Vulnerabilites related to mageia_project - mageia
Vulnerability from fkie_nvd
Published
2014-12-09 23:59
Modified
2024-11-21 02:20
Severity ?
Summary
UnRTF allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code as demonstrated by a file containing the string "{\cb-999999999".
References
cve@mitre.orghttp://advisories.mageia.org/MGASA-2014-0533.html
cve@mitre.orghttp://lists.fedoraproject.org/pipermail/package-announce/2015-January/147399.html
cve@mitre.orghttp://secunia.com/advisories/62811
cve@mitre.orghttp://www.debian.org/security/2015/dsa-3158
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDVSA-2015:007
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2014/12/04/15
cve@mitre.orghttp://www.securityfocus.com/bid/71430
cve@mitre.orghttps://bugzilla.redhat.com/show_bug.cgi?id=1170233
cve@mitre.orghttps://lists.gnu.org/archive/html/bug-unrtf/2014-11/msg00001.htmlExploit, Vendor Advisory
cve@mitre.orghttps://security.gentoo.org/glsa/201507-06
af854a3a-2127-422b-91ae-364da2661108http://advisories.mageia.org/MGASA-2014-0533.html
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147399.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/62811
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2015/dsa-3158
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2015:007
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2014/12/04/15
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/71430
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=1170233
af854a3a-2127-422b-91ae-364da2661108https://lists.gnu.org/archive/html/bug-unrtf/2014-11/msg00001.htmlExploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201507-06
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:unrtf_project:unrtf:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "72B3570E-3CA9-47E3-9A6B-7A065C610F7C",
                     versionEndIncluding: "0.21.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*",
                     matchCriteriaId: "56BDB5A0-0839-4A20-A003-B8CD56F48171",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mageia_project:mageia:4:*:*:*:*:*:*:*",
                     matchCriteriaId: "27086E40-75A5-4C4A-AD20-8D9B1EBB31C8",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "16F59A04-14CF-49E2-9973-645477EA09DA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "UnRTF allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code as demonstrated by a file containing the string \"{\\cb-999999999\".",
      },
      {
         lang: "es",
         value: "UnRTF permite a atacantes remotos causar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario tal y como fue demostrado por un fichero que contenía la cadena '{\\cb-999999999'.",
      },
   ],
   id: "CVE-2014-9274",
   lastModified: "2024-11-21T02:20:31.863",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2014-12-09T23:59:10.037",
   references: [
      {
         source: "cve@mitre.org",
         url: "http://advisories.mageia.org/MGASA-2014-0533.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147399.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://secunia.com/advisories/62811",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.debian.org/security/2015/dsa-3158",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:007",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.openwall.com/lists/oss-security/2014/12/04/15",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securityfocus.com/bid/71430",
      },
      {
         source: "cve@mitre.org",
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1170233",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Vendor Advisory",
         ],
         url: "https://lists.gnu.org/archive/html/bug-unrtf/2014-11/msg00001.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://security.gentoo.org/glsa/201507-06",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://advisories.mageia.org/MGASA-2014-0533.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147399.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/62811",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.debian.org/security/2015/dsa-3158",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:007",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.openwall.com/lists/oss-security/2014/12/04/15",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/71430",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1170233",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Vendor Advisory",
         ],
         url: "https://lists.gnu.org/archive/html/bug-unrtf/2014-11/msg00001.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://security.gentoo.org/glsa/201507-06",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-119",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2014-11-25 23:59
Modified
2024-11-21 02:20
Severity ?
Summary
wp-login.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to reset passwords by leveraging access to an e-mail account that received a password-reset message.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "16F59A04-14CF-49E2-9973-645477EA09DA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:mageia_project:mageia:3:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1911F9C-95A5-49DD-80F0-472BE92D7CDA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:mageia_project:mageia:4:*:*:*:*:*:*:*",
                     matchCriteriaId: "EDB6C80D-ADCA-481E-B54B-3BEA3D7D3107",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "05E4FA51-9B8A-49E4-B6E8-A9799BE216CC",
                     versionEndIncluding: "3.7.4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:wordpress:wordpress:3.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "F4D38621-9941-4D03-91D7-3902930546A2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:wordpress:wordpress:3.8.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "934CC6A1-D5E4-468C-B31D-F5C7B02FCE6C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:wordpress:wordpress:3.8.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "BC02EF96-4F17-443C-A739-961EED916C18",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:wordpress:wordpress:3.8.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "C631B472-8FF2-4A93-91F1-DCA813A8520A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:wordpress:wordpress:3.8.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "57EB9FD7-7922-44A5-BB82-410B33032E59",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:wordpress:wordpress:3.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "CC9343FA-182C-4E2E-85ED-13F0B398258A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:wordpress:wordpress:3.9.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B79DE40E-BFA7-43DA-AB42-2812FB207941",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:wordpress:wordpress:3.9.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "5EED9381-2BFC-4BDA-AC4B-CBC77E8538D4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:wordpress:wordpress:4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "E372A3D2-FCB5-4A74-840D-EC03732FCC97",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "wp-login.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to reset passwords by leveraging access to an e-mail account that received a password-reset message.",
      },
      {
         lang: "es",
         value: "wp-login.php en WordPress anterior a 3.7.5, 3.8.x anterior a 3.8.5, 3.9.x anterior a 3.9.3, y 4.x anterior a 4.0.1 podría permitir a atacantes remotos reconfigurar las contraseñas mediante el aprovechamiento del acceso a una cuenta de email que recibió un mensaje de reconfiguración de la contraseña.",
      },
   ],
   id: "CVE-2014-9039",
   lastModified: "2024-11-21T02:20:09.083",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2014-11-25T23:59:10.443",
   references: [
      {
         source: "cve@mitre.org",
         url: "http://advisories.mageia.org/MGASA-2014-0493.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://core.trac.wordpress.org/changeset/30431",
      },
      {
         source: "cve@mitre.org",
         url: "http://openwall.com/lists/oss-security/2014/11/25/12",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.debian.org/security/2014/dsa-3085",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.mandriva.com/security/advisories?name=MDVSA-2014:233",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securitytracker.com/id/1031243",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://wordpress.org/news/2014/11/wordpress-4-0-1/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://advisories.mageia.org/MGASA-2014-0493.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://core.trac.wordpress.org/changeset/30431",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://openwall.com/lists/oss-security/2014/11/25/12",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.debian.org/security/2014/dsa-3085",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.mandriva.com/security/advisories?name=MDVSA-2014:233",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securitytracker.com/id/1031243",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://wordpress.org/news/2014/11/wordpress-4-0-1/",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-254",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2014-05-08 10:55
Modified
2024-11-21 02:08
Severity ?
Summary
lisp/gnus/gnus-fun.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on the /tmp/gnus.face.ppm temporary file.
