CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 1CVE-2014-5255
https://notcve.org/view.php?id=CVE-2014-5255
xcfa before 5.0.1 creates temporary files insecurely which could allow local users to launch a symlink attack and overwrite arbitrary files. Note: A different vulnerability than CVE-2014-5254. xcfa versiones anteriores a 5.0.1, crea archivos temporales de forma no segura, lo que podría permitir a usuarios locales iniciar un ataque de tipo symlink y sobrescribir archivos arbitrarios. Nota: Una vulnerabilidad diferente de CVE-2014-5254. • http://www.openwall.com/lists/oss-security/2014/08/15/4 http://www.securityfocus.com/bid/69020 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756600 https://bugs.gentoo.org/show_bug.cgi?id=CVE-2014-5255 https://exchange.xforce.ibmcloud.com/vulnerabilities/95332 https://security-tracker.debian.org/tracker/CVE-2014-5255 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 3CVE-2019-19204 – oniguruma: Heap-based buffer over-read in function fetch_interval_quantifier in regparse.c
https://notcve.org/view.php?id=CVE-2019-19204
An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function fetch_interval_quantifier (formerly known as fetch_range_quantifier) in regparse.c, PFETCH is called without checking PEND. This leads to a heap-based buffer over-read. Se detectó un problema en Oniguruma versiones 6.x anteriores a 6.9.4_rc2. En la función fetch_interval_quantifier (anteriormente conocida como fetch_range_quantifier) ?? • https://github.com/ManhNDd/CVE-2019-19204 https://github.com/tarantula-team/CVE-2019-19204 https://github.com/kkos/oniguruma/issues/162 https://github.com/kkos/oniguruma/releases/tag/v6.9.4_rc2 https://lists.debian.org/debian-lts-announce/2019/12/msg00002.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NO267PLHGYZSWX3XTRPKYBKD4J3YOU5V https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V3MBNW6Z4DOXSCNWGBLQ7OA3OGUJ44WL ht • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2014-1936
https://notcve.org/view.php?id=CVE-2014-1936
rc before 1.7.1-5 insecurely creates temporary files. rc versiones anteriores a 1.7.1-5, crea archivos temporales de manera no segura. • http://www.openwall.com/lists/oss-security/2014/02/11/1 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737125 https://security-tracker.debian.org/tracker/CVE-2014-1936 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 1CVE-2014-1935
https://notcve.org/view.php?id=CVE-2014-1935
9base 1:6-6 and 1:6-7 insecurely creates temporary files which results in predictable filenames. 9base versiones 1: 6-6 y 1: 6-7, crea archivos temporales de manera no segura que resulta en nombres de archivo predecibles. • http://www.openwall.com/lists/oss-security/2014/02/11/1 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737206 https://security-tracker.debian.org/tracker/CVE-2014-1935 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2014-0083
https://notcve.org/view.php?id=CVE-2014-0083
The Ruby net-ldap gem before 0.11 uses a weak salt when generating SSHA passwords. La gema net-ldap de Ruby versiones anteriores a 0.11 usa una sal débil cuando genera contraseñas SSHA. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0083 https://bugzilla.suse.com/show_bug.cgi?id=CVE-2014-0083 https://github.com/ruby-ldap/ruby-net-ldap/commit/b412ca05f6b430eaa1ce97ac95885b4cf187b04a https://security-tracker.debian.org/tracker/CVE-2014-0083 • CWE-916: Use of Password Hash With Insufficient Computational Effort •