CVSS: 7.5EPSS: 0%CPEs: 174EXPL: 0CVE-2014-0471 – Ubuntu Security Notice USN-2183-1
https://notcve.org/view.php?id=CVE-2014-0471
28 Apr 2014 — Directory traversal vulnerability in the unpacking functionality in dpkg before 1.15.9, 1.16.x before 1.16.13, and 1.17.x before 1.17.8 allows remote attackers to write arbitrary files via a crafted source package, related to "C-style filename quoting." Vulnerabilidad de salto de directorio en la funcionalidad de desempaquetado en dpkg anterior a 1.15.9, 1.16.x anterior a 1.16.13 y 1.17.x anterior a 1.17.8 permite a atacantes remotos escribir archivos arbitrarios a través de un paquete fuente manipulado, re... • http://www.debian.org/security/2014/dsa-2915 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.4EPSS: 0%CPEs: 10EXPL: 0CVE-2011-3152
https://notcve.org/view.php?id=CVE-2011-3152
27 Apr 2014 — DistUpgrade/DistUpgradeFetcherCore.py in Update Manager before 1:0.87.31.1, 1:0.134.x before 1:0.134.11.1, 1:0.142.x before 1:0.142.23.1, 1:0.150.x before 1:0.150.5.1, and 1:0.152.x before 1:0.152.25.5 on Ubuntu 8.04 through 11.10 does not verify the GPG signature before extracting an upgrade tarball, which allows man-in-the-middle attackers to (1) create or overwrite arbitrary files via a directory traversal attack using a crafted tar file, or (2) bypass authentication via a crafted meta-release file. Dist... • http://secunia.com/advisories/47024 • CWE-310: Cryptographic Issues •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2014-2405 – Ubuntu Security Notice USN-2191-1
https://notcve.org/view.php?id=CVE-2014-2405
25 Apr 2014 — Unspecified vulnerability in OpenJDK 6 before 6b31 on Debian GNU/Linux and Ubuntu 12.04 LTS and 10.04 LTS has unknown impact and attack vectors, a different vulnerability than CVE-2014-0462. Vulnerabilidad no especificada en OpenJDK 6 anterior a 6b31 en Debian GNU/Linux y Ubuntu 12.04 LTS y 10.04 LTS tiene impacto y vectores de ataque desconocidos, una vulnerabilidad diferente a CVE-2014-0462. Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and av... • http://secunia.com/advisories/58415 •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2014-0462 – Ubuntu Security Notice USN-2191-1
https://notcve.org/view.php?id=CVE-2014-0462
25 Apr 2014 — Unspecified vulnerability in OpenJDK 6 before 6b31 on Debian GNU/Linux and Ubuntu 12.04 LTS and 10.04 LTS has unknown impact and attack vectors, a different vulnerability than CVE-2014-2405. Vulnerabilidad no especificada en OpenJDK 6 anterior a 6b31 en Debian GNU/Linux y Ubuntu 12.04 LTS y 10.04 LTS tiene impacto y vectores de ataque desconocidos, una vulnerabilidad diferente a CVE-2014-2405. Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and av... • http://secunia.com/advisories/58415 •
CVSS: 5.6EPSS: 6%CPEs: 28EXPL: 1CVE-2014-0472 – python-django: unexpected code execution using reverse()
https://notcve.org/view.php?id=CVE-2014-0472
22 Apr 2014 — The django.core.urlresolvers.reverse function in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 allows remote attackers to import and execute arbitrary Python modules by leveraging a view that constructs URLs using user input and a "dotted Python path." La función django.core.urlresolvers.reverse en Django anterior a 1.4.11, 1.5.x anterior a 1.5.6, 1.6.x anterior a 1.6.3 y 1.7.x anterior a 1.7 beta 2 permite a atacantes remotos importar y ejecutar módulos Python ar... • https://github.com/christasa/CVE-2014-0472 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: 28EXPL: 0CVE-2014-0473 – python-django: caching of anonymous pages could reveal CSRF token
https://notcve.org/view.php?id=CVE-2014-0473
22 Apr 2014 — The caching framework in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 reuses a cached CSRF token for all anonymous users, which allows remote attackers to bypass CSRF protections by reading the CSRF cookie for anonymous users. La plataforma de caché en Django anterior a 1.4.11, 1.5.x anterior a 1.5.6, 1.6.x anterior a 1.6.3 y 1.7.x anterior a 1.7 beta 2 reutiliza un token de CSRF en caché para todos los usuarios anónimos, lo que permite a atacantes remotos evadir... • http://lists.opensuse.org/opensuse-updates/2014-09/msg00023.html • CWE-264: Permissions, Privileges, and Access Controls CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 5%CPEs: 28EXPL: 0CVE-2014-0474 – python-django: MySQL typecasting
https://notcve.org/view.php?id=CVE-2014-0474
22 Apr 2014 — The (1) FilePathField, (2) GenericIPAddressField, and (3) IPAddressField model field classes in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 do not properly perform type conversion, which allows remote attackers to have unspecified impact and vectors, related to "MySQL typecasting." Las clases de campo de modelo (1) FilePathField, (2) GenericIPAddressField y (3) IPAddressField en Django anterior a 1.4.11, 1.5.x anterior a 1.5.6, 1.6.x anterior a1.6.3 y 1.7.x ante... • http://lists.opensuse.org/opensuse-updates/2014-09/msg00023.html • CWE-399: Resource Management Errors •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2011-3154
https://notcve.org/view.php?id=CVE-2011-3154
17 Apr 2014 — DistUpgrade/DistUpgradeViewKDE.py in Update Manager before 1:0.87.31.1, 1:0.134.x before 1:0.134.11.1, 1:0.142.x before 1:0.142.23.1, 1:0.150.x before 1:0.150.5.1, and 1:0.152.x before 1:0.152.25.5 does not properly create temporary files, which allows local users to obtain the XAUTHORITY file content for a user via a symlink attack on the temporary file. DistUpgrade/DistUpgradeViewKDE.py en Update Manager anterior a 1:0.87.31.1, 1:0.134.x anterior a 1:0.134.11.1, 1:0.142.x anterior a 1:0.142.23.1, 1:0.150.... • http://secunia.com/advisories/47024 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 9.8EPSS: 0%CPEs: 22EXPL: 0CVE-2014-2398 – OpenJDK: insufficient escaping of window title string (Javadoc, 8026736)
https://notcve.org/view.php?id=CVE-2014-2398
16 Apr 2014 — Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and JRockit R27.8.1 and R28.3.1 allows remote authenticated users to affect integrity via unknown vectors related to Javadoc. Vulnerabilidad no especificada en Oracle Java SE 5.0u61, 6u71, 7u51, y 8; JavaFX 2.2.51; y JRockit R27.8.1 y R28.3.1 permite a usuarios autenticados remotamente afectar a la integridad a través de vectores relacionados con Javadoc. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime E... • http://marc.info/?l=bugtraq&m=140852886808946&w=2 •
CVSS: 7.5EPSS: 2%CPEs: 14EXPL: 0CVE-2014-2403 – OpenJDK: JAXP CharInfo file access restriction (JAXP, 8029282)
https://notcve.org/view.php?id=CVE-2014-2403
16 Apr 2014 — Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality via vectors related to JAXP. Vulnerabilidad no especificada en Oracle Java SE 6u71, 7u51, y 8, y Java SE Embedded 7u51, permite a atacantes remotos afectar la confidencialidad a través de vectores relacionados con JAXP. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An input validation flaw... • http://marc.info/?l=bugtraq&m=140852886808946&w=2 •