings that would cause the application using augeas to copy past the end of a buffer, leading to a crash or possible code execution. | [email protected] | 9.8 | 1.24% | 2017-08-17 | 2026-05-13 |
| CVE-2013-6412 | The transform_save function in transform.c in Augeas 1.0.0 through 1.1.0 does not properly calculate the permission values when the umask contains a "7," which causes world-writable permissions to be used for new files and allows local users to modify the files via unspecified vectors. | [email protected] | 4.6 | 0.04% | 2014-01-23 | 2026-04-29 |
| CVE-2012-6607 | The transform_save function in transform.c in Augeas before 1.0.0 allows local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on a .augsave file in a backup save action, a different vector than CVE-2012-0786. | [email protected] | 3.3 | 0.05% | 2013-11-23 | 2026-04-29 |
| CVE-2012-0787 | The clone_file function in transfer.c in Augeas before 1.0.0, when copy_if_rename_fails is set and EXDEV or EBUSY is returned by the rename function, allows local users to overwrite arbitrary files and obtain sensitive information via a bind mount on the (1) .augsave or (2) destination file when using the backup save option, or (3) .augnew file when using the newfile save option. | [email protected] | 3.7 | 0.12% | 2013-11-23 | 2026-04-29 |
| CVE-2012-0786 | The transform_save function in transform.c in Augeas before 1.0.0 allows local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on a .augnew file. | [email protected] | 3.3 | 0.05% | 2013-11-23 | 2026-04-29 |