CVSS: 7.5EPSS: 1%CPEs: 8EXPL: 0CVE-2014-4608 – kernel: lzo1x_decompress_safe() integer overflow
https://notcve.org/view.php?id=CVE-2014-4608
Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel before 3.15.2 allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Literal Run. NOTE: the author of the LZO algorithms says "the Linux kernel is *not* affected; media hype. ** DISPUTADA ** Múltiples desbordamientos de enteros en la función lzo1x_decompress_safe en lib/lzo/lzo1x_decompress_safe.c en el descompresor LZO en el kernel de Linux anterior a 3.15.2 permiten a atacantes dependientes de contexto causar una denegación de servicio (corrupción de memoria) a través de un 'Literal Run' manipulado. NOTA: el autor de los algoritmos LZO algorithms dice que 'el kernel de Linux *no* está afectado; sensacionalismo periodístico.' An integer overflow flaw was found in the way the lzo1x_decompress_safe() function of the Linux kernel's LZO implementation processed Literal Runs. A local attacker could, in extremely rare cases, use this flaw to crash the system or, potentially, escalate their privileges on the system. • http://blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-that.html http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=206a81c18401c0cde6e579164f752c4b147324ce http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html http://rhn.redhat.com/errata/RHSA-2015-0062.html http://secunia.com/advisori • CWE-190: Integer Overflow or Wraparound •
CVSS: 3.7EPSS: 0%CPEs: 5EXPL: 3CVE-2014-0476 – Chkrootkit - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2014-0476
The slapper function in chkrootkit before 0.50 does not properly quote file paths, which allows local users to execute arbitrary code via a Trojan horse executable. NOTE: this is only a vulnerability when /tmp is not mounted with the noexec option. La función slapper en chkrootkit anterior a 0.50 no cita debidamente las rutas de los ficheros de citas, lo que permite a usuarios locales ejecutar código arbitrario a través de un troyano ejecutable. NOTA: esto solamente es una vulnerabilidad cuando /tmp no está montado con la opción noexec. Chkrootkit before 0.50 will run any executable file named /tmp/update as root, allowing a trivial privsec. • https://www.exploit-db.com/exploits/38775 https://www.exploit-db.com/exploits/33899 http://osvdb.org/show/osvdb/107710 http://packetstormsecurity.com/files/134484/Chkrootkit-Local-Privilege-Escalation.html http://www.chkrootkit.org http://www.debian.org/security/2014/dsa-2945 http://www.openwall.com/lists/oss-security/2014/06/04/9 http://www.ubuntu.com/usn/USN-2230-1 https://security.gentoo.org/glsa/201709-05 https://seclists.org/oss-sec/2014/q2/430 • CWE-20: Improper Input Validation •
CVSS: 2.1EPSS: 0%CPEs: 8EXPL: 0CVE-2012-6648
https://notcve.org/view.php?id=CVE-2012-6648
gdm/guest-session-cleanup.sh in gdm-guest-session 0.24 and earlier, as used in Ubuntu Linux 10.04 LTS, 10.10, and 11.04, allows local users to delete arbitrary files via a space in the name of a file in /tmp. NOTE: this identifier was SPLIT from CVE-2012-0943 per ADT1/ADT2 due to different codebases and affected versions. CVE-2012-0943 is used for the guest-account issue. gdm/guest-session-cleanup.sh en gdm-guest-session 0.24 y anteriores, utilizado en Ubuntu Linux 10.04 LTS, 10.10 y 11.04, permite a usuarios locales eliminar archivos arbitrarios a través de un espacio en el nombre de un archivo en /tmp. NOTA: este identificador fue dividido (SPLIT) de CVE-2012-0943 por ADT1/ADT2 debido a bases de código y versiones afectadas diferentes. CVE-2012-0943 se utiliza para el asunto guest-account. • http://ubuntu.com/usn/usn-1399-1 https://bugs.launchpad.net/ubuntu/%2Bsource/lightdm/%2Bbug/953044 https://launchpadlibrarian.net/96474113/gdm-guest-session.secure-cleanup.debdiff • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 43EXPL: 0CVE-2014-3730
https://notcve.org/view.php?id=CVE-2014-3730
The django.util.http.is_safe_url function in Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly validate URLs, which allows remote attackers to conduct open redirect attacks via a malformed URL, as demonstrated by "http:\\\djangoproject.com." La función django.util.http.is_safe_url en Django 1.4 anterior a 1.4.13, 1.5 anterior a 1.5.8, 1.6 anterior a 1.6.5 y 1.7 anterior a 1.7b4 no valida debidamente URLs, lo que permite a atacantes remotos realizar ataques de redirección abierta a través de una URL malformada, tal y como fue demostrado por 'http:\\\djangoproject.com.' • http://lists.opensuse.org/opensuse-updates/2014-09/msg00023.html http://secunia.com/advisories/61281 http://ubuntu.com/usn/usn-2212-1 http://www.debian.org/security/2014/dsa-2934 http://www.openwall.com/lists/oss-security/2014/05/14/10 http://www.openwall.com/lists/oss-security/2014/05/15/3 http://www.securityfocus.com/bid/67410 https://www.djangoproject.com/weblog/2014/may/14/security-releases-issued • CWE-20: Improper Input Validation •
CVSS: 6.4EPSS: 0%CPEs: 39EXPL: 0CVE-2014-1418
https://notcve.org/view.php?id=CVE-2014-1418
Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly include the (1) Vary: Cookie or (2) Cache-Control header in responses, which allows remote attackers to obtain sensitive information or poison the cache via a request from certain browsers. Django 1.4 anterior a 1.4.13, 1.5 anterior a 1.5.8, 1.6 anterior a 1.6.5 y 1.7 anterior a 1.7b4 no incluye debidamente la cabecera (1) Vary: Cookie o (2) Cache-Control en respuestas, lo que permite a atacantes remotos obtener información sensible o envenenar la caché a través de una solicitud de ciertos navegadores. • http://lists.opensuse.org/opensuse-updates/2014-09/msg00023.html http://secunia.com/advisories/61281 http://ubuntu.com/usn/usn-2212-1 http://www.debian.org/security/2014/dsa-2934 http://www.openwall.com/lists/oss-security/2014/05/14/10 http://www.openwall.com/lists/oss-security/2014/05/15/3 https://www.djangoproject.com/weblog/2014/may/14/security-releases-issued •