CVE-2014-2524
https://notcve.org/view.php?id=CVE-2014-2524
The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file. La función _rl_tropen en util.c en GNU readline anterior a 6.3 patch 3 permite a usuarios locales crear o sobrescribir ficheros arbitrarios a través de un ataque de enlace simbólico sobre un fichero /var/tmp/rltrace.[PID]. • http://advisories.mageia.org/MGASA-2014-0319.html http://lists.gnu.org/archive/html/bug-readline/2014-03/msg00057.html http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00037.html http://seclists.org/oss-sec/2014/q1/579 http://seclists.org/oss-sec/2014/q1/587 http://www.mandriva.com/security/advisories?name=MDVSA-2014:154 http://www.mandriva.com/security/advisories?name=MDVSA-2015:132 https://bugzilla.redhat.com/show_bug.cgi?id=1077023 https://lists.fedorapr • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2014-3429
https://notcve.org/view.php?id=CVE-2014-3429
IPython Notebook 0.12 through 1.x before 1.2 does not validate the origin of websocket requests, which allows remote attackers to execute arbitrary code by leveraging knowledge of the kernel id and a crafted page. IPython Notebook 0.12 hasta 1.x anterior a 1.2 no valida el origen de las solicitudes de Websockets, lo que permite a atacantes remotos ejecutar código arbitrario mediante el aprovechamiento de conocimiento del kernel id y una página manipulada. • http://advisories.mageia.org/MGASA-2014-0320.html http://lambdaops.com/cross-origin-websocket-hijacking-of-ipython http://lists.opensuse.org/opensuse-updates/2014-08/msg00039.html http://permalink.gmane.org/gmane.comp.python.ipython.devel/13198 http://seclists.org/oss-sec/2014/q3/152 http://www.mandriva.com/security/advisories?name=MDVSA-2015:160 https://bugzilla.redhat.com/show_bug.cgi?id=1119890 https://exchange.xforce.ibmcloud.com/vulnerabilities/94497 https://github.com/ipython/ipyth • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2013-4159
https://notcve.org/view.php?id=CVE-2013-4159
ctdb before 2.3 in OpenSUSE 12.3 and 13.1 does not create temporary files securely, which has unspecified impact related to "several temp file vulnerabilities" in (1) tcp/tcp_connect.c, (2) server/eventscript.c, (3) tools/ctdb_diagnostics, (4) config/gdb_backtrace, and (5) include/ctdb_private.h. ctdb anterior a 2.3 en OpenSUSE 12.3 y 13.1 no crea ficheros temporales con seguridad, lo que tiene un impacto no especificado relacionado con 'varias vulnerabilidades de ficheros temporales' en (1) tcp/tcp_connect.c, (2) server/eventscript.c, (3) tools/ctdb_diagnostics, (4) config/gdb_backtrace y (5) include/ctdb_private.h. • http://advisories.mageia.org/MGASA-2014-0274.html http://lists.opensuse.org/opensuse-updates/2014-06/msg00052.html http://wiki.samba.org/index.php/CTDB2releaseNotes#ctdb_2.5 http://www.mandriva.com/security/advisories?name=MDVSA-2015:177 http://www.openwall.com/lists/oss-security/2014/05/29/12 https://bugzilla.redhat.com/show_bug.cgi?id=986773 https://git.samba.org/?p=ctdb.git%3Ba=commitdiff%3Bh=b9b9f6738fba5c32e87cb9c36b358355b444fb9b • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2014-3532
https://notcve.org/view.php?id=CVE-2014-3532
dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux 2.6.37-rc4 or later, allows local users to cause a denial of service (system-bus disconnect of other services or applications) by sending a message containing a file descriptor, then exceeding the maximum recursion depth before the initial message is forwarded. dbus 1.3.0 anterior a 1.6.22 y 1.8.x anterior a 1.8.6, cuando funciona en Linux 2.6.37-rc4 o posteriores, permite a usuarios locales causar una denegación de servicio (desconexión del bus del sistema de otros servicios o aplicaciones) mediante el envío de un mensaje que contiene un descriptor de ficheros, y posteriormente el exceso en la profundidad máxima de recursión antes de enviar el mensaje inicial. • http://advisories.mageia.org/MGASA-2014-0294.html http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html http://openwall.com/lists/oss-security/2014/07/02/4 http://secunia.com/advisories/59611 http://secunia.com/advisories/59798 http://secunia.com/advisories/60236 http://www.debian.org/security/2014/dsa-2971 http://www.mandriva.com/security/advisories?name=MDVSA-2015:176 http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html https://bugs.freedes • CWE-20: Improper Input Validation •
CVE-2014-3533
https://notcve.org/view.php?id=CVE-2014-3533
dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service (disconnect) via a certain sequence of crafted messages that cause the dbus-daemon to forward a message containing an invalid file descriptor. dbus 1.3.0 anterior a 1.6.22 y 1.8.x anterior a 1.8.6 permite a usuarios locales causar una denegación de servicio (desconexión) a través de cierta secuencias de mensajes manipulados que causan que el demonio de dbus reenvíe un mensaje que contiene un descriptor de ficheros inválido. • http://advisories.mageia.org/MGASA-2014-0294.html http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html http://openwall.com/lists/oss-security/2014/07/02/4 http://secunia.com/advisories/59611 http://secunia.com/advisories/59798 http://secunia.com/advisories/60236 http://www.debian.org/security/2014/dsa-2971 http://www.mandriva.com/security/advisories?name=MDVSA-2015:176 http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html https://bugs.freedes • CWE-20: Improper Input Validation •