CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 1CVE-2014-5255
https://notcve.org/view.php?id=CVE-2014-5255
xcfa before 5.0.1 creates temporary files insecurely which could allow local users to launch a symlink attack and overwrite arbitrary files. Note: A different vulnerability than CVE-2014-5254. xcfa versiones anteriores a 5.0.1, crea archivos temporales de forma no segura, lo que podría permitir a usuarios locales iniciar un ataque de tipo symlink y sobrescribir archivos arbitrarios. Nota: Una vulnerabilidad diferente de CVE-2014-5254. • http://www.openwall.com/lists/oss-security/2014/08/15/4 http://www.securityfocus.com/bid/69020 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756600 https://bugs.gentoo.org/show_bug.cgi?id=CVE-2014-5255 https://exchange.xforce.ibmcloud.com/vulnerabilities/95332 https://security-tracker.debian.org/tracker/CVE-2014-5255 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 1CVE-2014-5254
https://notcve.org/view.php?id=CVE-2014-5254
xcfa before 5.0.1 creates temporary files insecurely which could allow local users to launch a symlink attack and overwrite arbitrary files. xcfa versiones anteriores a 5.0.1, crea archivos temporales de forma no segura, lo que podría permitir a usuarios locales iniciar un ataque de tipo symlink y sobrescribir archivos arbitrarios. • http://www.openwall.com/lists/oss-security/2014/08/15/4 http://www.securityfocus.com/bid/69020 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756600 https://exchange.xforce.ibmcloud.com/vulnerabilities/95331 https://security-tracker.debian.org/tracker/CVE-2014-5254 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •