Vulnerabilites related to mageia_project - mageia
CVE-2014-3533 (GCVE-0-2014-3533)
Vulnerability from cvelistv5
Published
2014-07-19 19:00
Modified
2024-08-06 10:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service (disconnect) via a certain sequence of crafted messages that cause the dbus-daemon to forward a message containing an invalid file descriptor.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:50:16.803Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "59798",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59798"
},
{
"name": "59611",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59611"
},
{
"name": "openSUSE-SU-2014:1239",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html"
},
{
"name": "60236",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60236"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=80469"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2014-0294.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
},
{
"name": "DSA-2971",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-2971"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=79694"
},
{
"name": "[oss-security] 20140702 CVE-2014-3532, -3533: two local DoS vulnerabilities in dbus-daemon",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2014/07/02/4"
},
{
"name": "MDVSA-2015:176",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service (disconnect) via a certain sequence of crafted messages that cause the dbus-daemon to forward a message containing an invalid file descriptor."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-12T16:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "59798",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59798"
},
{
"name": "59611",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59611"
},
{
"name": "openSUSE-SU-2014:1239",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html"
},
{
"name": "60236",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60236"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=80469"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2014-0294.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
},
{
"name": "DSA-2971",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-2971"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=79694"
},
{
"name": "[oss-security] 20140702 CVE-2014-3532, -3533: two local DoS vulnerabilities in dbus-daemon",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2014/07/02/4"
},
{
"name": "MDVSA-2015:176",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3533",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service (disconnect) via a certain sequence of crafted messages that cause the dbus-daemon to forward a message containing an invalid file descriptor."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "59798",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59798"
},
{
"name": "59611",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59611"
},
{
"name": "openSUSE-SU-2014:1239",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html"
},
{
"name": "60236",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60236"
},
{
"name": "https://bugs.freedesktop.org/show_bug.cgi?id=80469",
"refsource": "CONFIRM",
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=80469"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0294.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0294.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
},
{
"name": "DSA-2971",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2971"
},
{
"name": "https://bugs.freedesktop.org/show_bug.cgi?id=79694",
"refsource": "CONFIRM",
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=79694"
},
{
"name": "[oss-security] 20140702 CVE-2014-3532, -3533: two local DoS vulnerabilities in dbus-daemon",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/07/02/4"
},
{
"name": "MDVSA-2015:176",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-3533",
"datePublished": "2014-07-19T19:00:00",
"dateReserved": "2014-05-14T00:00:00",
"dateUpdated": "2024-08-06T10:50:16.803Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-8763 (GCVE-0-2014-8763)
Vulnerability from cvelistv5
Published
2014-10-22 14:00
Modified
2024-08-06 13:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
DokuWiki before 2014-05-05b, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a password starting with a null (\0) character and a valid user name, which triggers an unauthenticated bind.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:26:02.588Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[dokuwiki] 20140918 Fwd: Dokuwiki (maybe) security issue: Null byte poisoning in LDAP authentication",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.freelists.org/post/dokuwiki/Fwd-Dokuwiki-maybe-security-issue-Null-byte-poisoning-in-LDAP-authentication"
},
{
"name": "61983",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61983"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2014-0438.html"
},
{
"name": "[oss-security] 20141013 CVE request: various security flaws in dokuwiki",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/10/13/3"
},
{
"name": "[oss-security] 20141016 Re: CVE request: various security flaws in dokuwiki",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/10/16/9"
},
{
"name": "DSA-3059",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3059"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/splitbrain/dokuwiki/pull/868"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "DokuWiki before 2014-05-05b, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a password starting with a null (\\0) character and a valid user name, which triggers an unauthenticated bind."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-04-01T13:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[dokuwiki] 20140918 Fwd: Dokuwiki (maybe) security issue: Null byte poisoning in LDAP authentication",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.freelists.org/post/dokuwiki/Fwd-Dokuwiki-maybe-security-issue-Null-byte-poisoning-in-LDAP-authentication"
},
{
"name": "61983",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61983"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2014-0438.html"
},
{
"name": "[oss-security] 20141013 CVE request: various security flaws in dokuwiki",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/10/13/3"
},
{
"name": "[oss-security] 20141016 Re: CVE request: various security flaws in dokuwiki",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/10/16/9"
},
{
"name": "DSA-3059",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3059"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/splitbrain/dokuwiki/pull/868"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-8763",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DokuWiki before 2014-05-05b, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a password starting with a null (\\0) character and a valid user name, which triggers an unauthenticated bind."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[dokuwiki] 20140918 Fwd: Dokuwiki (maybe) security issue: Null byte poisoning in LDAP authentication",
"refsource": "MLIST",
"url": "http://www.freelists.org/post/dokuwiki/Fwd-Dokuwiki-maybe-security-issue-Null-byte-poisoning-in-LDAP-authentication"
},
{
"name": "61983",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61983"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0438.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0438.html"
},
{
"name": "[oss-security] 20141013 CVE request: various security flaws in dokuwiki",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/10/13/3"
},
{
"name": "[oss-security] 20141016 Re: CVE request: various security flaws in dokuwiki",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/10/16/9"
},
{
"name": "DSA-3059",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3059"
},
{
"name": "https://github.com/splitbrain/dokuwiki/pull/868",
"refsource": "CONFIRM",
"url": "https://github.com/splitbrain/dokuwiki/pull/868"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-8763",
"datePublished": "2014-10-22T14:00:00",
"dateReserved": "2014-10-13T00:00:00",
"dateUpdated": "2024-08-06T13:26:02.588Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-8764 (GCVE-0-2014-8764)
Vulnerability from cvelistv5
Published
2014-10-22 14:00
Modified
2024-08-06 13:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
DokuWiki 2014-05-05a and earlier, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a user name and password starting with a null (\0) character, which triggers an anonymous bind.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:26:02.463Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[dokuwiki] 20140918 Fwd: Dokuwiki (maybe) security issue: Null byte poisoning in LDAP authentication",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.freelists.org/post/dokuwiki/Fwd-Dokuwiki-maybe-security-issue-Null-byte-poisoning-in-LDAP-authentication"
},
{
"name": "61983",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61983"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2014-0438.html"
},
{
"name": "[oss-security] 20141013 CVE request: various security flaws in dokuwiki",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/10/13/3"
},
{
"name": "[oss-security] 20141016 Re: CVE request: various security flaws in dokuwiki",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/10/16/9"
},
{
"name": "DSA-3059",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3059"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/splitbrain/dokuwiki/pull/868"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "DokuWiki 2014-05-05a and earlier, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a user name and password starting with a null (\\0) character, which triggers an anonymous bind."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-04-01T13:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[dokuwiki] 20140918 Fwd: Dokuwiki (maybe) security issue: Null byte poisoning in LDAP authentication",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.freelists.org/post/dokuwiki/Fwd-Dokuwiki-maybe-security-issue-Null-byte-poisoning-in-LDAP-authentication"
},
{
"name": "61983",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61983"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2014-0438.html"
},
{
"name": "[oss-security] 20141013 CVE request: various security flaws in dokuwiki",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/10/13/3"
},
{
"name": "[oss-security] 20141016 Re: CVE request: various security flaws in dokuwiki",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/10/16/9"
},
{
"name": "DSA-3059",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3059"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/splitbrain/dokuwiki/pull/868"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-8764",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DokuWiki 2014-05-05a and earlier, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a user name and password starting with a null (\\0) character, which triggers an anonymous bind."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[dokuwiki] 20140918 Fwd: Dokuwiki (maybe) security issue: Null byte poisoning in LDAP authentication",
"refsource": "MLIST",
"url": "http://www.freelists.org/post/dokuwiki/Fwd-Dokuwiki-maybe-security-issue-Null-byte-poisoning-in-LDAP-authentication"
},
{
"name": "61983",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61983"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0438.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0438.html"
},
{
"name": "[oss-security] 20141013 CVE request: various security flaws in dokuwiki",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/10/13/3"
},
{
"name": "[oss-security] 20141016 Re: CVE request: various security flaws in dokuwiki",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/10/16/9"
},
{
"name": "DSA-3059",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3059"
},
{
"name": "https://github.com/splitbrain/dokuwiki/pull/868",
"refsource": "CONFIRM",
"url": "https://github.com/splitbrain/dokuwiki/pull/868"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-8764",
"datePublished": "2014-10-22T14:00:00",
"dateReserved": "2014-10-13T00:00:00",
"dateUpdated": "2024-08-06T13:26:02.463Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3422 (GCVE-0-2014-3422)
Vulnerability from cvelistv5
Published
2014-05-08 10:00
Modified
2024-08-06 10:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
lisp/emacs-lisp/find-gc.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file under /tmp/esrc/.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:43:05.616Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20140507 Re: CVE Request - Predictable temporary filenames in GNU Emacs",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2014/05/07/7"
},
{
"name": "MDVSA-2015:117",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:117"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2014-0250.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17428#8"
},
{
"name": "[emacs-diffs] 20140506 emacs-24 r117067: find-gc.el misc fixes",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00056.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "lisp/emacs-lisp/find-gc.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file under /tmp/esrc/."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-04-08T13:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20140507 Re: CVE Request - Predictable temporary filenames in GNU Emacs",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2014/05/07/7"
},
{
"name": "MDVSA-2015:117",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:117"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2014-0250.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17428#8"
},
{