Impacted products
Vendor Product Version
mageia_project mageia 3
mageia_project mageia 4
gnu emacs *
gnu emacs 20.0
gnu emacs 20.1
gnu emacs 20.2
gnu emacs 20.3
gnu emacs 20.4
gnu emacs 20.5
gnu emacs 20.6
gnu emacs 20.7
gnu emacs 21
gnu emacs 21.1
gnu emacs 21.2
gnu emacs 21.2.1
gnu emacs 21.3
gnu emacs 21.3.1
gnu emacs 21.4
gnu emacs 22.1
gnu emacs 22.2
gnu emacs 22.3
gnu emacs 23.1
gnu emacs 23.2
gnu emacs 23.3
gnu emacs 23.4
gnu emacs 24.1
gnu emacs 24.2



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:mageia_project:mageia:3:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1911F9C-95A5-49DD-80F0-472BE92D7CDA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:mageia_project:mageia:4:*:*:*:*:*:*:*",
                     matchCriteriaId: "EDB6C80D-ADCA-481E-B54B-3BEA3D7D3107",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:gnu:emacs:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "4BAE0411-D27E-49B6-8F8B-972A2E9985FC",
                     versionEndIncluding: "24.3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:emacs:20.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "E460F3A1-71DD-4A37-9F17-6B4E5C9A46AE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:emacs:20.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "0F9D5B3C-7534-4DC6-BE44-91A0031FBA6C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:emacs:20.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "4EB2E29F-371A-43AB-8CBF-DDFABDB103BB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:emacs:20.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "05F6124D-F3C1-4E4C-B580-85AB01833885",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:emacs:20.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "9571E866-AB82-4B95-8097-ED0DA038331F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:emacs:20.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "3A773690-9650-40E1-BCE3-7E020AF61BCD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:emacs:20.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "26D9A554-CB40-461D-9C95-78051B0CA354",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:emacs:20.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "0AFE5D6E-1979-4CF2-ACE0-BB6F31F80434",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:emacs:21:*:*:*:*:*:*:*",
                     matchCriteriaId: "7731A395-328A-4435-A388-1419224A4256",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:emacs:21.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "05BDDB87-0AFF-4BDC-995A-94F221ED3641",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:emacs:21.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "F9ADBEE6-3B38-4284-B9F8-37F7FFEBDE81",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:emacs:21.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "C4389884-70D2-4915-80A7-CFA4A420A024",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:emacs:21.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "EA95B19B-F35D-4644-9E75-5A138A960C10",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:emacs:21.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "DE5CB6EB-74D8-4CA8-8B86-08E06859E2E4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:emacs:21.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "FC7E9FE5-E87C-440B-A16E-327501BC8977",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:emacs:22.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "9ADF55EE-0F79-414A-B701-14DDA1C9C3B5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:emacs:22.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "37E5A757-C2C8-49D4-AFCD-156CCF4B7262",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:emacs:22.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1D047EC-2354-430D-B44C-FE8574F7617B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:emacs:23.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "99B66AEA-D831-4A17-A7D6-4DEDA28985C2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:emacs:23.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "944A2F7B-375B-4466-8A98-934123C209FD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:emacs:23.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "123EF408-7950-4856-8A8D-B5553A0FFF58",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:emacs:23.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "D9948287-D8A4-4B29-9240-FCD25E73B00D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:emacs:24.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ECC26DAB-A671-47BE-84DD-AD0A4CF72079",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:emacs:24.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "38737529-7787-45AD-81FB-8571789BAEDB",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "lisp/gnus/gnus-fun.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on the /tmp/gnus.face.ppm temporary file.",
      },
      {
         lang: "es",
         value: "lisp/gnus/gnus-fun.el en GNU Emacs 24.3 y anteriores permite a usuarios locales sobrescribir archivos arbitrarios a través de un ataque de enlace simbólico sobre el archivo /tmp/gnus.face.ppm temporal.",
      },
   ],
   id: "CVE-2014-3421",
   lastModified: "2024-11-21T02:08:03.473",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "LOW",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 3.3,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:L/AC:M/Au:N/C:N/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 3.4,
            impactScore: 4.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2014-05-08T10:55:05.217",
   references: [
      {
         source: "cve@mitre.org",
         url: "http://advisories.mageia.org/MGASA-2014-0250.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17428#8",
      },
      {
         source: "cve@mitre.org",
         url: "http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00055.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://openwall.com/lists/oss-security/2014/05/07/7",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:117",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://advisories.mageia.org/MGASA-2014-0250.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17428#8",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00055.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://openwall.com/lists/oss-security/2014/05/07/7",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:117",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-59",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2014-07-19 19:55
Modified
2024-11-21 02:08
Severity ?
Summary
dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service (disconnect) via a certain sequence of crafted messages that cause the dbus-daemon to forward a message containing an invalid file descriptor.
References
secalert@redhat.comhttp://advisories.mageia.org/MGASA-2014-0294.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html
secalert@redhat.comhttp://openwall.com/lists/oss-security/2014/07/02/4
secalert@redhat.comhttp://secunia.com/advisories/59611
secalert@redhat.comhttp://secunia.com/advisories/59798
secalert@redhat.comhttp://secunia.com/advisories/60236
secalert@redhat.comhttp://www.debian.org/security/2014/dsa-2971
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2015:176
secalert@redhat.comhttp://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
secalert@redhat.comhttps://bugs.freedesktop.org/show_bug.cgi?id=79694
secalert@redhat.comhttps://bugs.freedesktop.org/show_bug.cgi?id=80469Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://advisories.mageia.org/MGASA-2014-0294.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html
af854a3a-2127-422b-91ae-364da2661108http://openwall.com/lists/oss-security/2014/07/02/4
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/59611
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/59798
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/60236
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2014/dsa-2971
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2015:176
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
af854a3a-2127-422b-91ae-364da2661108https://bugs.freedesktop.org/show_bug.cgi?id=79694
af854a3a-2127-422b-91ae-364da2661108https://bugs.freedesktop.org/show_bug.cgi?id=80469Vendor Advisory



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "16F59A04-14CF-49E2-9973-645477EA09DA",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:freedesktop:dbus:1.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "96B154C1-28B1-4C8F-8D18-9A015CE81C25",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:freedesktop:dbus:1.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "357042A5-6CB3-44FD-AFAA-F626BBBA6747",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:freedesktop:dbus:1.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "2D95FA2A-9CFB-4B02-A849-36431874AB7C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:freedesktop:dbus:1.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "EE4B9649-3F37-4700-A900-2D0EDFAB1FDB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:freedesktop:dbus:1.4.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "70C7FEDA-AE1E-4BD9-8998-9A6C01F80277",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:freedesktop:dbus:1.4.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "71648B78-E1D4-4F74-B029-F6ECE65E84A7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:freedesktop:dbus:1.4.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "AD3C815C-E979-45DF-AA05-1A2CAF4DF910",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:freedesktop:dbus:1.4.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "6E72AD88-640C-4B27-9A56-570151667FD5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:freedesktop:dbus:1.4.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "3D986A4B-827C-4064-9004-E4D6FA524FFC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:freedesktop:dbus:1.4.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "F7197910-4381-4D23-85A1-5348D20AAD63",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:freedesktop:dbus:1.4.16:*:*:*:*:*:*:*",
                     matchCriteriaId: "B1059BE8-1044-4DC7-9B41-E76A56225000",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:freedesktop:dbus:1.4.18:*:*:*:*:*:*:*",
                     matchCriteriaId: "2124D0C2-21A6-4C72-97B9-A53BCDA697DD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:freedesktop:dbus:1.4.20:*:*:*:*:*:*:*",
                     matchCriteriaId: "1646C38B-596F-4614-93FC-0BFB88E9F034",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:freedesktop:dbus:1.4.22:*:*:*:*:*:*:*",
                     matchCriteriaId: "0FB75B1D-CB6D-4152-B4F2-C24A6E6F830B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:freedesktop:dbus:1.4.24:*:*:*:*:*:*:*",
                     matchCriteriaId: "9914C4DF-2B1B-416E-BE8A-274676F8CDA5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:freedesktop:dbus:1.4.26:*:*:*:*:*:*:*",
                     matchCriteriaId: "A2126812-E627-4514-8895-177F6A139B8C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:freedesktop:dbus:1.5.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DFC34AF2-60BD-4D52-8704-B0A4E3B9F35E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:freedesktop:dbus:1.5.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "AA8D645B-19A4-4AF5-A667-C95F90B8F282",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:freedesktop:dbus:1.5.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "4E8E5358-8466-4D3A-8AE4-3EE55700140D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:freedesktop:dbus:1.5.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "7B175C3A-44FC-4069-99F4-CFF78DAF6C60",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:freedesktop:dbus:1.5.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "36C6830D-92D2-49EC-BD13-BA7EE7720E61",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:freedesktop:dbus:1.5.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "3E33E9B8-4543-46D0-837B-DCCAC25C47E7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:freedesktop:dbus:1.5.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "831CFD41-47B0-4920-B118-7AD2CAFBFA85",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:freedesktop:dbus:1.6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "0A772FA8-668B-45AC-9813-0B5ADCE91DD6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:freedesktop:dbus:1.6.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "E155EB75-8D98-4469-98CB-81A40ABF0D9C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:freedesktop:dbus:1.6.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "A24ED739-0B39-4A70-B7E0-8A859759233D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:freedesktop:dbus:1.6.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "F89DEA95-DFB8-4D75-BE65-A477972D143E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:freedesktop:dbus:1.6.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "76BCD0D9-4F06-46E7-8734-AAEE28DD1631",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:freedesktop:dbus:1.6.16:*:*:*:*:*:*:*",
                     matchCriteriaId: "C22CA4E4-458D-465A-8272-473055A608EB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:freedesktop:dbus:1.6.18:*:*:*:*:*:*:*",
                     matchCriteriaId: "8133A184-FC2E-41AC-B2C2-EFD819B011FC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:freedesktop:dbus:1.6.20:*:*:*:*:*:*:*",
                     matchCriteriaId: "2D5009D1-BDA4-4DFC-A629-07144BDAEC93",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:freedesktop:dbus:1.8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "9AB63C07-1022-4EEE-B419-4E0A80AE64A5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:freedesktop:dbus:1.8.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "68B161B9-7385-4C0B-AC4D-1145E1004B74",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:freedesktop:dbus:1.8.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "6DD6AAFC-C18F-4AF5-B8D1-82F85F8421DC",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:mageia_project:mageia:3:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1911F9C-95A5-49DD-80F0-472BE92D7CDA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:mageia_project:mageia:4:*:*:*:*:*:*:*",
                     matchCriteriaId: "EDB6C80D-ADCA-481E-B54B-3BEA3D7D3107",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "DFBF430B-0832-44B0-AA0E-BA9E467F7668",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service (disconnect) via a certain sequence of crafted messages that cause the dbus-daemon to forward a message containing an invalid file descriptor.",
      },
      {
         lang: "es",
         value: "dbus 1.3.0 anterior a 1.6.22 y 1.8.x anterior a 1.8.6 permite a usuarios locales causar una denegación de servicio (desconexión) a través de cierta secuencias de mensajes manipulados que causan que el demonio de dbus reenvíe un mensaje que contiene un descriptor de ficheros inválido.",
      },
   ],
   id: "CVE-2014-3533",
   lastModified: "2024-11-21T02:08:19.100",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "LOW",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 2.1,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:L/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2014-07-19T19:55:08.013",
   references: [
      {
         source: "secalert@redhat.com",
         url: "http://advisories.mageia.org/MGASA-2014-0294.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://openwall.com/lists/oss-security/2014/07/02/4",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/59611",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/59798",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/60236",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.debian.org/security/2014/dsa-2971",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html",
      },
      {
         source: "secalert@redhat.com",
         url: "https://bugs.freedesktop.org/show_bug.cgi?id=79694",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://bugs.freedesktop.org/show_bug.cgi?id=80469",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://advisories.mageia.org/MGASA-2014-0294.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://openwall.com/lists/oss-security/2014/07/02/4",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/59611",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/59798",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/60236",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.debian.org/security/2014/dsa-2971",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://bugs.freedesktop.org/show_bug.cgi?id=79694",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://bugs.freedesktop.org/show_bug.cgi?id=80469",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-20",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2014-11-25 23:59
Modified
2024-11-21 02:20
Severity ?
Summary
WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to obtain access to an account idle since 2008 by leveraging an improper PHP dynamic type comparison for an MD5 hash.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:mageia_project:mageia:3:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1911F9C-95A5-49DD-80F0-472BE92D7CDA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:mageia_project:mageia:4:*:*:*:*:*:*:*",
                     matchCriteriaId: "EDB6C80D-ADCA-481E-B54B-3BEA3D7D3107",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "05E4FA51-9B8A-49E4-B6E8-A9799BE216CC",
                     versionEndIncluding: "3.7.4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:wordpress:wordpress:3.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "F4D38621-9941-4D03-91D7-3902930546A2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:wordpress:wordpress:3.8.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "934CC6A1-D5E4-468C-B31D-F5C7B02FCE6C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:wordpress:wordpress:3.8.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "BC02EF96-4F17-443C-A739-961EED916C18",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:wordpress:wordpress:3.8.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "C631B472-8FF2-4A93-91F1-DCA813A8520A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:wordpress:wordpress:3.8.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "57EB9FD7-7922-44A5-BB82-410B33032E59",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:wordpress:wordpress:3.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "CC9343FA-182C-4E2E-85ED-13F0B398258A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:wordpress:wordpress:3.9.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B79DE40E-BFA7-43DA-AB42-2812FB207941",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:wordpress:wordpress:3.9.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "5EED9381-2BFC-4BDA-AC4B-CBC77E8538D4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:wordpress:wordpress:4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "E372A3D2-FCB5-4A74-840D-EC03732FCC97",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "16F59A04-14CF-49E2-9973-645477EA09DA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to obtain access to an account idle since 2008 by leveraging an improper PHP dynamic type comparison for an MD5 hash.",
      },
      {
         lang: "es",
         value: "WordPress anterior a 3.7.5, 3.8.x anterior a 3.8.5, 3.9.x anterior a 3.9.3, y 4.x anterior a 4.0.1 podría permitir a atacantes remotos obtener el acceso a una cuenta ociosa desde el 2008 mediante el aprovechamiento de una comparación indebida del tipo dinámico de PHP para un hash MD5.",
      },
   ],
   id: "CVE-2014-9037",
   lastModified: "2024-11-21T02:20:08.780",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2014-11-25T23:59:08.193",
   references: [
      {
         source: "cve@mitre.org",
         url: "http://advisories.mageia.org/MGASA-2014-0493.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://openwall.com/lists/oss-security/2014/11/25/12",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.debian.org/security/2014/dsa-3085",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.mandriva.com/security/advisories?name=MDVSA-2014:233",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securitytracker.com/id/1031243",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://wordpress.org/news/2014/11/wordpress-4-0-1/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://advisories.mageia.org/MGASA-2014-0493.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://openwall.com/lists/oss-security/2014/11/25/12",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.debian.org/security/2014/dsa-3085",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.mandriva.com/security/advisories?name=MDVSA-2014:233",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securitytracker.com/id/1031243",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://wordpress.org/news/2014/11/wordpress-4-0-1/",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-310",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2014-07-02 04:14
Modified
2024-11-21 02:10
Severity ?
Summary
The cherokee_validator_ldap_check function in validator_ldap.c in Cherokee 1.2.103 and earlier, when LDAP is used, does not properly consider unauthenticated-bind semantics, which allows remote attackers to bypass authentication via an empty password.
References
cve@mitre.orghttp://advisories.mageia.org/MGASA-2015-0181.html
cve@mitre.orghttp://lists.fedoraproject.org/pipermail/package-announce/2015-April/155776.html
cve@mitre.orghttp://lists.fedoraproject.org/pipermail/package-announce/2015-April/156162.html
cve@mitre.orghttp://lists.fedoraproject.org/pipermail/package-announce/2015-April/156190.html
cve@mitre.orghttp://openwall.com/lists/oss-security/2014/06/28/3
cve@mitre.orghttp://openwall.com/lists/oss-security/2014/06/28/7
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDVSA-2015:225
cve@mitre.orghttp://www.securityfocus.com/bid/68249
cve@mitre.orghttps://github.com/cherokee/webserver/commit/fbda667221c51f0aa476a02366e0cf66cb012f88
af854a3a-2127-422b-91ae-364da2661108http://advisories.mageia.org/MGASA-2015-0181.html
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155776.html
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156162.html
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156190.html
af854a3a-2127-422b-91ae-364da2661108http://openwall.com/lists/oss-security/2014/06/28/3
af854a3a-2127-422b-91ae-364da2661108http://openwall.com/lists/oss-security/2014/06/28/7
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2015:225
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/68249
af854a3a-2127-422b-91ae-364da2661108https://github.com/cherokee/webserver/commit/fbda667221c51f0aa476a02366e0cf66cb012f88



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*",
                     matchCriteriaId: "FF47C9F0-D8DA-4B55-89EB-9B2C9383ADB9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*",
                     matchCriteriaId: "56BDB5A0-0839-4A20-A003-B8CD56F48171",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*",
                     matchCriteriaId: "253C303A-E577-4488-93E6-68A8DD942C38",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:mageia_project:mageia:4:*:*:*:*:*:*:*",
                     matchCriteriaId: "EDB6C80D-ADCA-481E-B54B-3BEA3D7D3107",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:cherokee-project:cherokee:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "D4AA7EA7-8D67-49E1-9D93-88CA97A8EFAC",
                     versionEndIncluding: "1.2.103",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cherokee-project:cherokee:1.2.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "6D5B3C97-844D-4F58-87F4-11962A7228F2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cherokee-project:cherokee:1.2.98:*:*:*:*:*:*:*",
                     matchCriteriaId: "762B5682-C942-4DC7-9C69-D0AC3D4E275C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cherokee-project:cherokee:1.2.99:*:*:*:*:*:*:*",
                     matchCriteriaId: "9FB62CE7-9FC9-4E7F-8B3D-45710949EA6A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cherokee-project:cherokee:1.2.101:*:*:*:*:*:*:*",
                     matchCriteriaId: "D33D414B-0A4C-41EE-991A-788559EC3A03",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cherokee-project:cherokee:1.2.102:*:*:*:*:*:*:*",
                     matchCriteriaId: "1407BB70-8D64-422F-8487-4D8B3E88963E",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The cherokee_validator_ldap_check function in validator_ldap.c in Cherokee 1.2.103 and earlier, when LDAP is used, does not properly consider unauthenticated-bind semantics, which allows remote attackers to bypass authentication via an empty password.",
      },
      {
         lang: "es",
         value: "La función cherokee_validator_ldap_check en validator_ldap.c en Cherokee 1.2.103 y anteriores, cuando LDAP está utilizado, no considera debidamente la semántica bind no autenticada, lo que permite a atacantes remotos evadir autenticación a través de una contraseña vacía.",
      },
   ],
   id: "CVE-2014-4668",
   lastModified: "2024-11-21T02:10:40.663",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2014-07-02T04:14:17.233",
   references: [
      {
         source: "cve@mitre.org",
         url: "http://advisories.mageia.org/MGASA-2015-0181.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155776.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156162.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156190.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://openwall.com/lists/oss-security/2014/06/28/3",
      },
      {
         source: "cve@mitre.org",
         url: "http://openwall.com/lists/oss-security/2014/06/28/7",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:225",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securityfocus.com/bid/68249",
      },
      {
         source: "cve@mitre.org",
         url: "https://github.com/cherokee/webserver/commit/fbda667221c51f0aa476a02366e0cf66cb012f88",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://advisories.mageia.org/MGASA-2015-0181.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155776.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156162.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156190.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://openwall.com/lists/oss-security/2014/06/28/3",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://openwall.com/lists/oss-security/2014/06/28/7",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:225",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/68249",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://github.com/cherokee/webserver/commit/fbda667221c51f0aa476a02366e0cf66cb012f88",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-287",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2014-05-08 10:55
Modified
2024-11-21 02:08
Severity ?
Summary
lisp/net/browse-url.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/Mosaic.##### temporary file.
Impacted products
Vendor Product Version
mageia_project mageia 3
mageia_project mageia 4
gnu emacs *
gnu emacs 20.0
gnu emacs 20.1
gnu emacs 20.2
gnu emacs 20.3
gnu emacs 20.4
gnu emacs 20.5
gnu emacs 20.6
gnu emacs 20.7
gnu emacs 21
gnu emacs 21.1
gnu emacs 21.2
gnu emacs 21.2.1
gnu emacs 21.3
gnu emacs 21.3.1
gnu emacs 21.4
gnu emacs 22.1
gnu emacs 22.2
gnu emacs 22.3
gnu emacs 23.1
gnu emacs 23.2
gnu emacs 23.3
gnu emacs 23.4
gnu emacs 24.1
gnu emacs 24.2



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:mageia_project:mageia:3:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1911F9C-95A5-49DD-80F0-472BE92D7CDA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:mageia_project:mageia:4:*:*:*:*:*:*:*",
                     matchCriteriaId: "EDB6C80D-ADCA-481E-B54B-3BEA3D7D3107",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:gnu:emacs:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "4BAE0411-D27E-49B6-8F8B-972A2E9985FC",
                     versionEndIncluding: "24.3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:emacs:20.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "E460F3A1-71DD-4A37-9F17-6B4E5C9A46AE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:emacs:20.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "0F9D5B3C-7534-4DC6-BE44-91A0031FBA6C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:emacs:20.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "4EB2E29F-371A-43AB-8CBF-DDFABDB103BB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:emacs:20.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "05F6124D-F3C1-4E4C-B580-85AB01833885",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:emacs:20.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "9571E866-AB82-4B95-8097-ED0DA038331F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:emacs:20.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "3A773690-9650-40E1-BCE3-7E020AF61BCD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:emacs:20.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "26D9A554-CB40-461D-9C95-78051B0CA354",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:emacs:20.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "0AFE5D6E-1979-4CF2-ACE0-BB6F31F80434",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:emacs:21:*:*:*:*:*:*:*",
                     matchCriteriaId: "7731A395-328A-4435-A388-1419224A4256",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:emacs:21.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "05BDDB87-0AFF-4BDC-995A-94F221ED3641",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:emacs:21.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "F9ADBEE6-3B38-4284-B9F8-37F7FFEBDE81",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:emacs:21.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "C4389884-70D2-4915-80A7-CFA4A420A024",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:emacs:21.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "EA95B19B-F35D-4644-9E75-5A138A960C10",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:emacs:21.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "DE5CB6EB-74D8-4CA8-8B86-08E06859E2E4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:emacs:21.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "FC7E9FE5-E87C-440B-A16E-327501BC8977",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:emacs:22.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "9ADF55EE-0F79-414A-B701-14DDA1C9C3B5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:emacs:22.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "37E5A757-C2C8-49D4-AFCD-156CCF4B7262",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:emacs:22.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1D047EC-2354-430D-B44C-FE8574F7617B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:emacs:23.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "99B66AEA-D831-4A17-A7D6-4DEDA28985C2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:emacs:23.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "944A2F7B-375B-4466-8A98-934123C209FD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:emacs:23.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "123EF408-7950-4856-8A8D-B5553A0FFF58",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:emacs:23.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "D9948287-D8A4-4B29-9240-FCD25E73B00D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:emacs:24.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ECC26DAB-A671-47BE-84DD-AD0A4CF72079",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:emacs:24.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "38737529-7787-45AD-81FB-8571789BAEDB",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "lisp/net/browse-url.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/Mosaic.##### temporary file.",
      },
      {
         lang: "es",
         value: "lisp/net/browse-url.el en GNU Emacs 24.3 y anteriores permite a usuarios locales sobrescribir archivos arbitrarios a través de un ataque de enlace simbólico sobre un archivo /tmp/Mosaic.##### temporal.",
      },
   ],
   id: "CVE-2014-3423",
   lastModified: "2024-11-21T02:08:03.797",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "LOW",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 3.3,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:L/AC:M/Au:N/C:N/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 3.4,
            impactScore: 4.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2014-05-08T10:55:05.417",
   references: [
      {
         source: "cve@mitre.org",
         url: "http://advisories.mageia.org/MGASA-2014-0250.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17428#8",
      },
      {
         source: "cve@mitre.org",
         url: "http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00057.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://openwall.com/lists/oss-security/2014/05/07/7",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:117",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://advisories.mageia.org/MGASA-2014-0250.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17428#8",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00057.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://openwall.com/lists/oss-security/2014/05/07/7",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:117",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-59",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2014-11-18 15:59
Modified
2024-11-21 02:18
Severity ?
Summary
D-Bus 1.3.0 through 1.6.x before 1.6.26, 1.8.x before 1.8.10, and 1.9.x before 1.9.2 allows local users to cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3636.1.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:freedesktop:dbus:1.6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "0A772FA8-668B-45AC-9813-0B5ADCE91DD6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:freedesktop:dbus:1.6.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "E155EB75-8D98-4469-98CB-81A40ABF0D9C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:freedesktop:dbus:1.6.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "4D6AF8D8-6A4E-4A42-A738-84690B6F9FDC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:freedesktop:dbus:1.6.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "E598FE36-ABEB-4682-950A-E462CC780F82",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:freedesktop:dbus:1.6.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "EE224CED-410C-43D8-9220-0AEF5EB49C8D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:freedesktop:dbus:1.6.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "A24ED739-0B39-4A70-B7E0-8A859759233D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:freedesktop:dbus:1.6.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "F89DEA95-DFB8-4D75-BE65-A477972D143E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:freedesktop:dbus:1.6.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "76BCD0D9-4F06-46E7-8734-AAEE28DD1631",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:freedesktop:dbus:1.6.16:*:*:*:*:*:*:*",
                     matchCriteriaId: "C22CA4E4-458D-465A-8272-473055A608EB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:freedesktop:dbus:1.6.18:*:*:*:*:*:*:*",
                     matchCriteriaId: "8133A184-FC2E-41AC-B2C2-EFD819B011FC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:freedesktop:dbus:1.6.20:*:*:*:*:*:*:*",
                     matchCriteriaId: "2D5009D1-BDA4-4DFC-A629-07144BDAEC93",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:freedesktop:dbus:1.6.22:*:*:*:*:*:*:*",
                     matchCriteriaId: "1A1D15D9-89A1-4742-8613-4CFF215525DB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:freedesktop:dbus:1.6.24:*:*:*:*:*:*:*",
                     matchCriteriaId: "B38D12A6-4ED9-4510-BA44-3CD0B1A2163B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:freedesktop:dbus:1.8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "9AB63C07-1022-4EEE-B419-4E0A80AE64A5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:freedesktop:dbus:1.8.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "68B161B9-7385-4C0B-AC4D-1145E1004B74",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:freedesktop:dbus:1.8.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "6DD6AAFC-C18F-4AF5-B8D1-82F85F8421DC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:freedesktop:dbus:1.8.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "A214F572-0572-426B-979C-22EB3A43ED6F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:freedesktop:dbus:1.8.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "A1664AE8-6009-4CC1-8A4A-C3E55C431018",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:freedesktop:dbus:1.9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "8E6D58E5-A652-4A45-A4A0-53B98FB8B251",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "16F59A04-14CF-49E2-9973-645477EA09DA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:mageia_project:mageia:3:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1911F9C-95A5-49DD-80F0-472BE92D7CDA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:mageia_project:mageia:4:*:*:*:*:*:*:*",
                     matchCriteriaId: "EDB6C80D-ADCA-481E-B54B-3BEA3D7D3107",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
                     matchCriteriaId: "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
                     matchCriteriaId: "B5A6F2F3-4894-4392-8296-3B8DD2679084",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "49A63F39-30BE-443F-AF10-6245587D3359",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "D-Bus 1.3.0 through 1.6.x before 1.6.26, 1.8.x before 1.8.10, and 1.9.x before 1.9.2 allows local users to cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3636.1.",
      },
      {
         lang: "es",
         value: "D-Bus hasta 1.3.0 y 1.6.x antes de 1.6.26, 1.8.x antes de 1.8.10, y 1.9.x antes de 1.9.2 permite a usuarios locales provocar una denegación de servicio (la prevención de nuevas conexiones y caída de conexión) colocando en cola el número máximo de descriptores de archivos. NOTA: esta vulnerabilidad existe debido a que no se completo la solución para CVE-2014 a 3.636,1.",
      },
   ],
   id: "CVE-2014-7824",
   lastModified: "2024-11-21T02:18:05.043",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "LOW",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 2.1,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:L/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2014-11-18T15:59:04.017",
   references: [
      {
         source: "secalert@redhat.com",
         url: "http://advisories.mageia.org/MGASA-2014-0457.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/62603",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.debian.org/security/2014/dsa-3099",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Exploit",
         ],
         url: "http://www.openwall.com/lists/oss-security/2014/11/10/2",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.securityfocus.com/bid/71012",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.ubuntu.com/usn/USN-2425-1",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Exploit",
         ],
         url: "https://bugs.freedesktop.org/show_bug.cgi?id=85105",
      },
      {
         source: "secalert@redhat.com",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/98576",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://advisories.mageia.org/MGASA-2014-0457.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/62603",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.debian.org/security/2014/dsa-3099",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
         ],
         url: "http://www.openwall.com/lists/oss-security/2014/11/10/2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/71012",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.ubuntu.com/usn/USN-2425-1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
         ],
         url: "https://bugs.freedesktop.org/show_bug.cgi?id=85105",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/98576",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-399",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2014-05-08 10:55
Modified
2024-11-21 02:08
Severity ?
Summary
lisp/net/tramp-sh.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/tramp.##### temporary file.
Impacted products
Vendor Product Version
mageia_project mageia 3
mageia_project mageia 4
gnu emacs *
gnu emacs 20.0
gnu emacs 20.1
gnu emacs 20.2
gnu emacs 20.3
gnu emacs 20.4
gnu emacs 20.5
gnu emacs 20.6
gnu emacs 20.7
gnu emacs 21
gnu emacs 21.1
gnu emacs 21.2
gnu emacs 21.2.1
gnu emacs 21.3
gnu emacs 21.3.1
gnu emacs 21.4
gnu emacs 22.1
gnu emacs 22.2
gnu emacs 22.3
gnu emacs 23.1
gnu emacs 23.2
gnu emacs 23.3
gnu emacs 23.4
gnu emacs 24.1
gnu emacs 24.2



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:mageia_project:mageia:3:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1911F9C-95A5-49DD-80F0-472BE92D7CDA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:mageia_project:mageia:4:*:*:*:*:*:*:*",
                     matchCriteriaId: "EDB6C80D-ADCA-481E-B54B-3BEA3D7D3107",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:gnu:emacs:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "4BAE0411-D27E-49B6-8F8B-972A2E9985FC",
                     versionEndIncluding: "24.3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:emacs:20.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "E460F3A1-71DD-4A37-9F17-6B4E5C9A46AE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:emacs:20.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "0F9D5B3C-7534-4DC6-BE44-91A0031FBA6C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:emacs:20.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "4EB2E29F-371A-43AB-8CBF-DDFABDB103BB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:emacs:20.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "05F6124D-F3C1-4E4C-B580-85AB01833885",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:emacs:20.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "9571E866-AB82-4B95-8097-ED0DA038331F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:emacs:20.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "3A773690-9650-40E1-BCE3-7E020AF61BCD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:emacs:20.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "26D9A554-CB40-461D-9C95-78051B0CA354",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:emacs:20.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "0AFE5D6E-1979-4CF2-ACE0-BB6F31F80434",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:emacs:21:*:*:*:*:*:*:*",
                     matchCriteriaId: "7731A395-328A-4435-A388-1419224A4256",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:emacs:21.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "05BDDB87-0AFF-4BDC-995A-94F221ED3641",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:emacs:21.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "F9ADBEE6-3B38-4284-B9F8-37F7FFEBDE81",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:emacs:21.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "C4389884-70D2-4915-80A7-CFA4A420A024",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:emacs:21.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "EA95B19B-F35D-4644-9E75-5A138A960C10",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:emacs:21.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "DE5CB6EB-74D8-4CA8-8B86-08E06859E2E4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:emacs:21.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "FC7E9FE5-E87C-440B-A16E-327501BC8977",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:emacs:22.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "9ADF55EE-0F79-414A-B701-14DDA1C9C3B5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:emacs:22.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "37E5A757-C2C8-49D4-AFCD-156CCF4B7262",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:emacs:22.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1D047EC-2354-430D-B44C-FE8574F7617B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:emacs:23.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "99B66AEA-D831-4A17-A7D6-4DEDA28985C2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:emacs:23.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "944A2F7B-375B-4466-8A98-934123C209FD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:emacs:23.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "123EF408-7950-4856-8A8D-B5553A0FFF58",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:emacs:23.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "D9948287-D8A4-4B29-9240-FCD25E73B00D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:emacs:24.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ECC26DAB-A671-47BE-84DD-AD0A4CF72079",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:emacs:24.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "38737529-7787-45AD-81FB-8571789BAEDB",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "lisp/net/tramp-sh.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/tramp.##### temporary file.",
      },
      {
         lang: "es",
         value: "lisp/net/tramp-sh.el en GNU Emacs 24.3 y anteriores permite a usuarios locales sobrescribir archivos arbitrarios a través de un ataque de enlace simbólico sobre un archivo /tmp/tramp.##### temporal.",
      },
   ],
   id: "CVE-2014-3424",
   lastModified: "2024-11-21T02:08:03.957",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "LOW",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 3.3,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:L/AC:M/Au:N/C:N/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 3.4,
            impactScore: 4.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2014-05-08T10:55:05.577",
   references: [
      {
         source: "cve@mitre.org",
         url: "http://advisories.mageia.org/MGASA-2014-0250.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17428#8",
      },
      {
         source: "cve@mitre.org",
         url: "http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00060.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://openwall.com/lists/oss-security/2014/05/07/7",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:117",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://advisories.mageia.org/MGASA-2014-0250.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17428#8",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00060.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://openwall.com/lists/oss-security/2014/05/07/7",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:117",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-59",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2015-03-18 16:59
Modified
2024-11-21 02:27
Severity ?
Summary
The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect.
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:mageia_project:mageia:4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "A7D2FA5A-6EC3-490B-A6A5-C498C889E30D",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:python:requests:2.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "FEFEBF18-876A-4E3C-A30B-71577B9938CE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:python:requests:2.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "18282B8E-738F-495C-B990-F70D0F0F8F8B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:python:requests:2.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "2DE39CDB-643B-4126-9CA2-9C50337BBF58",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:python:requests:2.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "425B2FDF-69C3-4C0C-8972-E41EC457F791",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:python:requests:2.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "BB05BA9A-23AE-49D4-A1E7-96F8964A3BFF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:python:requests:2.4.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "800BD957-9C00-41F9-BD04-485698BD55D4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:python:requests:2.4.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "6FA61528-1797-44A2-99FA-F24866B4A663",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:python:requests:2.5.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "544C8C6B-0532-4D06-8A50-6C629B5C48F9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:python:requests:2.5.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "D34A4A03-6B83-4FED-91DF-73D3DC895879",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:python:requests:2.5.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "4016F80B-6EB3-4C5B-B2A6-483A24E9E70C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:python:requests:2.5.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "330946FA-38DC-4797-AEB3-0B038B828F9A",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
                     matchCriteriaId: "B5A6F2F3-4894-4392-8296-3B8DD2679084",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "49A63F39-30BE-443F-AF10-6245587D3359",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect.",
      },
      {
         lang: "es",
         value: "La función resolve_redirects en sessions.py en requests 2.1.0 hasta 2.5.3 permite a atacantes remotos realizar ataques de fijación de sesión a través de una cookie sin valor de anfitrión en una redirección.",
      },
   ],
   evaluatorComment: "<a href=\"http://cwe.mitre.org/data/definitions/384.html\">CWE-384: Session Fixation</a>",
   id: "CVE-2015-2296",
   lastModified: "2024-11-21T02:27:10.147",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2015-03-18T16:59:03.517",
   references: [
      {
         source: "cve@mitre.org",
         url: "http://advisories.mageia.org/MGASA-2015-0120.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153594.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:133",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.openwall.com/lists/oss-security/2015/03/14/4",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.openwall.com/lists/oss-security/2015/03/15/1",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.ubuntu.com/usn/USN-2531-1",
      },
      {
         source: "cve@mitre.org",
         url: "https://github.com/kennethreitz/requests/commit/3bd8afbff29e50b38f889b2f688785a669b9aafc",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://warehouse.python.org/project/requests/2.6.0/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://advisories.mageia.org/MGASA-2015-0120.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153594.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:133",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.openwall.com/lists/oss-security/2015/03/14/4",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.openwall.com/lists/oss-security/2015/03/15/1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.ubuntu.com/usn/USN-2531-1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://github.com/kennethreitz/requests/commit/3bd8afbff29e50b38f889b2f688785a669b9aafc",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://warehouse.python.org/project/requests/2.6.0/",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2014-05-08 10:55
Modified
2024-11-21 02:08
Severity ?
