CVSS: 3.3EPSS: 0%CPEs: 19EXPL: 0CVE-2014-2524
https://notcve.org/view.php?id=CVE-2014-2524
The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file. La función _rl_tropen en util.c en GNU readline anterior a 6.3 patch 3 permite a usuarios locales crear o sobrescribir ficheros arbitrarios a través de un ataque de enlace simbólico sobre un fichero /var/tmp/rltrace.[PID]. • http://advisories.mageia.org/MGASA-2014-0319.html http://lists.gnu.org/archive/html/bug-readline/2014-03/msg00057.html http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00037.html http://seclists.org/oss-sec/2014/q1/579 http://seclists.org/oss-sec/2014/q1/587 http://www.mandriva.com/security/advisories?name=MDVSA-2014:154 http://www.mandriva.com/security/advisories?name=MDVSA-2015:132 https://bugzilla.redhat.com/show_bug.cgi?id=1077023 https://lists.fedorapr • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 6.8EPSS: 0%CPEs: 11EXPL: 0CVE-2014-3429
https://notcve.org/view.php?id=CVE-2014-3429
IPython Notebook 0.12 through 1.x before 1.2 does not validate the origin of websocket requests, which allows remote attackers to execute arbitrary code by leveraging knowledge of the kernel id and a crafted page. IPython Notebook 0.12 hasta 1.x anterior a 1.2 no valida el origen de las solicitudes de Websockets, lo que permite a atacantes remotos ejecutar código arbitrario mediante el aprovechamiento de conocimiento del kernel id y una página manipulada. • http://advisories.mageia.org/MGASA-2014-0320.html http://lambdaops.com/cross-origin-websocket-hijacking-of-ipython http://lists.opensuse.org/opensuse-updates/2014-08/msg00039.html http://permalink.gmane.org/gmane.comp.python.ipython.devel/13198 http://seclists.org/oss-sec/2014/q3/152 http://www.mandriva.com/security/advisories?name=MDVSA-2015:160 https://bugzilla.redhat.com/show_bug.cgi?id=1119890 https://exchange.xforce.ibmcloud.com/vulnerabilities/94497 https://github.com/ipython/ipyth • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2013-4159
https://notcve.org/view.php?id=CVE-2013-4159
ctdb before 2.3 in OpenSUSE 12.3 and 13.1 does not create temporary files securely, which has unspecified impact related to "several temp file vulnerabilities" in (1) tcp/tcp_connect.c, (2) server/eventscript.c, (3) tools/ctdb_diagnostics, (4) config/gdb_backtrace, and (5) include/ctdb_private.h. ctdb anterior a 2.3 en OpenSUSE 12.3 y 13.1 no crea ficheros temporales con seguridad, lo que tiene un impacto no especificado relacionado con 'varias vulnerabilidades de ficheros temporales' en (1) tcp/tcp_connect.c, (2) server/eventscript.c, (3) tools/ctdb_diagnostics, (4) config/gdb_backtrace y (5) include/ctdb_private.h. • http://advisories.mageia.org/MGASA-2014-0274.html http://lists.opensuse.org/opensuse-updates/2014-06/msg00052.html http://wiki.samba.org/index.php/CTDB2releaseNotes#ctdb_2.5 http://www.mandriva.com/security/advisories?name=MDVSA-2015:177 http://www.openwall.com/lists/oss-security/2014/05/29/12 https://bugzilla.redhat.com/show_bug.cgi?id=986773 https://git.samba.org/?p=ctdb.git%3Ba=commitdiff%3Bh=b9b9f6738fba5c32e87cb9c36b358355b444fb9b • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 1CVE-2014-4043 – Cisco Device Hardcoded Credentials / GNU glibc / BusyBox
https://notcve.org/view.php?id=CVE-2014-4043