"name": "[emacs-diffs] 20140506 emacs-24 r117067: find-gc.el misc fixes",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00056.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3422",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "lisp/emacs-lisp/find-gc.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file under /tmp/esrc/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20140507 Re: CVE Request - Predictable temporary filenames in GNU Emacs",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/05/07/7"
},
{
"name": "MDVSA-2015:117",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:117"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0250.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0250.html"
},
{
"name": "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17428#8",
"refsource": "CONFIRM",
"url": "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17428#8"
},
{
"name": "[emacs-diffs] 20140506 emacs-24 r117067: find-gc.el misc fixes",
"refsource": "MLIST",
"url": "http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00056.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3422",
"datePublished": "2014-05-08T10:00:00",
"dateReserved": "2014-05-07T00:00:00",
"dateUpdated": "2024-08-06T10:43:05.616Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9039 (GCVE-0-2014-9039)
Vulnerability from cvelistv5
Published
2014-11-25 23:00
Modified
2024-08-06 13:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
wp-login.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to reset passwords by leveraging access to an e-mail account that received a password-reset message.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:33:13.527Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3085",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3085"
},
{
"name": "[oss-security] 20141125 Re: WordPress 4.0.1 Security Release",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2014/11/25/12"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2014-0493.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://core.trac.wordpress.org/changeset/30431"
},
{
"name": "1031243",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031243"
},
{
"name": "MDVSA-2014:233",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:233"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wordpress.org/news/2014/11/wordpress-4-0-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "wp-login.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to reset passwords by leveraging access to an e-mail account that received a password-reset message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-04-28T13:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-3085",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3085"
},
{
"name": "[oss-security] 20141125 Re: WordPress 4.0.1 Security Release",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2014/11/25/12"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2014-0493.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://core.trac.wordpress.org/changeset/30431"
},
{
"name": "1031243",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031243"
},
{
"name": "MDVSA-2014:233",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:233"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wordpress.org/news/2014/11/wordpress-4-0-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9039",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "wp-login.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to reset passwords by leveraging access to an e-mail account that received a password-reset message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3085",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3085"
},
{
"name": "[oss-security] 20141125 Re: WordPress 4.0.1 Security Release",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/11/25/12"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0493.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0493.html"
},
{
"name": "http://core.trac.wordpress.org/changeset/30431",
"refsource": "CONFIRM",
"url": "http://core.trac.wordpress.org/changeset/30431"
},
{
"name": "1031243",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031243"
},
{
"name": "MDVSA-2014:233",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:233"
},
{
"name": "https://wordpress.org/news/2014/11/wordpress-4-0-1/",
"refsource": "CONFIRM",
"url": "https://wordpress.org/news/2014/11/wordpress-4-0-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9039",
"datePublished": "2014-11-25T23:00:00",
"dateReserved": "2014-11-20T00:00:00",
"dateUpdated": "2024-08-06T13:33:13.527Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9037 (GCVE-0-2014-9037)
Vulnerability from cvelistv5
Published
2014-11-25 23:00
Modified
2024-08-06 13:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to obtain access to an account idle since 2008 by leveraging an improper PHP dynamic type comparison for an MD5 hash.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:33:13.510Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3085",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3085"
},
{
"name": "[oss-security] 20141125 Re: WordPress 4.0.1 Security Release",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2014/11/25/12"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2014-0493.html"
},
{
"name": "1031243",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031243"
},
{
"name": "MDVSA-2014:233",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:233"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wordpress.org/news/2014/11/wordpress-4-0-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to obtain access to an account idle since 2008 by leveraging an improper PHP dynamic type comparison for an MD5 hash."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-04-28T13:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-3085",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3085"
},
{
"name": "[oss-security] 20141125 Re: WordPress 4.0.1 Security Release",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2014/11/25/12"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2014-0493.html"
},
{
"name": "1031243",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031243"
},
{
"name": "MDVSA-2014:233",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:233"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wordpress.org/news/2014/11/wordpress-4-0-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9037",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to obtain access to an account idle since 2008 by leveraging an improper PHP dynamic type comparison for an MD5 hash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3085",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3085"
},
{
"name": "[oss-security] 20141125 Re: WordPress 4.0.1 Security Release",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/11/25/12"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0493.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0493.html"
},
{
"name": "1031243",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031243"
},
{
"name": "MDVSA-2014:233",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:233"
},
{
"name": "https://wordpress.org/news/2014/11/wordpress-4-0-1/",
"refsource": "CONFIRM",
"url": "https://wordpress.org/news/2014/11/wordpress-4-0-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9037",
"datePublished": "2014-11-25T23:00:00",
"dateReserved": "2014-11-20T00:00:00",
"dateUpdated": "2024-08-06T13:33:13.510Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-2296 (GCVE-0-2015-2296)
Vulnerability from cvelistv5
Published
2015-03-18 16:00
Modified
2024-08-06 05:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:10:16.223Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20150314 Re: CVE Request for python-requests session fixation vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/03/15/1"
},
{
"name": "FEDORA-2015-4084",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153594.html"
},
{
"name": "MDVSA-2015:133",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:133"
},
{
"name": "[oss-security] 20150314 CVE Request for python-requests session fixation vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/03/14/4"
},
{
"name": "USN-2531-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2531-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/kennethreitz/requests/commit/3bd8afbff29e50b38f889b2f688785a669b9aafc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2015-0120.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://warehouse.python.org/project/requests/2.6.0/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-04-21T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20150314 Re: CVE Request for python-requests session fixation vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/03/15/1"
},
{
"name": "FEDORA-2015-4084",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153594.html"
},
{
"name": "MDVSA-2015:133",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:133"
},
{
"name": "[oss-security] 20150314 CVE Request for python-requests session fixation vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/03/14/4"
},
{
"name": "USN-2531-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2531-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kennethreitz/requests/commit/3bd8afbff29e50b38f889b2f688785a669b9aafc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2015-0120.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://warehouse.python.org/project/requests/2.6.0/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-2296",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20150314 Re: CVE Request for python-requests session fixation vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/03/15/1"
},
{
"name": "FEDORA-2015-4084",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153594.html"
},
{
"name": "MDVSA-2015:133",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:133"
},
{
"name": "[oss-security] 20150314 CVE Request for python-requests session fixation vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/03/14/4"
},
{
"name": "USN-2531-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2531-1"
},
{
"name": "https://github.com/kennethreitz/requests/commit/3bd8afbff29e50b38f889b2f688785a669b9aafc",
"refsource": "CONFIRM",
"url": "https://github.com/kennethreitz/requests/commit/3bd8afbff29e50b38f889b2f688785a669b9aafc"
},
{
"name": "http://advisories.mageia.org/MGASA-2015-0120.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2015-0120.html"
},
{
"name": "https://warehouse.python.org/project/requests/2.6.0/",
"refsource": "CONFIRM",
"url": "https://warehouse.python.org/project/requests/2.6.0/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-2296",
"datePublished": "2015-03-18T16:00:00",
"dateReserved": "2015-03-14T00:00:00",
"dateUpdated": "2024-08-06T05:10:16.223Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3424 (GCVE-0-2014-3424)
Vulnerability from cvelistv5
Published
2014-05-08 10:00
Modified
2024-08-06 10:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
lisp/net/tramp-sh.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/tramp.##### temporary file.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:43:05.773Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20140507 Re: CVE Request - Predictable temporary filenames in GNU Emacs",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2014/05/07/7"
},
{
"name": "[emacs-diffs] 20140506 emacs-24 r117071: Fix Bug#17415.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00060.html"
},
{
"name": "MDVSA-2015:117",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:117"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2014-0250.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17428#8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "lisp/net/tramp-sh.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/tramp.##### temporary file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-04-08T13:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20140507 Re: CVE Request - Predictable temporary filenames in GNU Emacs",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2014/05/07/7"
},
{
"name": "[emacs-diffs] 20140506 emacs-24 r117071: Fix Bug#17415.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00060.html"
},
{
"name": "MDVSA-2015:117",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:117"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2014-0250.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17428#8"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3424",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "lisp/net/tramp-sh.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/tramp.##### temporary file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20140507 Re: CVE Request - Predictable temporary filenames in GNU Emacs",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/05/07/7"
},
{
"name": "[emacs-diffs] 20140506 emacs-24 r117071: Fix Bug#17415.",
"refsource": "MLIST",
"url": "http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00060.html"
},
{
"name": "MDVSA-2015:117",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:117"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0250.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0250.html"
},
{
"name": "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17428#8",
"refsource": "CONFIRM",
"url": "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17428#8"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3424",
"datePublished": "2014-05-08T10:00:00",
"dateReserved": "2014-05-07T00:00:00",
"dateUpdated": "2024-08-06T10:43:05.773Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9274 (GCVE-0-2014-9274)
Vulnerability from cvelistv5
Published
2014-12-09 22:52
Modified
2024-08-06 13:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
UnRTF allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code as demonstrated by a file containing the string "{\cb-999999999".