Summary
lisp/emacs-lisp/find-gc.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file under /tmp/esrc/.
Impacted products
Vendor Product Version
gnu emacs *
gnu emacs 20.0
gnu emacs 20.1
gnu emacs 20.2
gnu emacs 20.3
gnu emacs 20.4
gnu emacs 20.5
gnu emacs 20.6
gnu emacs 20.7
gnu emacs 21
gnu emacs 21.1
gnu emacs 21.2
gnu emacs 21.2.1
gnu emacs 21.3
gnu emacs 21.3.1
gnu emacs 21.4
gnu emacs 22.1
gnu emacs 22.2
gnu emacs 22.3
gnu emacs 23.1
gnu emacs 23.2
gnu emacs 23.3
gnu emacs 23.4
gnu emacs 24.1
gnu emacs 24.2
mageia_project mageia 3
mageia_project mageia 4



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:gnu:emacs:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "4BAE0411-D27E-49B6-8F8B-972A2E9985FC",
                     versionEndIncluding: "24.3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:emacs:20.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "E460F3A1-71DD-4A37-9F17-6B4E5C9A46AE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:emacs:20.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "0F9D5B3C-7534-4DC6-BE44-91A0031FBA6C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:emacs:20.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "4EB2E29F-371A-43AB-8CBF-DDFABDB103BB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:emacs:20.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "05F6124D-F3C1-4E4C-B580-85AB01833885",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:emacs:20.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "9571E866-AB82-4B95-8097-ED0DA038331F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:emacs:20.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "3A773690-9650-40E1-BCE3-7E020AF61BCD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:emacs:20.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "26D9A554-CB40-461D-9C95-78051B0CA354",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:emacs:20.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "0AFE5D6E-1979-4CF2-ACE0-BB6F31F80434",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:emacs:21:*:*:*:*:*:*:*",
                     matchCriteriaId: "7731A395-328A-4435-A388-1419224A4256",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:emacs:21.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "05BDDB87-0AFF-4BDC-995A-94F221ED3641",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:emacs:21.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "F9ADBEE6-3B38-4284-B9F8-37F7FFEBDE81",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:emacs:21.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "C4389884-70D2-4915-80A7-CFA4A420A024",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:emacs:21.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "EA95B19B-F35D-4644-9E75-5A138A960C10",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:emacs:21.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "DE5CB6EB-74D8-4CA8-8B86-08E06859E2E4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:emacs:21.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "FC7E9FE5-E87C-440B-A16E-327501BC8977",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:emacs:22.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "9ADF55EE-0F79-414A-B701-14DDA1C9C3B5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:emacs:22.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "37E5A757-C2C8-49D4-AFCD-156CCF4B7262",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:emacs:22.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1D047EC-2354-430D-B44C-FE8574F7617B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:emacs:23.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "99B66AEA-D831-4A17-A7D6-4DEDA28985C2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:emacs:23.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "944A2F7B-375B-4466-8A98-934123C209FD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:emacs:23.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "123EF408-7950-4856-8A8D-B5553A0FFF58",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:emacs:23.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "D9948287-D8A4-4B29-9240-FCD25E73B00D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:emacs:24.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ECC26DAB-A671-47BE-84DD-AD0A4CF72079",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:emacs:24.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "38737529-7787-45AD-81FB-8571789BAEDB",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:mageia_project:mageia:3:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1911F9C-95A5-49DD-80F0-472BE92D7CDA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:mageia_project:mageia:4:*:*:*:*:*:*:*",
                     matchCriteriaId: "EDB6C80D-ADCA-481E-B54B-3BEA3D7D3107",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "lisp/emacs-lisp/find-gc.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file under /tmp/esrc/.",
      },
      {
         lang: "es",
         value: "lisp/emacs-lisp/find-gc.el en GNU Emacs 24.3 y anteriores permite a usuarios locales sobrescribir archivos arbitrarios a través de un ataque de enlace simbólico sobre un archivo temporal bajo /tmp/esrc/.",
      },
   ],
   id: "CVE-2014-3422",
   lastModified: "2024-11-21T02:08:03.623",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "LOW",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 3.3,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:L/AC:M/Au:N/C:N/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 3.4,
            impactScore: 4.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2014-05-08T10:55:05.310",
   references: [
      {
         source: "cve@mitre.org",
         url: "http://advisories.mageia.org/MGASA-2014-0250.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17428#8",
      },
      {
         source: "cve@mitre.org",
         url: "http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00056.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://openwall.com/lists/oss-security/2014/05/07/7",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:117",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://advisories.mageia.org/MGASA-2014-0250.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17428#8",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00056.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://openwall.com/lists/oss-security/2014/05/07/7",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:117",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-59",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2014-10-22 14:55
Modified
2024-11-21 02:19
Severity ?
Summary
DokuWiki before 2014-05-05b, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a password starting with a null (\0) character and a valid user name, which triggers an unauthenticated bind.
Impacted products
Vendor Product Version
dokuwiki dokuwiki *
mageia_project mageia 3.0
mageia_project mageia 4.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:dokuwiki:dokuwiki:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "EA33BE6C-F00C-4A78-9136-EBBF9643B4F2",
                     versionEndIncluding: "2014-05-05a",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:mageia_project:mageia:3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DBED7B92-A9D9-4B2A-A2A5-BD63C2214721",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:mageia_project:mageia:4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "A7D2FA5A-6EC3-490B-A6A5-C498C889E30D",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "DokuWiki before 2014-05-05b, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a password starting with a null (\\0) character and a valid user name, which triggers an unauthenticated bind.",
      },
      {
         lang: "es",
         value: "DokuWiki anterior a 2014-05-05b, cuando utiliza Active Directory para la autenticación LDAP, permite a atacantes remotos evadir la autenticación a través de una contraseña que empiece por un caracter nulo (\\0) y un nombre de usuario válido, lo que provoca un bind no autenticado.",
      },
   ],
   id: "CVE-2014-8763",
   lastModified: "2024-11-21T02:19:43.840",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2014-10-22T14:55:08.373",
   references: [
      {
         source: "secalert@redhat.com",
         url: "http://advisories.mageia.org/MGASA-2014-0438.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/61983",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.debian.org/security/2014/dsa-3059",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.freelists.org/post/dokuwiki/Fwd-Dokuwiki-maybe-security-issue-Null-byte-poisoning-in-LDAP-authentication",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.openwall.com/lists/oss-security/2014/10/13/3",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.openwall.com/lists/oss-security/2014/10/16/9",
      },
      {
         source: "secalert@redhat.com",
         url: "https://github.com/splitbrain/dokuwiki/pull/868",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://advisories.mageia.org/MGASA-2014-0438.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/61983",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.debian.org/security/2014/dsa-3059",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.freelists.org/post/dokuwiki/Fwd-Dokuwiki-maybe-security-issue-Null-byte-poisoning-in-LDAP-authentication",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.openwall.com/lists/oss-security/2014/10/13/3",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.openwall.com/lists/oss-security/2014/10/16/9",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://github.com/splitbrain/dokuwiki/pull/868",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-287",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2014-10-22 14:55
Modified
2024-11-21 02:19
Severity ?
Summary
DokuWiki 2014-05-05a and earlier, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a user name and password starting with a null (\0) character, which triggers an anonymous bind.
