CVSS: 7.8EPSS: 2%CPEs: 85EXPL: 0CVE-2014-3169 – Debian Security Advisory 3039-1
https://notcve.org/view.php?id=CVE-2014-3169
27 Aug 2014 — Use-after-free vulnerability in core/dom/ContainerNode.cpp in the DOM implementation in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging script execution that occurs before notification of node removal. Vulnerabilidad de uso después de liberación en core/dom/ContainerNode.cpp en la implementación DOM en Blink, utilizado en Google Chrome anterior a 37.0.2062.94, permite a atacantes remotos causar ... • http://googlechromereleases.blogspot.com/2014/08/stable-channel-update_26.html •
CVSS: 5.8EPSS: 0%CPEs: 42EXPL: 0CVE-2014-0480 – Mandriva Linux Security Advisory 2014-179
https://notcve.org/view.php?id=CVE-2014-0480
25 Aug 2014 — The core.urlresolvers.reverse function in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not properly validate URLs, which allows remote attackers to conduct phishing attacks via a // (slash slash) in a URL, which triggers a scheme-relative URL to be generated. La función core.urlresolvers.reverse en Django anterior a 1.4.14, 1.5.x anterior a 1.5.9, 1.6.x anterior a 1.6.6, y 1.7 anterior a release candidate 3 no valida debidamente las URLs, lo que permi... • http://lists.opensuse.org/opensuse-updates/2014-09/msg00023.html • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 1%CPEs: 43EXPL: 0CVE-2014-0481 – Mandriva Linux Security Advisory 2014-179
https://notcve.org/view.php?id=CVE-2014-0481
25 Aug 2014 — The default configuration for the file upload handling system in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 uses a sequential file name generation process when a file with a conflicting name is uploaded, which allows remote attackers to cause a denial of service (CPU consumption) by unloading a multiple files with the same name. La configuración por defecto para el sistema del manejo de la subida de ficheros en Django anterior a 1.4.14, 1.5.x anterior a ... • http://lists.opensuse.org/opensuse-updates/2014-09/msg00023.html • CWE-399: Resource Management Errors •
CVSS: 6.0EPSS: 0%CPEs: 42EXPL: 0CVE-2014-0482 – Mandriva Linux Security Advisory 2014-179
https://notcve.org/view.php?id=CVE-2014-0482
25 Aug 2014 — The contrib.auth.middleware.RemoteUserMiddleware middleware in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3, when using the contrib.auth.backends.RemoteUserBackend backend, allows remote authenticated users to hijack web sessions via vectors related to the REMOTE_USER header. El middleware contrib.auth.middleware.RemoteUserMiddleware en Django anterior a 1.4.14, 1.5.x anterior a 1.5.9, 1.6.x anterior a 1.6.6, y 1.7 anterior a release candidate 3, cuando ut... • http://lists.opensuse.org/opensuse-updates/2014-09/msg00023.html • CWE-287: Improper Authentication •
CVSS: 3.5EPSS: 0%CPEs: 42EXPL: 1CVE-2014-0483 – Mandriva Linux Security Advisory 2014-179
https://notcve.org/view.php?id=CVE-2014-0483
25 Aug 2014 — The administrative interface (contrib.admin) in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not check if a field represents a relationship between models, which allows remote authenticated users to obtain sensitive information via a to_field parameter in a popup action to an admin change form page, as demonstrated by a /admin/auth/user/?pop=1&t=password URI. La interfaz administrativa (contrib.admin) en Django anterior a 1.4.14, 1.5.x anterior a 1.5.... • http://lists.opensuse.org/opensuse-updates/2014-09/msg00023.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.9EPSS: 1%CPEs: 72EXPL: 0CVE-2014-3522 – Ubuntu Security Notice USN-2316-1
https://notcve.org/view.php?id=CVE-2014-3522
14 Aug 2014 — The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate. La capa Serf RA en Apache Subversion 1.4.0 hasta 1.7.x anterior a 1.7.18 y 1.8.x anterior a 1.8.10 no maneja debidamente los comodines (wildcards) en el campo Common Name (CN) o subjectAltName de un certificado X.509, lo ... • http://lists.apple.com/archives/security-announce/2015/Mar/msg00003.html • CWE-297: Improper Validation of Certificate with Host Mismatch •
CVSS: 7.4EPSS: 3%CPEs: 103EXPL: 0CVE-2014-3528 – subversion: credentials leak via MD5 collision
https://notcve.org/view.php?id=CVE-2014-3528
14 Aug 2014 — Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted authentication realm. Apache Subversion 1.0.0 hasta 1.7.x anterior a 1.7.17 y 1.8.x anterior a 1.8.10 utiliza un hash MD5 de la URL y el reino (realm) de la autenticación para almacenar las credenciales de caché, lo que facilita a servidores remotos obtener credenciales a ... • http://lists.apple.com/archives/security-announce/2015/Mar/msg00003.html • CWE-201: Insertion of Sensitive Information Into Sent Data CWE-255: Credentials Management Errors •
CVSS: 5.5EPSS: 0%CPEs: 19EXPL: 0CVE-2014-2524 – Mandriva Linux Security Advisory 2014-154
https://notcve.org/view.php?id=CVE-2014-2524
08 Aug 2014 — The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file. La función _rl_tropen en util.c en GNU readline anterior a 6.3 patch 3 permite a usuarios locales crear o sobrescribir ficheros arbitrarios a través de un ataque de enlace simbólico sobre un fichero /var/tmp/rltrace.[PID]. Steve Kemp discovered the _rl_tropen() function in readline insecurely handled a temporary file. • http://advisories.mageia.org/MGASA-2014-0319.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 0CVE-2013-4159 – Mandriva Linux Security Advisory 2015-177
https://notcve.org/view.php?id=CVE-2013-4159
06 Aug 2014 — ctdb before 2.3 in OpenSUSE 12.3 and 13.1 does not create temporary files securely, which has unspecified impact related to "several temp file vulnerabilities" in (1) tcp/tcp_connect.c, (2) server/eventscript.c, (3) tools/ctdb_diagnostics, (4) config/gdb_backtrace, and (5) include/ctdb_private.h. ctdb anterior a 2.3 en OpenSUSE 12.3 y 13.1 no crea ficheros temporales con seguridad, lo que tiene un impacto no especificado relacionado con 'varias vulnerabilidades de ficheros temporales' en (1) tcp/tcp_connect... • http://advisories.mageia.org/MGASA-2014-0274.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 27EXPL: 0CVE-2014-5177 – libvirt: unsafe parsing of XML documents allows libvirt DoS and/or arbitrary file read
https://notcve.org/view.php?id=CVE-2014-5177
03 Aug 2014 — libvirt 1.0.0 through 1.2.x before 1.2.5, when fine grained access control is enabled, allows local users to read arbitrary files via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virDomainDefineXML, (2) virNetworkCreateXML, (3) virNetworkDefineXML, (4) virStoragePoolCreateXML, (5) virStoragePoolDefineXML, (6) virStorageVolCreateXML, (7) virDomainCreateXML, (8) virNodeDeviceCreateXML, (9) virInterfaceDefineXML, (10) virStorageVolCreat... • http://libvirt.org/news.html • CWE-20: Improper Input Validation CWE-611: Improper Restriction of XML External Entity Reference •