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:40:24.592Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2014-0533.html"
},
{
"name": "62811",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62811"
},
{
"name": "FEDORA-2014-17281",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147399.html"
},
{
"name": "[oss-security] 20141204 Re: CVE request: out-of-bounds memory access flaw in unrtf",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/12/04/15"
},
{
"name": "DSA-3158",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3158"
},
{
"name": "MDVSA-2015:007",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:007"
},
{
"name": "71430",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/71430"
},
{
"name": "[bug-unrtf] 20141124 out-of-bounds memory access in unrtf",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/bug-unrtf/2014-11/msg00001.html"
},
{
"name": "GLSA-201507-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201507-06"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1170233"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "UnRTF allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code as demonstrated by a file containing the string \"{\\cb-999999999\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-20T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2014-0533.html"
},
{
"name": "62811",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62811"
},
{
"name": "FEDORA-2014-17281",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147399.html"
},
{
"name": "[oss-security] 20141204 Re: CVE request: out-of-bounds memory access flaw in unrtf",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/12/04/15"
},
{
"name": "DSA-3158",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3158"
},
{
"name": "MDVSA-2015:007",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:007"
},
{
"name": "71430",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/71430"
},
{
"name": "[bug-unrtf] 20141124 out-of-bounds memory access in unrtf",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/bug-unrtf/2014-11/msg00001.html"
},
{
"name": "GLSA-201507-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201507-06"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1170233"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9274",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "UnRTF allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code as demonstrated by a file containing the string \"{\\cb-999999999\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://advisories.mageia.org/MGASA-2014-0533.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0533.html"
},
{
"name": "62811",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62811"
},
{
"name": "FEDORA-2014-17281",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147399.html"
},
{
"name": "[oss-security] 20141204 Re: CVE request: out-of-bounds memory access flaw in unrtf",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/12/04/15"
},
{
"name": "DSA-3158",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3158"
},
{
"name": "MDVSA-2015:007",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:007"
},
{
"name": "71430",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71430"
},
{
"name": "[bug-unrtf] 20141124 out-of-bounds memory access in unrtf",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/bug-unrtf/2014-11/msg00001.html"
},
{
"name": "GLSA-201507-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201507-06"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1170233",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1170233"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9274",
"datePublished": "2014-12-09T22:52:00",
"dateReserved": "2014-12-04T00:00:00",
"dateUpdated": "2024-08-06T13:40:24.592Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3421 (GCVE-0-2014-3421)
Vulnerability from cvelistv5
Published
2014-05-08 10:00
Modified
2024-08-06 10:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
lisp/gnus/gnus-fun.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on the /tmp/gnus.face.ppm temporary file.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:43:05.509Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20140507 Re: CVE Request - Predictable temporary filenames in GNU Emacs",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2014/05/07/7"
},
{
"name": "[emacs-diffs] 20140506 emacs-24 r117066: * gnus-fun.el (gnus-grab-cam-face): Do not use predictable temp-file name.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00055.html"
},
{
"name": "MDVSA-2015:117",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:117"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2014-0250.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17428#8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "lisp/gnus/gnus-fun.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on the /tmp/gnus.face.ppm temporary file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-04-08T13:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20140507 Re: CVE Request - Predictable temporary filenames in GNU Emacs",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2014/05/07/7"
},
{
"name": "[emacs-diffs] 20140506 emacs-24 r117066: * gnus-fun.el (gnus-grab-cam-face): Do not use predictable temp-file name.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00055.html"
},
{
"name": "MDVSA-2015:117",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:117"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2014-0250.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17428#8"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3421",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "lisp/gnus/gnus-fun.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on the /tmp/gnus.face.ppm temporary file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20140507 Re: CVE Request - Predictable temporary filenames in GNU Emacs",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/05/07/7"
},
{
"name": "[emacs-diffs] 20140506 emacs-24 r117066: * gnus-fun.el (gnus-grab-cam-face): Do not use predictable temp-file name.",
"refsource": "MLIST",
"url": "http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00055.html"
},
{
"name": "MDVSA-2015:117",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:117"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0250.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0250.html"
},
{
"name": "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17428#8",
"refsource": "CONFIRM",
"url": "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17428#8"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3421",
"datePublished": "2014-05-08T10:00:00",
"dateReserved": "2014-05-07T00:00:00",
"dateUpdated": "2024-08-06T10:43:05.509Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3423 (GCVE-0-2014-3423)
Vulnerability from cvelistv5
Published
2014-05-08 10:00
Modified
2024-08-06 10:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
lisp/net/browse-url.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/Mosaic.##### temporary file.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:43:06.077Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20140507 Re: CVE Request - Predictable temporary filenames in GNU Emacs",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2014/05/07/7"
},
{
"name": "[emacs-diffs] 20140506 emacs-24 r117068: browse-url.el comment",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00057.html"
},
{
"name": "MDVSA-2015:117",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:117"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2014-0250.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17428#8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "lisp/net/browse-url.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/Mosaic.##### temporary file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-04-08T13:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20140507 Re: CVE Request - Predictable temporary filenames in GNU Emacs",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2014/05/07/7"
},
{
"name": "[emacs-diffs] 20140506 emacs-24 r117068: browse-url.el comment",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00057.html"
},
{
"name": "MDVSA-2015:117",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:117"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2014-0250.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17428#8"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3423",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "lisp/net/browse-url.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/Mosaic.##### temporary file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20140507 Re: CVE Request - Predictable temporary filenames in GNU Emacs",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/05/07/7"
},
{
"name": "[emacs-diffs] 20140506 emacs-24 r117068: browse-url.el comment",
"refsource": "MLIST",
"url": "http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00057.html"
},
{
"name": "MDVSA-2015:117",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:117"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0250.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0250.html"
},
{
"name": "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17428#8",
"refsource": "MISC",
"url": "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17428#8"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3423",
"datePublished": "2014-05-08T10:00:00",
"dateReserved": "2014-05-07T00:00:00",
"dateUpdated": "2024-08-06T10:43:06.077Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-7824 (GCVE-0-2014-7824)
Vulnerability from cvelistv5
Published
2014-11-18 15:00
Modified
2024-08-06 13:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
D-Bus 1.3.0 through 1.6.x before 1.6.26, 1.8.x before 1.8.10, and 1.9.x before 1.9.2 allows local users to cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3636.1.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:03:27.015Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20141110 CVE-2014-7824: D-Bus denial of service via incomplete fix for CVE-2014-3636",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/11/10/2"
},
{
"name": "62603",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62603"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2014-0457.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=85105"
},
{
"name": "dbus-cve20147824-dos(98576)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98576"
},
{
"name": "71012",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/71012"
},
{
"name": "USN-2425-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2425-1"
},
{
"name": "DSA-3099",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3099"
},
{
"name": "MDVSA-2015:176",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "D-Bus 1.3.0 through 1.6.x before 1.6.26, 1.8.x before 1.8.10, and 1.9.x before 1.9.2 allows local users to cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3636.1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20141110 CVE-2014-7824: D-Bus denial of service via incomplete fix for CVE-2014-3636",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/11/10/2"
},
{
"name": "62603",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62603"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2014-0457.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=85105"
},
{
"name": "dbus-cve20147824-dos(98576)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98576"
},
{
"name": "71012",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/71012"
},
{
"name": "USN-2425-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2425-1"
},
{
"name": "DSA-3099",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3099"
},
{
"name": "MDVSA-2015:176",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-7824",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "D-Bus 1.3.0 through 1.6.x before 1.6.26, 1.8.x before 1.8.10, and 1.9.x before 1.9.2 allows local users to cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3636.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20141110 CVE-2014-7824: D-Bus denial of service via incomplete fix for CVE-2014-3636",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/11/10/2"
},
{
"name": "62603",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62603"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0457.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0457.html"
},
{
"name": "https://bugs.freedesktop.org/show_bug.cgi?id=85105",
"refsource": "CONFIRM",
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=85105"
},
{
"name": "dbus-cve20147824-dos(98576)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98576"
},
{
"name": "71012",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71012"
},
{
"name": "USN-2425-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2425-1"
},
{
"name": "DSA-3099",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3099"
},
{
"name": "MDVSA-2015:176",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-7824",
"datePublished": "2014-11-18T15:00:00",
"dateReserved": "2014-10-03T00:00:00",
"dateUpdated": "2024-08-06T13:03:27.015Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-4668 (GCVE-0-2014-4668)
Vulnerability from cvelistv5
Published
2014-07-02 01:00
Modified
2024-08-06 11:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The cherokee_validator_ldap_check function in validator_ldap.c in Cherokee 1.2.103 and earlier, when LDAP is used, does not properly consider unauthenticated-bind semantics, which allows remote attackers to bypass authentication via an empty password.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:27:35.278Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "68249",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68249"
},
{
"name": "[oss-security] 20140628 Re: CVE request / advisory: Cherokee",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2014/06/28/7"
},
{
"name": "FEDORA-2015-6392",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156190.html"
},
{
"name": "MDVSA-2015:225",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:225"
},
{
"name": "FEDORA-2015-6279",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156162.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/cherokee/webserver/commit/fbda667221c51f0aa476a02366e0cf66cb012f88"
},
{
"name": "[oss-security] 20140628 CVE request / advisory: Cherokee",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2014/06/28/3"
},
{
"name": "FEDORA-2015-6194",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155776.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2015-0181.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-06-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The cherokee_validator_ldap_check function in validator_ldap.c in Cherokee 1.2.103 and earlier, when LDAP is used, does not properly consider unauthenticated-bind semantics, which allows remote attackers to bypass authentication via an empty password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-30T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "68249",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68249"
},
{
"name": "[oss-security] 20140628 Re: CVE request / advisory: Cherokee",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2014/06/28/7"
},
{
"name": "FEDORA-2015-6392",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156190.html"
},
{
"name": "MDVSA-2015:225",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:225"
},
{
"name": "FEDORA-2015-6279",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156162.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/cherokee/webserver/commit/fbda667221c51f0aa476a02366e0cf66cb012f88"
},
{
"name": "[oss-security] 20140628 CVE request / advisory: Cherokee",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2014/06/28/3"
},
{
"name": "FEDORA-2015-6194",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155776.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2015-0181.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4668",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The cherokee_validator_ldap_check function in validator_ldap.c in Cherokee 1.2.103 and earlier, when LDAP is used, does not properly consider unauthenticated-bind semantics, which allows remote attackers to bypass authentication via an empty password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "68249",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68249"
},
{
"name": "[oss-security] 20140628 Re: CVE request / advisory: Cherokee",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/06/28/7"
},
{
"name": "FEDORA-2015-6392",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156190.html"
},
{
"name": "MDVSA-2015:225",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:225"
},
{
"name": "FEDORA-2015-6279",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156162.html"
},
{
"name": "https://github.com/cherokee/webserver/commit/fbda667221c51f0aa476a02366e0cf66cb012f88",
"refsource": "CONFIRM",
"url": "https://github.com/cherokee/webserver/commit/fbda667221c51f0aa476a02366e0cf66cb012f88"
},
{
"name": "[oss-security] 20140628 CVE request / advisory: Cherokee",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/06/28/3"
},
{
"name": "FEDORA-2015-6194",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155776.html"
},
{
"name": "http://advisories.mageia.org/MGASA-2015-0181.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2015-0181.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-4668",
"datePublished": "2014-07-02T01:00:00",
"dateReserved": "2014-06-26T00:00:00",
"dateUpdated": "2024-08-06T11:27:35.278Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2014-12-09 23:59
Modified
2025-04-12 10:46
Severity ?
Summary
UnRTF allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code as demonstrated by a file containing the string "{\cb-999999999".
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| unrtf_project | unrtf | * | |
| fedoraproject | fedora | 21 | |
| mageia_project | mageia | 4 | |
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:unrtf_project:unrtf:*:*:*:*:*:*:*:*",
"matchCriteriaId": "72B3570E-3CA9-47E3-9A6B-7A065C610F7C",
"versionEndIncluding": "0.21.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*",
"matchCriteriaId": "56BDB5A0-0839-4A20-A003-B8CD56F48171",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mageia_project:mageia:4:*:*:*:*:*:*:*",
"matchCriteriaId": "27086E40-75A5-4C4A-AD20-8D9B1EBB31C8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "UnRTF allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code as demonstrated by a file containing the string \"{\\cb-999999999\"."
