CVSS: 7.5EPSS: 1%CPEs: 49EXPL: 1CVE-2013-2124
https://notcve.org/view.php?id=CVE-2013-2124
27 May 2014 — Double free vulnerability in inspect-fs.c in LibguestFS 1.20.x before 1.20.7, 1.21.x, 1.22.0, and 1.23.0 allows remote attackers to cause a denial of service (crash) via empty guest files. Vulnerabilidad de doble liberación en inspect-fs.c en LibguestFS 1.20.x anterior a 1.20.7, 1.21.x, 1.22.0 y 1.23.0 permite a atacantes remotos causar una denegación de servicio (caída) a través de archivos de invitados vacíos. • http://osvdb.org/93724 •
CVSS: 9.1EPSS: 0%CPEs: 4EXPL: 0CVE-2013-4419 – libguestfs: insecure temporary directory handling for guestfish's network socket
https://notcve.org/view.php?id=CVE-2013-4419
05 Nov 2013 — The guestfish command in libguestfs 1.20.12, 1.22.7, and earlier, when using the --remote or --listen option, does not properly check the ownership of /tmp/.guestfish-$UID/ when creating a temporary socket file in this directory, which allows local users to write to the socket and execute arbitrary commands by creating /tmp/.guestfish-$UID/ in advance. El comando guestfish en libguestfs 1.20.12, 1.22.7 y anteriores versiones, cuando se usa la opción --remote o --listen, no comprueba adecuadamente la propied... • http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00001.html • CWE-264: Permissions, Privileges, and Access Controls CWE-377: Insecure Temporary File •