Impacted products
Vendor Product Version
mageia_project mageia 3.0
mageia_project mageia 4.0
dokuwiki dokuwiki *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:mageia_project:mageia:3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DBED7B92-A9D9-4B2A-A2A5-BD63C2214721",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:mageia_project:mageia:4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "A7D2FA5A-6EC3-490B-A6A5-C498C889E30D",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:dokuwiki:dokuwiki:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "7C134F2A-492D-4379-8471-DAD6569D7FF9",
                     versionEndIncluding: "2013-12-08",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "DokuWiki 2014-05-05a and earlier, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a user name and password starting with a null (\\0) character, which triggers an anonymous bind.",
      },
      {
         lang: "es",
         value: "DokuWiki 2014-05-05a y anteriores, cuando utiliza Active Directory para la autenticación LDAP, permite a atacantes remotos evadir la autenticación a través de un nombre de usuario y una contraseña que empiece por un caracter nulo (\\0), lo que provoca un bind anónimo.",
      },
   ],
   id: "CVE-2014-8764",
   lastModified: "2024-11-21T02:19:43.947",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2014-10-22T14:55:08.420",
   references: [
      {
         source: "secalert@redhat.com",
         url: "http://advisories.mageia.org/MGASA-2014-0438.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/61983",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.debian.org/security/2014/dsa-3059",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.freelists.org/post/dokuwiki/Fwd-Dokuwiki-maybe-security-issue-Null-byte-poisoning-in-LDAP-authentication",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.openwall.com/lists/oss-security/2014/10/13/3",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.openwall.com/lists/oss-security/2014/10/16/9",
      },
      {
         source: "secalert@redhat.com",
         url: "https://github.com/splitbrain/dokuwiki/pull/868",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://advisories.mageia.org/MGASA-2014-0438.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/61983",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.debian.org/security/2014/dsa-3059",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.freelists.org/post/dokuwiki/Fwd-Dokuwiki-maybe-security-issue-Null-byte-poisoning-in-LDAP-authentication",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.openwall.com/lists/oss-security/2014/10/13/3",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.openwall.com/lists/oss-security/2014/10/16/9",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://github.com/splitbrain/dokuwiki/pull/868",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-287",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

cve-2014-8763
Vulnerability from cvelistv5
Published
2014-10-22 14:00
Modified
2024-08-06 13:26
Severity ?
Summary
DokuWiki before 2014-05-05b, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a password starting with a null (\0) character and a valid user name, which triggers an unauthenticated bind.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T13:26:02.588Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "[dokuwiki] 20140918 Fwd: Dokuwiki (maybe) security issue: Null byte poisoning in LDAP authentication",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.freelists.org/post/dokuwiki/Fwd-Dokuwiki-maybe-security-issue-Null-byte-poisoning-in-LDAP-authentication",
               },
               {
                  name: "61983",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/61983",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://advisories.mageia.org/MGASA-2014-0438.html",
               },
               {
                  name: "[oss-security] 20141013 CVE request: various security flaws in dokuwiki",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2014/10/13/3",
               },
               {
                  name: "[oss-security] 20141016 Re: CVE request: various security flaws in dokuwiki",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2014/10/16/9",
               },
               {
                  name: "DSA-3059",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2014/dsa-3059",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/splitbrain/dokuwiki/pull/868",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2014-09-18T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "DokuWiki before 2014-05-05b, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a password starting with a null (\\0) character and a valid user name, which triggers an unauthenticated bind.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2015-04-01T13:57:00",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "[dokuwiki] 20140918 Fwd: Dokuwiki (maybe) security issue: Null byte poisoning in LDAP authentication",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.freelists.org/post/dokuwiki/Fwd-Dokuwiki-maybe-security-issue-Null-byte-poisoning-in-LDAP-authentication",
            },
            {
               name: "61983",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/61983",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://advisories.mageia.org/MGASA-2014-0438.html",
            },
            {
               name: "[oss-security] 20141013 CVE request: various security flaws in dokuwiki",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2014/10/13/3",
            },
            {
               name: "[oss-security] 20141016 Re: CVE request: various security flaws in dokuwiki",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2014/10/16/9",
            },
            {
               name: "DSA-3059",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2014/dsa-3059",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/splitbrain/dokuwiki/pull/868",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2014-8763",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "DokuWiki before 2014-05-05b, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a password starting with a null (\\0) character and a valid user name, which triggers an unauthenticated bind.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "[dokuwiki] 20140918 Fwd: Dokuwiki (maybe) security issue: Null byte poisoning in LDAP authentication",
                     refsource: "MLIST",
                     url: "http://www.freelists.org/post/dokuwiki/Fwd-Dokuwiki-maybe-security-issue-Null-byte-poisoning-in-LDAP-authentication",
                  },
                  {
                     name: "61983",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/61983",
                  },
                  {
                     name: "http://advisories.mageia.org/MGASA-2014-0438.html",
                     refsource: "CONFIRM",
                     url: "http://advisories.mageia.org/MGASA-2014-0438.html",
                  },
                  {
                     name: "[oss-security] 20141013 CVE request: various security flaws in dokuwiki",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2014/10/13/3",
                  },
                  {
                     name: "[oss-security] 20141016 Re: CVE request: various security flaws in dokuwiki",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2014/10/16/9",
                  },
                  {
                     name: "DSA-3059",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2014/dsa-3059",
                  },
                  {
                     name: "https://github.com/splitbrain/dokuwiki/pull/868",
                     refsource: "CONFIRM",
                     url: "https://github.com/splitbrain/dokuwiki/pull/868",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2014-8763",
      datePublished: "2014-10-22T14:00:00",
      dateReserved: "2014-10-13T00:00:00",
      dateUpdated: "2024-08-06T13:26:02.588Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2015-2296
Vulnerability from cvelistv5
Published
2015-03-18 16:00
Modified
2024-08-06 05:10
Severity ?
Summary
The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T05:10:16.223Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "[oss-security] 20150314 Re: CVE Request for python-requests session fixation vulnerability",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2015/03/15/1",
               },
               {
                  name: "FEDORA-2015-4084",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153594.html",
               },
               {
                  name: "MDVSA-2015:133",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MANDRIVA",
                     "x_transferred",
                  ],
                  url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:133",
               },
               {
                  name: "[oss-security] 20150314 CVE Request for python-requests session fixation vulnerability",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2015/03/14/4",
               },
               {
                  name: "USN-2531-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-2531-1",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/kennethreitz/requests/commit/3bd8afbff29e50b38f889b2f688785a669b9aafc",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://advisories.mageia.org/MGASA-2015-0120.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://warehouse.python.org/project/requests/2.6.0/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2015-03-14T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2015-04-21T12:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "[oss-security] 20150314 Re: CVE Request for python-requests session fixation vulnerability",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2015/03/15/1",
            },
            {
               name: "FEDORA-2015-4084",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153594.html",
            },
            {
               name: "MDVSA-2015:133",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
               ],
               url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:133",
            },
            {
               name: "[oss-security] 20150314 CVE Request for python-requests session fixation vulnerability",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2015/03/14/4",
            },
            {
               name: "USN-2531-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-2531-1",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/kennethreitz/requests/commit/3bd8afbff29e50b38f889b2f688785a669b9aafc",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://advisories.mageia.org/MGASA-2015-0120.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://warehouse.python.org/project/requests/2.6.0/",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2015-2296",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "[oss-security] 20150314 Re: CVE Request for python-requests session fixation vulnerability",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2015/03/15/1",
                  },
                  {
                     name: "FEDORA-2015-4084",
                     refsource: "FEDORA",
                     url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153594.html",
                  },
                  {
                     name: "MDVSA-2015:133",
                     refsource: "MANDRIVA",
                     url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:133",
                  },
                  {
                     name: "[oss-security] 20150314 CVE Request for python-requests session fixation vulnerability",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2015/03/14/4",
                  },
                  {
                     name: "USN-2531-1",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/USN-2531-1",
                  },
                  {
                     name: "https://github.com/kennethreitz/requests/commit/3bd8afbff29e50b38f889b2f688785a669b9aafc",
                     refsource: "CONFIRM",
                     url: "https://github.com/kennethreitz/requests/commit/3bd8afbff29e50b38f889b2f688785a669b9aafc",
                  },
                  {
                     name: "http://advisories.mageia.org/MGASA-2015-0120.html",
                     refsource: "CONFIRM",
                     url: "http://advisories.mageia.org/MGASA-2015-0120.html",
                  },
                  {
                     name: "https://warehouse.python.org/project/requests/2.6.0/",
                     refsource: "CONFIRM",
                     url: "https://warehouse.python.org/project/requests/2.6.0/",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2015-2296",
      datePublished: "2015-03-18T16:00:00",
      dateReserved: "2015-03-14T00:00:00",
      dateUpdated: "2024-08-06T05:10:16.223Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2014-3422
Vulnerability from cvelistv5
Published
2014-05-08 10:00
Modified
2024-08-06 10:43
Severity ?