},
{
"lang": "es",
"value": "UnRTF permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda) y posiblemente ejecutar c\u00f3digo arbitrario tal y como fue demostrado por un fichero que conten\u00eda la cadena \u0027{\\cb-999999999\u0027."
}
],
"id": "CVE-2014-9274",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-12-09T23:59:10.037",
"references": [
{
"source": "cve@mitre.org",
"url": "http://advisories.mageia.org/MGASA-2014-0533.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147399.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/62811"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2015/dsa-3158"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:007"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2014/12/04/15"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/71430"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1170233"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://lists.gnu.org/archive/html/bug-unrtf/2014-11/msg00001.html"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201507-06"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://advisories.mageia.org/MGASA-2014-0533.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147399.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/62811"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2015/dsa-3158"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:007"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2014/12/04/15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/71430"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1170233"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://lists.gnu.org/archive/html/bug-unrtf/2014-11/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201507-06"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-10-22 14:55
Modified
2025-04-12 10:46
Severity ?
Summary
DokuWiki before 2014-05-05b, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a password starting with a null (\0) character and a valid user name, which triggers an unauthenticated bind.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dokuwiki | dokuwiki | * | |
| mageia_project | mageia | 3.0 | |
| mageia_project | mageia | 4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA33BE6C-F00C-4A78-9136-EBBF9643B4F2",
"versionEndIncluding": "2014-05-05a",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mageia_project:mageia:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DBED7B92-A9D9-4B2A-A2A5-BD63C2214721",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mageia_project:mageia:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A7D2FA5A-6EC3-490B-A6A5-C498C889E30D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "DokuWiki before 2014-05-05b, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a password starting with a null (\\0) character and a valid user name, which triggers an unauthenticated bind."
},
{
"lang": "es",
"value": "DokuWiki anterior a 2014-05-05b, cuando utiliza Active Directory para la autenticaci\u00f3n LDAP, permite a atacantes remotos evadir la autenticaci\u00f3n a trav\u00e9s de una contrase\u00f1a que empiece por un caracter nulo (\\0) y un nombre de usuario v\u00e1lido, lo que provoca un bind no autenticado."
}
],
"id": "CVE-2014-8763",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-10-22T14:55:08.373",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://advisories.mageia.org/MGASA-2014-0438.html"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/61983"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2014/dsa-3059"
},
{
"source": "secalert@redhat.com",
"url": "http://www.freelists.org/post/dokuwiki/Fwd-Dokuwiki-maybe-security-issue-Null-byte-poisoning-in-LDAP-authentication"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2014/10/13/3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2014/10/16/9"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/splitbrain/dokuwiki/pull/868"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://advisories.mageia.org/MGASA-2014-0438.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/61983"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-3059"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.freelists.org/post/dokuwiki/Fwd-Dokuwiki-maybe-security-issue-Null-byte-poisoning-in-LDAP-authentication"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2014/10/13/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2014/10/16/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/splitbrain/dokuwiki/pull/868"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-07-19 19:55
Modified
2025-04-12 10:46
Severity ?
Summary
dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service (disconnect) via a certain sequence of crafted messages that cause the dbus-daemon to forward a message containing an invalid file descriptor.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| debian | debian_linux | 7.0 | |
| freedesktop | dbus | 1.3.0 | |
| freedesktop | dbus | 1.3.1 | |
| freedesktop | dbus | 1.4.0 | |
| freedesktop | dbus | 1.4.1 | |
| freedesktop | dbus | 1.4.4 | |
| freedesktop | dbus | 1.4.6 | |
| freedesktop | dbus | 1.4.8 | |
| freedesktop | dbus | 1.4.10 | |
| freedesktop | dbus | 1.4.12 | |
| freedesktop | dbus | 1.4.14 | |
| freedesktop | dbus | 1.4.16 | |
| freedesktop | dbus | 1.4.18 | |
| freedesktop | dbus | 1.4.20 | |
| freedesktop | dbus | 1.4.22 | |
| freedesktop | dbus | 1.4.24 | |
| freedesktop | dbus | 1.4.26 | |
| freedesktop | dbus | 1.5.0 | |
| freedesktop | dbus | 1.5.2 | |
| freedesktop | dbus | 1.5.4 | |
| freedesktop | dbus | 1.5.6 | |
| freedesktop | dbus | 1.5.8 | |
| freedesktop | dbus | 1.5.10 | |
| freedesktop | dbus | 1.5.12 | |
| freedesktop | dbus | 1.6.0 | |
| freedesktop | dbus | 1.6.2 | |
| freedesktop | dbus | 1.6.10 | |
| freedesktop | dbus | 1.6.12 | |
| freedesktop | dbus | 1.6.14 | |
| freedesktop | dbus | 1.6.16 | |
| freedesktop | dbus | 1.6.18 | |
| freedesktop | dbus | 1.6.20 | |
| freedesktop | dbus | 1.8.0 | |
| freedesktop | dbus | 1.8.2 | |
| freedesktop | dbus | 1.8.4 | |
| mageia_project | mageia | 3 | |
| mageia_project | mageia | 4 | |
| opensuse | opensuse | 12.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freedesktop:dbus:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "96B154C1-28B1-4C8F-8D18-9A015CE81C25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:dbus:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "357042A5-6CB3-44FD-AFAA-F626BBBA6747",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:dbus:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2D95FA2A-9CFB-4B02-A849-36431874AB7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:dbus:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EE4B9649-3F37-4700-A900-2D0EDFAB1FDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:dbus:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "70C7FEDA-AE1E-4BD9-8998-9A6C01F80277",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:dbus:1.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "71648B78-E1D4-4F74-B029-F6ECE65E84A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:dbus:1.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "AD3C815C-E979-45DF-AA05-1A2CAF4DF910",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:dbus:1.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6E72AD88-640C-4B27-9A56-570151667FD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:dbus:1.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "3D986A4B-827C-4064-9004-E4D6FA524FFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:dbus:1.4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "F7197910-4381-4D23-85A1-5348D20AAD63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:dbus:1.4.16:*:*:*:*:*:*:*",
"matchCriteriaId": "B1059BE8-1044-4DC7-9B41-E76A56225000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:dbus:1.4.18:*:*:*:*:*:*:*",
"matchCriteriaId": "2124D0C2-21A6-4C72-97B9-A53BCDA697DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:dbus:1.4.20:*:*:*:*:*:*:*",
"matchCriteriaId": "1646C38B-596F-4614-93FC-0BFB88E9F034",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:dbus:1.4.22:*:*:*:*:*:*:*",
"matchCriteriaId": "0FB75B1D-CB6D-4152-B4F2-C24A6E6F830B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:dbus:1.4.24:*:*:*:*:*:*:*",
"matchCriteriaId": "9914C4DF-2B1B-416E-BE8A-274676F8CDA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:dbus:1.4.26:*:*:*:*:*:*:*",
"matchCriteriaId": "A2126812-E627-4514-8895-177F6A139B8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:dbus:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DFC34AF2-60BD-4D52-8704-B0A4E3B9F35E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:dbus:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AA8D645B-19A4-4AF5-A667-C95F90B8F282",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:dbus:1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4E8E5358-8466-4D3A-8AE4-3EE55700140D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:dbus:1.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7B175C3A-44FC-4069-99F4-CFF78DAF6C60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:dbus:1.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "36C6830D-92D2-49EC-BD13-BA7EE7720E61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:dbus:1.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "3E33E9B8-4543-46D0-837B-DCCAC25C47E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:dbus:1.5.12:*:*:*:*:*:*:*",
"matchCriteriaId": "831CFD41-47B0-4920-B118-7AD2CAFBFA85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:dbus:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0A772FA8-668B-45AC-9813-0B5ADCE91DD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:dbus:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E155EB75-8D98-4469-98CB-81A40ABF0D9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:dbus:1.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A24ED739-0B39-4A70-B7E0-8A859759233D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:dbus:1.6.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F89DEA95-DFB8-4D75-BE65-A477972D143E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:dbus:1.6.14:*:*:*:*:*:*:*",
"matchCriteriaId": "76BCD0D9-4F06-46E7-8734-AAEE28DD1631",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:dbus:1.6.16:*:*:*:*:*:*:*",
"matchCriteriaId": "C22CA4E4-458D-465A-8272-473055A608EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:dbus:1.6.18:*:*:*:*:*:*:*",
"matchCriteriaId": "8133A184-FC2E-41AC-B2C2-EFD819B011FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:dbus:1.6.20:*:*:*:*:*:*:*",
"matchCriteriaId": "2D5009D1-BDA4-4DFC-A629-07144BDAEC93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:dbus:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9AB63C07-1022-4EEE-B419-4E0A80AE64A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:dbus:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "68B161B9-7385-4C0B-AC4D-1145E1004B74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:dbus:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6DD6AAFC-C18F-4AF5-B8D1-82F85F8421DC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mageia_project:mageia:3:*:*:*:*:*:*:*",
"matchCriteriaId": "F1911F9C-95A5-49DD-80F0-472BE92D7CDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mageia_project:mageia:4:*:*:*:*:*:*:*",
"matchCriteriaId": "EDB6C80D-ADCA-481E-B54B-3BEA3D7D3107",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DFBF430B-0832-44B0-AA0E-BA9E467F7668",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service (disconnect) via a certain sequence of crafted messages that cause the dbus-daemon to forward a message containing an invalid file descriptor."
},
{
"lang": "es",
"value": "dbus 1.3.0 anterior a 1.6.22 y 1.8.x anterior a 1.8.6 permite a usuarios locales causar una denegaci\u00f3n de servicio (desconexi\u00f3n) a trav\u00e9s de cierta secuencias de mensajes manipulados que causan que el demonio de dbus reenv\u00ede un mensaje que contiene un descriptor de ficheros inv\u00e1lido."
}
],
"id": "CVE-2014-3533",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-07-19T19:55:08.013",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://advisories.mageia.org/MGASA-2014-0294.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2014/07/02/4"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/59611"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/59798"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/60236"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2014/dsa-2971"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176"
},
{
"source": "secalert@redhat.com",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
},
{
"source": "secalert@redhat.com",
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=79694"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=80469"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://advisories.mageia.org/MGASA-2014-0294.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2014/07/02/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/59611"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/59798"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/60236"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-2971"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=79694"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=80469"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-07-02 04:14
Modified
2025-04-12 10:46
Severity ?
Summary
The cherokee_validator_ldap_check function in validator_ldap.c in Cherokee 1.2.103 and earlier, when LDAP is used, does not properly consider unauthenticated-bind semantics, which allows remote attackers to bypass authentication via an empty password.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fedoraproject | fedora | 20 | |
| fedoraproject | fedora | 21 | |
| fedoraproject | fedora | 22 | |
| mageia_project | mageia | 4 | |
| cherokee-project | cherokee | * | |
| cherokee-project | cherokee | 1.2.2 | |
| cherokee-project | cherokee | 1.2.98 | |
| cherokee-project | cherokee | 1.2.99 | |
| cherokee-project | cherokee | 1.2.101 | |
| cherokee-project | cherokee | 1.2.102 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*",
"matchCriteriaId": "FF47C9F0-D8DA-4B55-89EB-9B2C9383ADB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*",
"matchCriteriaId": "56BDB5A0-0839-4A20-A003-B8CD56F48171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*",
"matchCriteriaId": "253C303A-E577-4488-93E6-68A8DD942C38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mageia_project:mageia:4:*:*:*:*:*:*:*",
"matchCriteriaId": "EDB6C80D-ADCA-481E-B54B-3BEA3D7D3107",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D4AA7EA7-8D67-49E1-9D93-88CA97A8EFAC",
"versionEndIncluding": "1.2.103",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6D5B3C97-844D-4F58-87F4-11962A7228F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:1.2.98:*:*:*:*:*:*:*",
"matchCriteriaId": "762B5682-C942-4DC7-9C69-D0AC3D4E275C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:1.2.99:*:*:*:*:*:*:*",
"matchCriteriaId": "9FB62CE7-9FC9-4E7F-8B3D-45710949EA6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:1.2.101:*:*:*:*:*:*:*",
"matchCriteriaId": "D33D414B-0A4C-41EE-991A-788559EC3A03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:1.2.102:*:*:*:*:*:*:*",
"matchCriteriaId": "1407BB70-8D64-422F-8487-4D8B3E88963E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The cherokee_validator_ldap_check function in validator_ldap.c in Cherokee 1.2.103 and earlier, when LDAP is used, does not properly consider unauthenticated-bind semantics, which allows remote attackers to bypass authentication via an empty password."
},
{
"lang": "es",
"value": "La funci\u00f3n cherokee_validator_ldap_check en validator_ldap.c en Cherokee 1.2.103 y anteriores, cuando LDAP est\u00e1 utilizado, no considera debidamente la sem\u00e1ntica bind no autenticada, lo que permite a atacantes remotos evadir autenticaci\u00f3n a trav\u00e9s de una contrase\u00f1a vac\u00eda."
}
],
"id": "CVE-2014-4668",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-07-02T04:14:17.233",
"references": [
{
"source": "cve@mitre.org",
"url": "http://advisories.mageia.org/MGASA-2015-0181.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155776.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156162.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156190.html"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2014/06/28/3"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2014/06/28/7"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:225"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/68249"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/cherokee/webserver/commit/fbda667221c51f0aa476a02366e0cf66cb012f88"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://advisories.mageia.org/MGASA-2015-0181.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155776.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156162.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156190.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2014/06/28/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2014/06/28/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:225"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/68249"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/cherokee/webserver/commit/fbda667221c51f0aa476a02366e0cf66cb012f88"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-10-22 14:55
Modified
2025-04-12 10:46
Severity ?
Summary
DokuWiki 2014-05-05a and earlier, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a user name and password starting with a null (\0) character, which triggers an anonymous bind.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mageia_project | mageia | 3.0 | |
| mageia_project | mageia | 4.0 | |
| dokuwiki | dokuwiki | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mageia_project:mageia:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DBED7B92-A9D9-4B2A-A2A5-BD63C2214721",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mageia_project:mageia:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A7D2FA5A-6EC3-490B-A6A5-C498C889E30D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C134F2A-492D-4379-8471-DAD6569D7FF9",
"versionEndIncluding": "2013-12-08",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "DokuWiki 2014-05-05a and earlier, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a user name and password starting with a null (\\0) character, which triggers an anonymous bind."
},
{
"lang": "es",
"value": "DokuWiki 2014-05-05a y anteriores, cuando utiliza Active Directory para la autenticaci\u00f3n LDAP, permite a atacantes remotos evadir la autenticaci\u00f3n a trav\u00e9s de un nombre de usuario y una contrase\u00f1a que empiece por un caracter nulo (\\0), lo que provoca un bind an\u00f3nimo."
}
],
"id": "CVE-2014-8764",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-10-22T14:55:08.420",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://advisories.mageia.org/MGASA-2014-0438.html"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/61983"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2014/dsa-3059"
},
{
"source": "secalert@redhat.com",
"url": "http://www.freelists.org/post/dokuwiki/Fwd-Dokuwiki-maybe-security-issue-Null-byte-poisoning-in-LDAP-authentication"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2014/10/13/3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2014/10/16/9"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/splitbrain/dokuwiki/pull/868"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://advisories.mageia.org/MGASA-2014-0438.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/61983"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-3059"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.freelists.org/post/dokuwiki/Fwd-Dokuwiki-maybe-security-issue-Null-byte-poisoning-in-LDAP-authentication"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2014/10/13/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2014/10/16/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/splitbrain/dokuwiki/pull/868"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-05-08 10:55
Modified
2025-04-12 10:46
Severity ?
Summary
lisp/gnus/gnus-fun.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on the /tmp/gnus.face.ppm temporary file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mageia_project | mageia | 3 | |
| mageia_project | mageia | 4 | |
| gnu | emacs | * | |
| gnu | emacs | 20.0 | |
| gnu | emacs | 20.1 | |
| gnu | emacs | 20.2 | |
| gnu | emacs | 20.3 | |
| gnu | emacs | 20.4 | |
| gnu | emacs | 20.5 | |
| gnu | emacs | 20.6 | |
| gnu | emacs | 20.7 | |
| gnu | emacs | 21 | |
| gnu | emacs | 21.1 | |
| gnu | emacs | 21.2 | |
| gnu | emacs | 21.2.1 | |
| gnu | emacs | 21.3 | |
| gnu | emacs | 21.3.1 | |
| gnu | emacs | 21.4 | |
| gnu | emacs | 22.1 | |
| gnu | emacs | 22.2 | |
| gnu | emacs | 22.3 | |
| gnu | emacs | 23.1 | |
| gnu | emacs | 23.2 | |
| gnu | emacs | 23.3 | |
| gnu | emacs | 23.4 | |
| gnu | emacs | 24.1 | |
| gnu | emacs | 24.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mageia_project:mageia:3:*:*:*:*:*:*:*",
"matchCriteriaId": "F1911F9C-95A5-49DD-80F0-472BE92D7CDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mageia_project:mageia:4:*:*:*:*:*:*:*",
"matchCriteriaId": "EDB6C80D-ADCA-481E-B54B-3BEA3D7D3107",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:emacs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4BAE0411-D27E-49B6-8F8B-972A2E9985FC",
"versionEndIncluding": "24.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:emacs:20.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E460F3A1-71DD-4A37-9F17-6B4E5C9A46AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:emacs:20.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0F9D5B3C-7534-4DC6-BE44-91A0031FBA6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:emacs:20.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4EB2E29F-371A-43AB-8CBF-DDFABDB103BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:emacs:20.3:*:*:*:*:*:*:*",
"matchCriteriaId": "05F6124D-F3C1-4E4C-B580-85AB01833885",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:emacs:20.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9571E866-AB82-4B95-8097-ED0DA038331F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:emacs:20.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3A773690-9650-40E1-BCE3-7E020AF61BCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:emacs:20.6:*:*:*:*:*:*:*",
"matchCriteriaId": "26D9A554-CB40-461D-9C95-78051B0CA354",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:emacs:20.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0AFE5D6E-1979-4CF2-ACE0-BB6F31F80434",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:emacs:21:*:*:*:*:*:*:*",
"matchCriteriaId": "7731A395-328A-4435-A388-1419224A4256",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:emacs:21.1:*:*:*:*:*:*:*",
"matchCriteriaId": "05BDDB87-0AFF-4BDC-995A-94F221ED3641",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:emacs:21.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F9ADBEE6-3B38-4284-B9F8-37F7FFEBDE81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:emacs:21.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4389884-70D2-4915-80A7-CFA4A420A024",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:emacs:21.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EA95B19B-F35D-4644-9E75-5A138A960C10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:emacs:21.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DE5CB6EB-74D8-4CA8-8B86-08E06859E2E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:emacs:21.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FC7E9FE5-E87C-440B-A16E-327501BC8977",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:emacs:22.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9ADF55EE-0F79-414A-B701-14DDA1C9C3B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:emacs:22.2:*:*:*:*:*:*:*",
"matchCriteriaId": "37E5A757-C2C8-49D4-AFCD-156CCF4B7262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:emacs:22.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F1D047EC-2354-430D-B44C-FE8574F7617B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:emacs:23.1:*:*:*:*:*:*:*",
"matchCriteriaId": "99B66AEA-D831-4A17-A7D6-4DEDA28985C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:emacs:23.2:*:*:*:*:*:*:*",
"matchCriteriaId": "944A2F7B-375B-4466-8A98-934123C209FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:emacs:23.3:*:*:*:*:*:*:*",
"matchCriteriaId": "123EF408-7950-4856-8A8D-B5553A0FFF58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:emacs:23.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D9948287-D8A4-4B29-9240-FCD25E73B00D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:emacs:24.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ECC26DAB-A671-47BE-84DD-AD0A4CF72079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:emacs:24.2:*:*:*:*:*:*:*",
"matchCriteriaId": "38737529-7787-45AD-81FB-8571789BAEDB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "lisp/gnus/gnus-fun.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on the /tmp/gnus.face.ppm temporary file."
},
{
"lang": "es",
"value": "lisp/gnus/gnus-fun.el en GNU Emacs 24.3 y anteriores permite a usuarios locales sobrescribir archivos arbitrarios a trav\u00e9s de un ataque de enlace simb\u00f3lico sobre el archivo /tmp/gnus.face.ppm temporal."
}
],
"id": "CVE-2014-3421",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-05-08T10:55:05.217",
"references": [
{
"source": "cve@mitre.org",
"url": "http://advisories.mageia.org/MGASA-2014-0250.html"
},
{
"source": "cve@mitre.org",
"url": "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17428#8"
},
{
"source": "cve@mitre.org",
"url": "http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00055.html"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2014/05/07/7"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:117"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://advisories.mageia.org/MGASA-2014-0250.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17428#8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00055.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2014/05/07/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:117"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-11-25 23:59
Modified
2025-04-12 10:46
Severity ?
Summary
WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to obtain access to an account idle since 2008 by leveraging an improper PHP dynamic type comparison for an MD5 hash.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mageia_project | mageia | 3 | |
| mageia_project | mageia | 4 | |
| wordpress | wordpress | * | |
| wordpress | wordpress | 3.8 | |
| wordpress | wordpress | 3.8.1 | |
| wordpress | wordpress | 3.8.2 | |
| wordpress | wordpress | 3.8.3 | |
| wordpress | wordpress | 3.8.4 | |
| wordpress | wordpress | 3.9 | |
| wordpress | wordpress | 3.9.1 | |
| wordpress | wordpress | 3.9.2 | |
| wordpress | wordpress | 4.0 | |
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mageia_project:mageia:3:*:*:*:*:*:*:*",
"matchCriteriaId": "F1911F9C-95A5-49DD-80F0-472BE92D7CDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mageia_project:mageia:4:*:*:*:*:*:*:*",
"matchCriteriaId": "EDB6C80D-ADCA-481E-B54B-3BEA3D7D3107",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
"matchCriteriaId": "05E4FA51-9B8A-49E4-B6E8-A9799BE216CC",
"versionEndIncluding": "3.7.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F4D38621-9941-4D03-91D7-3902930546A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:3.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "934CC6A1-D5E4-468C-B31D-F5C7B02FCE6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:3.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BC02EF96-4F17-443C-A739-961EED916C18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:3.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C631B472-8FF2-4A93-91F1-DCA813A8520A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:3.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "57EB9FD7-7922-44A5-BB82-410B33032E59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "CC9343FA-182C-4E2E-85ED-13F0B398258A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:3.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B79DE40E-BFA7-43DA-AB42-2812FB207941",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:3.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5EED9381-2BFC-4BDA-AC4B-CBC77E8538D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E372A3D2-FCB5-4A74-840D-EC03732FCC97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to obtain access to an account idle since 2008 by leveraging an improper PHP dynamic type comparison for an MD5 hash."
},
{
"lang": "es",
"value": "WordPress anterior a 3.7.5, 3.8.x anterior a 3.8.5, 3.9.x anterior a 3.9.3, y 4.x anterior a 4.0.1 podr\u00eda permitir a atacantes remotos obtener el acceso a una cuenta ociosa desde el 2008 mediante el aprovechamiento de una comparaci\u00f3n indebida del tipo din\u00e1mico de PHP para un hash MD5."
}
],
"id": "CVE-2014-9037",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-11-25T23:59:08.193",
"references": [
{
"source": "cve@mitre.org",
"url": "http://advisories.mageia.org/MGASA-2014-0493.html"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2014/11/25/12"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2014/dsa-3085"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:233"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1031243"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://wordpress.org/news/2014/11/wordpress-4-0-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://advisories.mageia.org/MGASA-2014-0493.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2014/11/25/12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-3085"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:233"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1031243"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://wordpress.org/news/2014/11/wordpress-4-0-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-05-08 10:55
Modified
2025-04-12 10:46
Severity ?
Summary
lisp/emacs-lisp/find-gc.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file under /tmp/esrc/.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | emacs | * | |
| gnu | emacs | 20.0 | |
| gnu | emacs | 20.1 | |
| gnu | emacs | 20.2 | |
| gnu | emacs | 20.3 | |
| gnu | emacs | 20.4 | |
| gnu | emacs | 20.5 | |
| gnu | emacs | 20.6 | |
| gnu | emacs | 20.7 | |
| gnu | emacs | 21 | |
| gnu | emacs | 21.1 | |
| gnu | emacs | 21.2 | |
| gnu | emacs | 21.2.1 | |
| gnu | emacs | 21.3 | |
| gnu | emacs | 21.3.1 | |
| gnu | emacs | 21.4 | |
| gnu | emacs | 22.1 | |
| gnu | emacs | 22.2 | |
| gnu | emacs | 22.3 | |
| gnu | emacs | 23.1 | |
| gnu | emacs | 23.2 | |
| gnu | emacs | 23.3 | |
| gnu | emacs | 23.4 | |
| gnu | emacs | 24.1 | |
| gnu | emacs | 24.2 | |
| mageia_project | mageia | 3 | |
| mageia_project | mageia | 4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:emacs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4BAE0411-D27E-49B6-8F8B-972A2E9985FC",
"versionEndIncluding": "24.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:emacs:20.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E460F3A1-71DD-4A37-9F17-6B4E5C9A46AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:emacs:20.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0F9D5B3C-7534-4DC6-BE44-91A0031FBA6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:emacs:20.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4EB2E29F-371A-43AB-8CBF-DDFABDB103BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:emacs:20.3:*:*:*:*:*:*:*",
"matchCriteriaId": "05F6124D-F3C1-4E4C-B580-85AB01833885",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:emacs:20.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9571E866-AB82-4B95-8097-ED0DA038331F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:emacs:20.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3A773690-9650-40E1-BCE3-7E020AF61BCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:emacs:20.6:*:*:*:*:*:*:*",
"matchCriteriaId": "26D9A554-CB40-461D-9C95-78051B0CA354",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:emacs:20.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0AFE5D6E-1979-4CF2-ACE0-BB6F31F80434",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:emacs:21:*:*:*:*:*:*:*",
"matchCriteriaId": "7731A395-328A-4435-A388-1419224A4256",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:emacs:21.1:*:*:*:*:*:*:*",
"matchCriteriaId": "05BDDB87-0AFF-4BDC-995A-94F221ED3641",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:emacs:21.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F9ADBEE6-3B38-4284-B9F8-37F7FFEBDE81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:emacs:21.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4389884-70D2-4915-80A7-CFA4A420A024",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:emacs:21.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EA95B19B-F35D-4644-9E75-5A138A960C10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:emacs:21.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DE5CB6EB-74D8-4CA8-8B86-08E06859E2E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:emacs:21.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FC7E9FE5-E87C-440B-A16E-327501BC8977",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:emacs:22.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9ADF55EE-0F79-414A-B701-14DDA1C9C3B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:emacs:22.2:*:*:*:*:*:*:*",
"matchCriteriaId": "37E5A757-C2C8-49D4-AFCD-156CCF4B7262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:emacs:22.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F1D047EC-2354-430D-B44C-FE8574F7617B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:emacs:23.1:*:*:*:*:*:*:*",
"matchCriteriaId": "99B66AEA-D831-4A17-A7D6-4DEDA28985C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:emacs:23.2:*:*:*:*:*:*:*",
"matchCriteriaId": "944A2F7B-375B-4466-8A98-934123C209FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:emacs:23.3:*:*:*:*:*:*:*",
"matchCriteriaId": "123EF408-7950-4856-8A8D-B5553A0FFF58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:emacs:23.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D9948287-D8A4-4B29-9240-FCD25E73B00D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:emacs:24.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ECC26DAB-A671-47BE-84DD-AD0A4CF72079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:emacs:24.2:*:*:*:*:*:*:*",
"matchCriteriaId": "38737529-7787-45AD-81FB-8571789BAEDB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mageia_project:mageia:3:*:*:*:*:*:*:*",
"matchCriteriaId": "F1911F9C-95A5-49DD-80F0-472BE92D7CDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mageia_project:mageia:4:*:*:*:*:*:*:*",
"matchCriteriaId": "EDB6C80D-ADCA-481E-B54B-3BEA3D7D3107",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "lisp/emacs-lisp/find-gc.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file under /tmp/esrc/."
},
{
"lang": "es",
"value": "lisp/emacs-lisp/find-gc.el en GNU Emacs 24.3 y anteriores permite a usuarios locales sobrescribir archivos arbitrarios a trav\u00e9s de un ataque de enlace simb\u00f3lico sobre un archivo temporal bajo /tmp/esrc/."
}
],
"id": "CVE-2014-3422",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-05-08T10:55:05.310",
"references": [
{
"source": "cve@mitre.org",
"url": "http://advisories.mageia.org/MGASA-2014-0250.html"
},
{
"source": "cve@mitre.org",
"url": "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17428#8"
},
{
"source": "cve@mitre.org",
"url": "http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00056.html"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2014/05/07/7"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:117"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://advisories.mageia.org/MGASA-2014-0250.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17428#8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00056.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2014/05/07/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:117"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-11-25 23:59
Modified
2025-04-12 10:46
Severity ?
Summary
wp-login.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to reset passwords by leveraging access to an e-mail account that received a password-reset message.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 | |
| mageia_project | mageia | 3 | |
| mageia_project | mageia | 4 | |
| wordpress | wordpress | * | |
| wordpress | wordpress | 3.8 | |
| wordpress | wordpress | 3.8.1 | |
| wordpress | wordpress | 3.8.2 | |
| wordpress | wordpress | 3.8.3 | |
| wordpress | wordpress | 3.8.4 | |
| wordpress | wordpress | 3.9 | |
| wordpress | wordpress | 3.9.1 | |
| wordpress | wordpress | 3.9.2 | |
| wordpress | wordpress | 4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mageia_project:mageia:3:*:*:*:*:*:*:*",
"matchCriteriaId": "F1911F9C-95A5-49DD-80F0-472BE92D7CDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mageia_project:mageia:4:*:*:*:*:*:*:*",
"matchCriteriaId": "EDB6C80D-ADCA-481E-B54B-3BEA3D7D3107",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
"matchCriteriaId": "05E4FA51-9B8A-49E4-B6E8-A9799BE216CC",
"versionEndIncluding": "3.7.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F4D38621-9941-4D03-91D7-3902930546A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:3.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "934CC6A1-D5E4-468C-B31D-F5C7B02FCE6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:3.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BC02EF96-4F17-443C-A739-961EED916C18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:3.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C631B472-8FF2-4A93-91F1-DCA813A8520A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:3.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "57EB9FD7-7922-44A5-BB82-410B33032E59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "CC9343FA-182C-4E2E-85ED-13F0B398258A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:3.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B79DE40E-BFA7-43DA-AB42-2812FB207941",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:3.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5EED9381-2BFC-4BDA-AC4B-CBC77E8538D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E372A3D2-FCB5-4A74-840D-EC03732FCC97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "wp-login.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to reset passwords by leveraging access to an e-mail account that received a password-reset message."
},
{
"lang": "es",
"value": "wp-login.php en WordPress anterior a 3.7.5, 3.8.x anterior a 3.8.5, 3.9.x anterior a 3.9.3, y 4.x anterior a 4.0.1 podr\u00eda permitir a atacantes remotos reconfigurar las contrase\u00f1as mediante el aprovechamiento del acceso a una cuenta de email que recibi\u00f3 un mensaje de reconfiguraci\u00f3n de la contrase\u00f1a."
}
],
"id": "CVE-2014-9039",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-11-25T23:59:10.443",
"references": [
{
"source": "cve@mitre.org",
"url": "http://advisories.mageia.org/MGASA-2014-0493.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://core.trac.wordpress.org/changeset/30431"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2014/11/25/12"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2014/dsa-3085"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:233"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1031243"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://wordpress.org/news/2014/11/wordpress-4-0-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://advisories.mageia.org/MGASA-2014-0493.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://core.trac.wordpress.org/changeset/30431"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2014/11/25/12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-3085"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:233"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1031243"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://wordpress.org/news/2014/11/wordpress-4-0-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-254"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-05-08 10:55
Modified
2025-04-12 10:46
Severity ?
Summary
lisp/net/tramp-sh.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/tramp.##### temporary file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mageia_project | mageia | 3 | |
| mageia_project | mageia | 4 | |
| gnu | emacs | * | |
| gnu | emacs | 20.0 | |
| gnu | emacs | 20.1 | |
| gnu | emacs | 20.2 | |
| gnu | emacs | 20.3 | |
| gnu | emacs | 20.4 | |
| gnu | emacs | 20.5 | |
| gnu | emacs | 20.6 | |
| gnu | emacs | 20.7 | |
| gnu | emacs | 21 | |
| gnu | emacs | 21.1 | |
| gnu | emacs | 21.2 | |
| gnu | emacs | 21.2.1 | |
| gnu | emacs | 21.3 | |
| gnu | emacs | 21.3.1 | |
| gnu | emacs | 21.4 | |
| gnu | emacs | 22.1 | |
| gnu | emacs | 22.2 | |
| gnu | emacs | 22.3 | |
| gnu | emacs | 23.1 | |
| gnu | emacs | 23.2 | |
| gnu | emacs | 23.3 | |
| gnu | emacs | 23.4 | |
| gnu | emacs | 24.1 | |
| gnu | emacs | 24.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mageia_project:mageia:3:*:*:*:*:*:*:*",
"matchCriteriaId": "F1911F9C-95A5-49DD-80F0-472BE92D7CDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mageia_project:mageia:4:*:*:*:*:*:*:*",
"matchCriteriaId": "EDB6C80D-ADCA-481E-B54B-3BEA3D7D3107",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:emacs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4BAE0411-D27E-49B6-8F8B-972A2E9985FC",
"versionEndIncluding": "24.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:emacs:20.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E460F3A1-71DD-4A37-9F17-6B4E5C9A46AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:emacs:20.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0F9D5B3C-7534-4DC6-BE44-91A0031FBA6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:emacs:20.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4EB2E29F-371A-43AB-8CBF-DDFABDB103BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:emacs:20.3:*:*:*:*:*:*:*",
"matchCriteriaId": "05F6124D-F3C1-4E4C-B580-85AB01833885",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:emacs:20.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9571E866-AB82-4B95-8097-ED0DA038331F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:emacs:20.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3A773690-9650-40E1-BCE3-7E020AF61BCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:emacs:20.6:*:*:*:*:*:*:*",
"matchCriteriaId": "26D9A554-CB40-461D-9C95-78051B0CA354",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:emacs:20.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0AFE5D6E-1979-4CF2-ACE0-BB6F31F80434",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:emacs:21:*:*:*:*:*:*:*",
"matchCriteriaId": "7731A395-328A-4435-A388-1419224A4256",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:emacs:21.1:*:*:*:*:*:*:*",
"matchCriteriaId": "05BDDB87-0AFF-4BDC-995A-94F221ED3641",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:emacs:21.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F9ADBEE6-3B38-4284-B9F8-37F7FFEBDE81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:emacs:21.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4389884-70D2-4915-80A7-CFA4A420A024",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:emacs:21.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EA95B19B-F35D-4644-9E75-5A138A960C10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:emacs:21.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DE5CB6EB-74D8-4CA8-8B86-08E06859E2E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:emacs:21.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FC7E9FE5-E87C-440B-A16E-327501BC8977",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:emacs:22.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9ADF55EE-0F79-414A-B701-14DDA1C9C3B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:emacs:22.2:*:*:*:*:*:*:*",
"matchCriteriaId": "37E5A757-C2C8-49D4-AFCD-156CCF4B7262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:emacs:22.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F1D047EC-2354-430D-B44C-FE8574F7617B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:emacs:23.1:*:*:*:*:*:*:*",
"matchCriteriaId": "99B66AEA-D831-4A17-A7D6-4DEDA28985C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:emacs:23.2:*:*:*:*:*:*:*",
"matchCriteriaId": "944A2F7B-375B-4466-8A98-934123C209FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:emacs:23.3:*:*:*:*:*:*:*",
"matchCriteriaId": "123EF408-7950-4856-8A8D-B5553A0FFF58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:emacs:23.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D9948287-D8A4-4B29-9240-FCD25E73B00D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:emacs:24.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ECC26DAB-A671-47BE-84DD-AD0A4CF72079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:emacs:24.2:*:*:*:*:*:*:*",
"matchCriteriaId": "38737529-7787-45AD-81FB-8571789BAEDB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "lisp/net/tramp-sh.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/tramp.##### temporary file."
},
{
"lang": "es",
"value": "lisp/net/tramp-sh.el en GNU Emacs 24.3 y anteriores permite a usuarios locales sobrescribir archivos arbitrarios a trav\u00e9s de un ataque de enlace simb\u00f3lico sobre un archivo /tmp/tramp.##### temporal."
}
],
"id": "CVE-2014-3424",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-05-08T10:55:05.577",
"references": [
{
"source": "cve@mitre.org",
"url": "http://advisories.mageia.org/MGASA-2014-0250.html"
},
{
"source": "cve@mitre.org",
"url": "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17428#8"
},
{
"source": "cve@mitre.org",
"url": "http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00060.html"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2014/05/07/7"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:117"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://advisories.mageia.org/MGASA-2014-0250.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17428#8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00060.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2014/05/07/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:117"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-05-08 10:55
Modified
2025-04-12 10:46
Severity ?
Summary
lisp/net/browse-url.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/Mosaic.##### temporary file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mageia_project | mageia | 3 | |
| mageia_project | mageia | 4 | |
| gnu | emacs | * | |
| gnu | emacs | 20.0 | |
| gnu | emacs | 20.1 | |
| gnu | emacs | 20.2 | |
| gnu | emacs | 20.3 | |
| gnu | emacs | 20.4 | |
| gnu | emacs | 20.5 | |
| gnu | emacs | 20.6 | |
| gnu | emacs | 20.7 | |
| gnu | emacs | 21 | |
| gnu | emacs | 21.1 | |
| gnu | emacs | 21.2 | |
| gnu | emacs | 21.2.1 | |
| gnu | emacs | 21.3 | |
| gnu | emacs | 21.3.1 | |
| gnu | emacs | 21.4 | |
| gnu | emacs | 22.1 | |
| gnu | emacs | 22.2 | |
| gnu | emacs | 22.3 | |
| gnu | emacs | 23.1 | |
| gnu | emacs | 23.2 | |
| gnu | emacs | 23.3 | |
| gnu | emacs | 23.4 | |
| gnu | emacs | 24.1 | |
| gnu | emacs | 24.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mageia_project:mageia:3:*:*:*:*:*:*:*",
"matchCriteriaId": "F1911F9C-95A5-49DD-80F0-472BE92D7CDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mageia_project:mageia:4:*:*:*:*:*:*:*",
"matchCriteriaId": "EDB6C80D-ADCA-481E-B54B-3BEA3D7D3107",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:emacs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4BAE0411-D27E-49B6-8F8B-972A2E9985FC",
"versionEndIncluding": "24.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:emacs:20.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E460F3A1-71DD-4A37-9F17-6B4E5C9A46AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:emacs:20.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0F9D5B3C-7534-4DC6-BE44-91A0031FBA6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:emacs:20.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4EB2E29F-371A-43AB-8CBF-DDFABDB103BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:emacs:20.3:*:*:*:*:*:*:*",
"matchCriteriaId": "05F6124D-F3C1-4E4C-B580-85AB01833885",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:emacs:20.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9571E866-AB82-4B95-8097-ED0DA038331F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:emacs:20.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3A773690-9650-40E1-BCE3-7E020AF61BCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:emacs:20.6:*:*:*:*:*:*:*",
"matchCriteriaId": "26D9A554-CB40-461D-9C95-78051B0CA354",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:emacs:20.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0AFE5D6E-1979-4CF2-ACE0-BB6F31F80434",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:emacs:21:*:*:*:*:*:*:*",
"matchCriteriaId": "7731A395-328A-4435-A388-1419224A4256",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:emacs:21.1:*:*:*:*:*:*:*",
"matchCriteriaId": "05BDDB87-0AFF-4BDC-995A-94F221ED3641",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:emacs:21.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F9ADBEE6-3B38-4284-B9F8-37F7FFEBDE81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:emacs:21.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4389884-70D2-4915-80A7-CFA4A420A024",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:emacs:21.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EA95B19B-F35D-4644-9E75-5A138A960C10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:emacs:21.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DE5CB6EB-74D8-4CA8-8B86-08E06859E2E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:emacs:21.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FC7E9FE5-E87C-440B-A16E-327501BC8977",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:emacs:22.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9ADF55EE-0F79-414A-B701-14DDA1C9C3B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:emacs:22.2:*:*:*:*:*:*:*",
"matchCriteriaId": "37E5A757-C2C8-49D4-AFCD-156CCF4B7262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:emacs:22.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F1D047EC-2354-430D-B44C-FE8574F7617B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:emacs:23.1:*:*:*:*:*:*:*",
"matchCriteriaId": "99B66AEA-D831-4A17-A7D6-4DEDA28985C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:emacs:23.2:*:*:*:*:*:*:*",
"matchCriteriaId": "944A2F7B-375B-4466-8A98-934123C209FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:emacs:23.3:*:*:*:*:*:*:*",
"matchCriteriaId": "123EF408-7950-4856-8A8D-B5553A0FFF58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:emacs:23.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D9948287-D8A4-4B29-9240-FCD25E73B00D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:emacs:24.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ECC26DAB-A671-47BE-84DD-AD0A4CF72079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:emacs:24.2:*:*:*:*:*:*:*",
"matchCriteriaId": "38737529-7787-45AD-81FB-8571789BAEDB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "lisp/net/browse-url.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/Mosaic.##### temporary file."
