CVSS: 7.5EPSS: 0%CPEs: 174EXPL: 0CVE-2014-0471 – Ubuntu Security Notice USN-2183-1
https://notcve.org/view.php?id=CVE-2014-0471
28 Apr 2014 — Directory traversal vulnerability in the unpacking functionality in dpkg before 1.15.9, 1.16.x before 1.16.13, and 1.17.x before 1.17.8 allows remote attackers to write arbitrary files via a crafted source package, related to "C-style filename quoting." Vulnerabilidad de salto de directorio en la funcionalidad de desempaquetado en dpkg anterior a 1.15.9, 1.16.x anterior a 1.16.13 y 1.17.x anterior a 1.17.8 permite a atacantes remotos escribir archivos arbitrarios a través de un paquete fuente manipulado, re... • http://www.debian.org/security/2014/dsa-2915 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.4EPSS: 0%CPEs: 10EXPL: 0CVE-2011-3152
https://notcve.org/view.php?id=CVE-2011-3152
27 Apr 2014 — DistUpgrade/DistUpgradeFetcherCore.py in Update Manager before 1:0.87.31.1, 1:0.134.x before 1:0.134.11.1, 1:0.142.x before 1:0.142.23.1, 1:0.150.x before 1:0.150.5.1, and 1:0.152.x before 1:0.152.25.5 on Ubuntu 8.04 through 11.10 does not verify the GPG signature before extracting an upgrade tarball, which allows man-in-the-middle attackers to (1) create or overwrite arbitrary files via a directory traversal attack using a crafted tar file, or (2) bypass authentication via a crafted meta-release file. Dist... • http://secunia.com/advisories/47024 • CWE-310: Cryptographic Issues •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2014-0462 – Ubuntu Security Notice USN-2191-1
https://notcve.org/view.php?id=CVE-2014-0462
25 Apr 2014 — Unspecified vulnerability in OpenJDK 6 before 6b31 on Debian GNU/Linux and Ubuntu 12.04 LTS and 10.04 LTS has unknown impact and attack vectors, a different vulnerability than CVE-2014-2405. Vulnerabilidad no especificada en OpenJDK 6 anterior a 6b31 en Debian GNU/Linux y Ubuntu 12.04 LTS y 10.04 LTS tiene impacto y vectores de ataque desconocidos, una vulnerabilidad diferente a CVE-2014-2405. Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and av... • http://secunia.com/advisories/58415 •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2014-2405 – Ubuntu Security Notice USN-2191-1
https://notcve.org/view.php?id=CVE-2014-2405
25 Apr 2014 — Unspecified vulnerability in OpenJDK 6 before 6b31 on Debian GNU/Linux and Ubuntu 12.04 LTS and 10.04 LTS has unknown impact and attack vectors, a different vulnerability than CVE-2014-0462. Vulnerabilidad no especificada en OpenJDK 6 anterior a 6b31 en Debian GNU/Linux y Ubuntu 12.04 LTS y 10.04 LTS tiene impacto y vectores de ataque desconocidos, una vulnerabilidad diferente a CVE-2014-0462. Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and av... • http://secunia.com/advisories/58415 •
CVSS: 5.6EPSS: 6%CPEs: 28EXPL: 1CVE-2014-0472 – python-django: unexpected code execution using reverse()
https://notcve.org/view.php?id=CVE-2014-0472
22 Apr 2014 — The django.core.urlresolvers.reverse function in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 allows remote attackers to import and execute arbitrary Python modules by leveraging a view that constructs URLs using user input and a "dotted Python path." La función django.core.urlresolvers.reverse en Django anterior a 1.4.11, 1.5.x anterior a 1.5.6, 1.6.x anterior a 1.6.3 y 1.7.x anterior a 1.7 beta 2 permite a atacantes remotos importar y ejecutar módulos Python ar... • https://github.com/christasa/CVE-2014-0472 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 5%CPEs: 28EXPL: 0CVE-2014-0474 – python-django: MySQL typecasting
https://notcve.org/view.php?id=CVE-2014-0474
22 Apr 2014 — The (1) FilePathField, (2) GenericIPAddressField, and (3) IPAddressField model field classes in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 do not properly perform type conversion, which allows remote attackers to have unspecified impact and vectors, related to "MySQL typecasting." Las clases de campo de modelo (1) FilePathField, (2) GenericIPAddressField y (3) IPAddressField en Django anterior a 1.4.11, 1.5.x anterior a 1.5.6, 1.6.x anterior a1.6.3 y 1.7.x ante... • http://lists.opensuse.org/opensuse-updates/2014-09/msg00023.html • CWE-399: Resource Management Errors •
CVSS: 5.3EPSS: 0%CPEs: 28EXPL: 0CVE-2014-0473 – python-django: caching of anonymous pages could reveal CSRF token
https://notcve.org/view.php?id=CVE-2014-0473
22 Apr 2014 — The caching framework in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 reuses a cached CSRF token for all anonymous users, which allows remote attackers to bypass CSRF protections by reading the CSRF cookie for anonymous users. La plataforma de caché en Django anterior a 1.4.11, 1.5.x anterior a 1.5.6, 1.6.x anterior a 1.6.3 y 1.7.x anterior a 1.7 beta 2 reutiliza un token de CSRF en caché para todos los usuarios anónimos, lo que permite a atacantes remotos evadir... • http://lists.opensuse.org/opensuse-updates/2014-09/msg00023.html • CWE-264: Permissions, Privileges, and Access Controls CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2011-3154
https://notcve.org/view.php?id=CVE-2011-3154
17 Apr 2014 — DistUpgrade/DistUpgradeViewKDE.py in Update Manager before 1:0.87.31.1, 1:0.134.x before 1:0.134.11.1, 1:0.142.x before 1:0.142.23.1, 1:0.150.x before 1:0.150.5.1, and 1:0.152.x before 1:0.152.25.5 does not properly create temporary files, which allows local users to obtain the XAUTHORITY file content for a user via a symlink attack on the temporary file. DistUpgrade/DistUpgradeViewKDE.py en Update Manager anterior a 1:0.87.31.1, 1:0.134.x anterior a 1:0.134.11.1, 1:0.142.x anterior a 1:0.142.23.1, 1:0.150.... • http://secunia.com/advisories/47024 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 9.8EPSS: 3%CPEs: 14EXPL: 0CVE-2014-2423 – OpenJDK: incorrect caching of data initialized via TCCL (JAXWS, 8026188)
https://notcve.org/view.php?id=CVE-2014-2423
16 Apr 2014 — Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0452 and CVE-2014-0458. Vulnerabilidad no especificada en Oracle Java SE 6u71, 7u51, y 8, y Java SE Embedded 7u51, permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores relacionados con JAX-WS, una vulnerabilidad diferen... • http://marc.info/?l=bugtraq&m=140852886808946&w=2 •
CVSS: 9.8EPSS: 3%CPEs: 16EXPL: 0CVE-2014-2412 – OpenJDK: AWT thread context handling (AWT, 8025010)
https://notcve.org/view.php?id=CVE-2014-2412
16 Apr 2014 — Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, SE 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT, a different vulnerability than CVE-2014-0451. Vulnerabilidad no especificada en Oracle Java SE 5.0u61, 6u71, SE 7u51, y 8, y Java SE Embedded 7u51, permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores relacionados con AWT, una vulnerabilidad diferente... • http://marc.info/?l=bugtraq&m=140852886808946&w=2 •