Advancedintrusiondetectionenvironmentproject Advanced Intrusion Detection Environment
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Advancedintrusiondetectionenvironmentproject Advanced Intrusion Detection Environment.
By the Year
In 2025 there have been 2 vulnerabilities in Advancedintrusiondetectionenvironmentproject Advanced Intrusion Detection Environment with an average score of 6.2 out of ten. Advanced Intrusion Detection Environment did not have any published security vulnerabilities last year. That is, 2 more vulnerabilities have already been reported in 2025 as compared to last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 2 | 6.20 |
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 1 | 7.80 |
It may take a day or so for new Advanced Intrusion Detection Environment vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Advancedintrusiondetectionenvironmentproject Advanced Intrusion Detection Environment Security Vulnerabilities
AIDE 0.13–0.19.1 NPE crash via invalid xattrs local DoS, fixed in 0.19.2
CVE-2025-54409
6.2 - Medium
- August 14, 2025
AIDE is an advanced intrusion detection environment. From versions 0.13 to 0.19.1, there is a null pointer dereference vulnerability in AIDE. An attacker can crash the program during report printing or database listing after setting extended file attributes with an empty attribute value or with a key containing a comma. A local user might exploit this to cause a local denial of service. This issue has been patched in version 0.19.2. A workaround involves removing xattrs group from rules matching files on affected file systems.
NULL Pointer Dereference
AIDE 0.19.2: Improper Output Neutralization in File Reports (CVE-2025-54389)
CVE-2025-54389
6.2 - Medium
- August 14, 2025
AIDE is an advanced intrusion detection environment. Prior to version 0.19.2, there is an improper output neutralization vulnerability in AIDE. An attacker can craft a malicious filename by including terminal escape sequences to hide the addition or removal of the file from the report and/or tamper with the log output. A local user might exploit this to bypass the AIDE detection of malicious files. Additionally the output of extended attribute key names and symbolic links targets are also not properly neutralized. This issue has been patched in version 0.19.2. A workaround involves configuring AIDE to write the report output to a regular file, redirecting stdout to a regular file, or redirecting the log output written to stderr to a regular file.
Improper Output Neutralization for Logs
AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such as XFS extended attributes or tmpfs ACLs)
CVE-2021-45417
7.8 - High
- January 20, 2022
AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such as XFS extended attributes or tmpfs ACLs), because of a heap-based buffer overflow.
Memory Corruption
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Advancedintrusiondetectionenvironmentproject Advanced Intrusion Detection Environment or by Advancedintrusiondetectionenvironmentproject? Click the Watch button to subscribe.