},
{
"lang": "es",
"value": "lisp/net/browse-url.el en GNU Emacs 24.3 y anteriores permite a usuarios locales sobrescribir archivos arbitrarios a trav\u00e9s de un ataque de enlace simb\u00f3lico sobre un archivo /tmp/Mosaic.##### temporal."
}
],
"id": "CVE-2014-3423",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-05-08T10:55:05.417",
"references": [
{
"source": "cve@mitre.org",
"url": "http://advisories.mageia.org/MGASA-2014-0250.html"
},
{
"source": "cve@mitre.org",
"url": "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17428#8"
},
{
"source": "cve@mitre.org",
"url": "http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00057.html"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2014/05/07/7"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:117"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://advisories.mageia.org/MGASA-2014-0250.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17428#8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00057.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2014/05/07/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:117"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-03-18 16:59
Modified
2025-04-12 10:46
Severity ?
Summary
The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mageia_project | mageia | 4.0 | |
| python | requests | 2.1.0 | |
| python | requests | 2.2.1 | |
| python | requests | 2.3.0 | |
| python | requests | 2.4.0 | |
| python | requests | 2.4.1 | |
| python | requests | 2.4.2 | |
| python | requests | 2.4.3 | |
| python | requests | 2.5.0 | |
| python | requests | 2.5.1 | |
| python | requests | 2.5.2 | |
| python | requests | 2.5.3 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 14.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mageia_project:mageia:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A7D2FA5A-6EC3-490B-A6A5-C498C889E30D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:python:requests:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FEFEBF18-876A-4E3C-A30B-71577B9938CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:python:requests:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "18282B8E-738F-495C-B990-F70D0F0F8F8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:python:requests:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2DE39CDB-643B-4126-9CA2-9C50337BBF58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:python:requests:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "425B2FDF-69C3-4C0C-8972-E41EC457F791",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:python:requests:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB05BA9A-23AE-49D4-A1E7-96F8964A3BFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:python:requests:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "800BD957-9C00-41F9-BD04-485698BD55D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:python:requests:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6FA61528-1797-44A2-99FA-F24866B4A663",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:python:requests:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "544C8C6B-0532-4D06-8A50-6C629B5C48F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:python:requests:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D34A4A03-6B83-4FED-91DF-73D3DC895879",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:python:requests:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4016F80B-6EB3-4C5B-B2A6-483A24E9E70C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:python:requests:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "330946FA-38DC-4797-AEB3-0B038B828F9A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*",
"matchCriteriaId": "49A63F39-30BE-443F-AF10-6245587D3359",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect."
},
{
"lang": "es",
"value": "La funci\u00f3n resolve_redirects en sessions.py en requests 2.1.0 hasta 2.5.3 permite a atacantes remotos realizar ataques de fijaci\u00f3n de sesi\u00f3n a trav\u00e9s de una cookie sin valor de anfitri\u00f3n en una redirecci\u00f3n."
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/384.html\"\u003eCWE-384: Session Fixation\u003c/a\u003e",
"id": "CVE-2015-2296",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-03-18T16:59:03.517",
"references": [
{
"source": "cve@mitre.org",
"url": "http://advisories.mageia.org/MGASA-2015-0120.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153594.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:133"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2015/03/14/4"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2015/03/15/1"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-2531-1"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/kennethreitz/requests/commit/3bd8afbff29e50b38f889b2f688785a669b9aafc"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://warehouse.python.org/project/requests/2.6.0/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://advisories.mageia.org/MGASA-2015-0120.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153594.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:133"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/03/14/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/03/15/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2531-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/kennethreitz/requests/commit/3bd8afbff29e50b38f889b2f688785a669b9aafc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://warehouse.python.org/project/requests/2.6.0/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-11-18 15:59
Modified
2025-04-12 10:46
Severity ?
Summary
D-Bus 1.3.0 through 1.6.x before 1.6.26, 1.8.x before 1.8.10, and 1.9.x before 1.9.2 allows local users to cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3636.1.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freedesktop | dbus | 1.6.0 | |
| freedesktop | dbus | 1.6.2 | |
| freedesktop | dbus | 1.6.4 | |
| freedesktop | dbus | 1.6.6 | |
| freedesktop | dbus | 1.6.8 | |
| freedesktop | dbus | 1.6.10 | |
| freedesktop | dbus | 1.6.12 | |
| freedesktop | dbus | 1.6.14 | |
| freedesktop | dbus | 1.6.16 | |
| freedesktop | dbus | 1.6.18 | |
| freedesktop | dbus | 1.6.20 | |
| freedesktop | dbus | 1.6.22 | |
| freedesktop | dbus | 1.6.24 | |
| freedesktop | dbus | 1.8.0 | |
| freedesktop | dbus | 1.8.2 | |
| freedesktop | dbus | 1.8.4 | |
| freedesktop | dbus | 1.8.6 | |
| freedesktop | dbus | 1.8.8 | |
| freedesktop | dbus | 1.9.0 | |
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 | |
| mageia_project | mageia | 3 | |
| mageia_project | mageia | 4 | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 14.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freedesktop:dbus:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0A772FA8-668B-45AC-9813-0B5ADCE91DD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:dbus:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E155EB75-8D98-4469-98CB-81A40ABF0D9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:dbus:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4D6AF8D8-6A4E-4A42-A738-84690B6F9FDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:dbus:1.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E598FE36-ABEB-4682-950A-E462CC780F82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:dbus:1.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "EE224CED-410C-43D8-9220-0AEF5EB49C8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:dbus:1.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A24ED739-0B39-4A70-B7E0-8A859759233D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:dbus:1.6.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F89DEA95-DFB8-4D75-BE65-A477972D143E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:dbus:1.6.14:*:*:*:*:*:*:*",
"matchCriteriaId": "76BCD0D9-4F06-46E7-8734-AAEE28DD1631",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:dbus:1.6.16:*:*:*:*:*:*:*",
"matchCriteriaId": "C22CA4E4-458D-465A-8272-473055A608EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:dbus:1.6.18:*:*:*:*:*:*:*",
"matchCriteriaId": "8133A184-FC2E-41AC-B2C2-EFD819B011FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:dbus:1.6.20:*:*:*:*:*:*:*",
"matchCriteriaId": "2D5009D1-BDA4-4DFC-A629-07144BDAEC93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:dbus:1.6.22:*:*:*:*:*:*:*",
"matchCriteriaId": "1A1D15D9-89A1-4742-8613-4CFF215525DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:dbus:1.6.24:*:*:*:*:*:*:*",
"matchCriteriaId": "B38D12A6-4ED9-4510-BA44-3CD0B1A2163B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:dbus:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9AB63C07-1022-4EEE-B419-4E0A80AE64A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:dbus:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "68B161B9-7385-4C0B-AC4D-1145E1004B74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:dbus:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6DD6AAFC-C18F-4AF5-B8D1-82F85F8421DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:dbus:1.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A214F572-0572-426B-979C-22EB3A43ED6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:dbus:1.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A1664AE8-6009-4CC1-8A4A-C3E55C431018",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freedesktop:dbus:1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8E6D58E5-A652-4A45-A4A0-53B98FB8B251",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mageia_project:mageia:3:*:*:*:*:*:*:*",
"matchCriteriaId": "F1911F9C-95A5-49DD-80F0-472BE92D7CDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mageia_project:mageia:4:*:*:*:*:*:*:*",
"matchCriteriaId": "EDB6C80D-ADCA-481E-B54B-3BEA3D7D3107",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*",
"matchCriteriaId": "49A63F39-30BE-443F-AF10-6245587D3359",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "D-Bus 1.3.0 through 1.6.x before 1.6.26, 1.8.x before 1.8.10, and 1.9.x before 1.9.2 allows local users to cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3636.1."
},
{
"lang": "es",
"value": "D-Bus hasta 1.3.0 y 1.6.x antes de 1.6.26, 1.8.x antes de 1.8.10, y 1.9.x antes de 1.9.2 permite a usuarios locales provocar una denegaci\u00f3n de servicio (la prevenci\u00f3n de nuevas conexiones y ca\u00edda de conexi\u00f3n) colocando en cola el n\u00famero m\u00e1ximo de descriptores de archivos. NOTA: esta vulnerabilidad existe debido a que no se completo la soluci\u00f3n para CVE-2014 a 3.636,1."
}
],
"id": "CVE-2014-7824",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-11-18T15:59:04.017",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://advisories.mageia.org/MGASA-2014-0457.html"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/62603"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2014/dsa-3099"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.openwall.com/lists/oss-security/2014/11/10/2"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/71012"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-2425-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=85105"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98576"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://advisories.mageia.org/MGASA-2014-0457.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/62603"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-3099"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.openwall.com/lists/oss-security/2014/11/10/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/71012"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2425-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=85105"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98576"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}