The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities. La función posix_spawn_file_actions_addopen en glibc anterior a 2.20 no copia su argumento de ruta de acuerdo con la especificación POSIX, lo que permite a atacantes dependientes de contexto provocar vulnerabilidades de uso después de liberación. Many Cisco devices such as Cisco RV340, Cisco RV340W, Cisco RV345, Cisco RV345P, Cisco RV260, Cisco RV260P, Cisco RV260W, Cisco 160, and Cisco 160W suffer from having hard-coded credentials, known GNU glibc, known BusyBox, and IoT Inspector identified vulnerabilities. • http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00012.html http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html http://seclists.org/fulldisclosure/2019/Jun/18 http://seclists.org/fulldisclosure/2019/Sep/7 http://www.mandriva.com/security/advisories?name=MDVSA-2014:152 http://www.securityfocus.com/bid/68006 https://bugzil • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.4EPSS: 0%CPEs: 27EXPL: 0CVE-2014-5177 – libvirt: unsafe parsing of XML documents allows libvirt DoS and/or arbitrary file read
https://notcve.org/view.php?id=CVE-2014-5177
libvirt 1.0.0 through 1.2.x before 1.2.5, when fine grained access control is enabled, allows local users to read arbitrary files via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virDomainDefineXML, (2) virNetworkCreateXML, (3) virNetworkDefineXML, (4) virStoragePoolCreateXML, (5) virStoragePoolDefineXML, (6) virStorageVolCreateXML, (7) virDomainCreateXML, (8) virNodeDeviceCreateXML, (9) virInterfaceDefineXML, (10) virStorageVolCreateXMLFrom, (11) virConnectDomainXMLFromNative, (12) virConnectDomainXMLToNative, (13) virSecretDefineXML, (14) virNWFilterDefineXML, (15) virDomainSnapshotCreateXML, (16) virDomainSaveImageDefineXML, (17) virDomainCreateXMLWithFiles, (18) virConnectCompareCPU, or (19) virConnectBaselineCPU API method, related to an XML External Entity (XXE) issue. NOTE: this issue was SPLIT from CVE-2014-0179 per ADT3 due to different affected versions of some vectors. libvirt 1.0.0 hasta 1.2.x anterior a 1.2.5, cuando el control de acceso detallado está habilitado, permite a usuarios locales leer ficheros arbitrarios a través de un documento XML manipulado que contiene una declaración de entidad externa XML en conjunto con una referencia de entidad en el método API (1) virDomainDefineXML, (2) virNetworkCreateXML, (3) virNetworkDefineXML, (4) virStoragePoolCreateXML, (5) virStoragePoolDefineXML, (6) virStorageVolCreateXML, (7) virDomainCreateXML, (8) virNodeDeviceCreateXML, (9) virInterfaceDefineXML, (10) virStorageVolCreateXMLFrom, (11) virConnectDomainXMLFromNative, (12) virConnectDomainXMLToNative, (13) virSecretDefineXML, (14) virNWFilterDefineXML, (15) virDomainSnapshotCreateXML, (16) virDomainSaveImageDefineXML, (17) virDomainCreateXMLWithFiles, (18) virConnectCompareCPU o (19) virConnectBaselineCPU, relacionado con un problema de entidad externa XML (XXE). NOTA: este problema ha sido dividido (SPLIT) del CVE-2014-0179 por ADT3 debido a las diferentes versiones afectadas de algunos vectores. It was found that libvirt passes the XML_PARSE_NOENT flag when parsing XML documents using the libxml2 library, in which case all XML entities in the parsed documents are expanded. A user able to force libvirtd to parse an XML document with an entity pointing to a file could use this flaw to read the contents of that file (limited to libvirt as shipped with Red Hat Enterprise Linux 7); parsing an XML document with an entity pointing to a special file that blocks on read access could cause libvirtd to hang indefinitely, resulting in a denial of service on the system. • http://libvirt.org/news.html http://lists.opensuse.org/opensuse-updates/2014-05/msg00048.html http://lists.opensuse.org/opensuse-updates/2014-05/msg00052.html http://rhn.redhat.com/errata/RHSA-2014-0560.html http://secunia.com/advisories/60895 http://security.gentoo.org/glsa/glsa-201412-04.xml http://security.libvirt.org/2014/0003.html http://www.ubuntu.com/usn/USN-2366-1 https://access.redhat.com/security/cve/CVE-2014-5177 https://bugzilla.redhat.com/show_bug.cg • CWE-20: Improper Input Validation CWE-611: Improper Restriction of XML External Entity Reference •