Summary
lisp/emacs-lisp/find-gc.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file under /tmp/esrc/.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T10:43:05.616Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "[oss-security] 20140507 Re: CVE Request - Predictable temporary filenames in GNU Emacs",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://openwall.com/lists/oss-security/2014/05/07/7",
               },
               {
                  name: "MDVSA-2015:117",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MANDRIVA",
                     "x_transferred",
                  ],
                  url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:117",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://advisories.mageia.org/MGASA-2014-0250.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17428#8",
               },
               {
                  name: "[emacs-diffs] 20140506 emacs-24 r117067: find-gc.el misc fixes",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00056.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2014-05-06T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "lisp/emacs-lisp/find-gc.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file under /tmp/esrc/.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2015-04-08T13:57:00",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "[oss-security] 20140507 Re: CVE Request - Predictable temporary filenames in GNU Emacs",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://openwall.com/lists/oss-security/2014/05/07/7",
            },
            {
               name: "MDVSA-2015:117",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
               ],
               url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:117",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://advisories.mageia.org/MGASA-2014-0250.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17428#8",
            },
            {
               name: "[emacs-diffs] 20140506 emacs-24 r117067: find-gc.el misc fixes",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00056.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2014-3422",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "lisp/emacs-lisp/find-gc.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file under /tmp/esrc/.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "[oss-security] 20140507 Re: CVE Request - Predictable temporary filenames in GNU Emacs",
                     refsource: "MLIST",
                     url: "http://openwall.com/lists/oss-security/2014/05/07/7",
                  },
                  {
                     name: "MDVSA-2015:117",
                     refsource: "MANDRIVA",
                     url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:117",
                  },
                  {
                     name: "http://advisories.mageia.org/MGASA-2014-0250.html",
                     refsource: "CONFIRM",
                     url: "http://advisories.mageia.org/MGASA-2014-0250.html",
                  },
                  {
                     name: "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17428#8",
                     refsource: "CONFIRM",
                     url: "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17428#8",
                  },
                  {
                     name: "[emacs-diffs] 20140506 emacs-24 r117067: find-gc.el misc fixes",
                     refsource: "MLIST",
                     url: "http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00056.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2014-3422",
      datePublished: "2014-05-08T10:00:00",
      dateReserved: "2014-05-07T00:00:00",
      dateUpdated: "2024-08-06T10:43:05.616Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2014-8764
Vulnerability from cvelistv5
Published
2014-10-22 14:00
Modified
2024-08-06 13:26
Severity ?
Summary
DokuWiki 2014-05-05a and earlier, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a user name and password starting with a null (\0) character, which triggers an anonymous bind.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T13:26:02.463Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "[dokuwiki] 20140918 Fwd: Dokuwiki (maybe) security issue: Null byte poisoning in LDAP authentication",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.freelists.org/post/dokuwiki/Fwd-Dokuwiki-maybe-security-issue-Null-byte-poisoning-in-LDAP-authentication",
               },
               {
                  name: "61983",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/61983",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://advisories.mageia.org/MGASA-2014-0438.html",
               },
               {
                  name: "[oss-security] 20141013 CVE request: various security flaws in dokuwiki",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2014/10/13/3",
               },
               {
                  name: "[oss-security] 20141016 Re: CVE request: various security flaws in dokuwiki",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2014/10/16/9",
               },
               {
                  name: "DSA-3059",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2014/dsa-3059",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/splitbrain/dokuwiki/pull/868",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2014-09-18T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "DokuWiki 2014-05-05a and earlier, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a user name and password starting with a null (\\0) character, which triggers an anonymous bind.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2015-04-01T13:57:00",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "[dokuwiki] 20140918 Fwd: Dokuwiki (maybe) security issue: Null byte poisoning in LDAP authentication",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.freelists.org/post/dokuwiki/Fwd-Dokuwiki-maybe-security-issue-Null-byte-poisoning-in-LDAP-authentication",
            },
            {
               name: "61983",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/61983",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://advisories.mageia.org/MGASA-2014-0438.html",
            },
            {
               name: "[oss-security] 20141013 CVE request: various security flaws in dokuwiki",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2014/10/13/3",
            },
            {
               name: "[oss-security] 20141016 Re: CVE request: various security flaws in dokuwiki",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2014/10/16/9",
            },
            {
               name: "DSA-3059",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2014/dsa-3059",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/splitbrain/dokuwiki/pull/868",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2014-8764",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "DokuWiki 2014-05-05a and earlier, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a user name and password starting with a null (\\0) character, which triggers an anonymous bind.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "[dokuwiki] 20140918 Fwd: Dokuwiki (maybe) security issue: Null byte poisoning in LDAP authentication",
                     refsource: "MLIST",
                     url: "http://www.freelists.org/post/dokuwiki/Fwd-Dokuwiki-maybe-security-issue-Null-byte-poisoning-in-LDAP-authentication",
                  },
                  {
                     name: "61983",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/61983",
                  },
                  {
                     name: "http://advisories.mageia.org/MGASA-2014-0438.html",
                     refsource: "CONFIRM",
                     url: "http://advisories.mageia.org/MGASA-2014-0438.html",
                  },
                  {
                     name: "[oss-security] 20141013 CVE request: various security flaws in dokuwiki",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2014/10/13/3",
                  },
                  {
                     name: "[oss-security] 20141016 Re: CVE request: various security flaws in dokuwiki",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2014/10/16/9",
                  },
                  {
                     name: "DSA-3059",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2014/dsa-3059",
                  },
                  {
                     name: "https://github.com/splitbrain/dokuwiki/pull/868",
                     refsource: "CONFIRM",
                     url: "https://github.com/splitbrain/dokuwiki/pull/868",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2014-8764",
      datePublished: "2014-10-22T14:00:00",
      dateReserved: "2014-10-13T00:00:00",
      dateUpdated: "2024-08-06T13:26:02.463Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2014-9274
Vulnerability from cvelistv5
Published
2014-12-09 22:52
Modified
2024-08-06 13:40
Severity ?
Summary
UnRTF allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code as demonstrated by a file containing the string "{\cb-999999999".
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T13:40:24.592Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://advisories.mageia.org/MGASA-2014-0533.html",
               },
               {
                  name: "62811",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/62811",
               },
               {
                  name: "FEDORA-2014-17281",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147399.html",
               },
               {
                  name: "[oss-security] 20141204 Re: CVE request: out-of-bounds memory access flaw in unrtf",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2014/12/04/15",
               },
               {
                  name: "DSA-3158",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2015/dsa-3158",
               },
               {
                  name: "MDVSA-2015:007",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MANDRIVA",
                     "x_transferred",
                  ],
                  url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:007",
               },
               {
                  name: "71430",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/71430",
               },
               {
                  name: "[bug-unrtf] 20141124 out-of-bounds memory access in unrtf",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.gnu.org/archive/html/bug-unrtf/2014-11/msg00001.html",
               },
               {
                  name: "GLSA-201507-06",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/201507-06",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1170233",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2014-11-24T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "UnRTF allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code as demonstrated by a file containing the string \"{\\cb-999999999\".",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2016-12-20T16:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://advisories.mageia.org/MGASA-2014-0533.html",
            },
            {
               name: "62811",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/62811",
            },
            {
               name: "FEDORA-2014-17281",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147399.html",
            },
            {
               name: "[oss-security] 20141204 Re: CVE request: out-of-bounds memory access flaw in unrtf",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2014/12/04/15",
            },
            {
               name: "DSA-3158",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2015/dsa-3158",
            },
            {
               name: "MDVSA-2015:007",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
               ],
               url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:007",
            },
            {
               name: "71430",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/71430",
            },
            {
               name: "[bug-unrtf] 20141124 out-of-bounds memory access in unrtf",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.gnu.org/archive/html/bug-unrtf/2014-11/msg00001.html",
            },
            {
               name: "GLSA-201507-06",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/201507-06",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1170233",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2014-9274",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "UnRTF allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code as demonstrated by a file containing the string \"{\\cb-999999999\".",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "http://advisories.mageia.org/MGASA-2014-0533.html",
                     refsource: "CONFIRM",
                     url: "http://advisories.mageia.org/MGASA-2014-0533.html",
                  },
                  {
                     name: "62811",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/62811",
                  },
                  {
                     name: "FEDORA-2014-17281",
                     refsource: "FEDORA",
                     url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147399.html",
                  },
                  {
                     name: "[oss-security] 20141204 Re: CVE request: out-of-bounds memory access flaw in unrtf",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2014/12/04/15",
                  },
                  {
                     name: "DSA-3158",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2015/dsa-3158",
                  },
                  {
                     name: "MDVSA-2015:007",
                     refsource: "MANDRIVA",
                     url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:007",
                  },
                  {
                     name: "71430",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/71430",
                  },
                  {
                     name: "[bug-unrtf] 20141124 out-of-bounds memory access in unrtf",
                     refsource: "MLIST",
                     url: "https://lists.gnu.org/archive/html/bug-unrtf/2014-11/msg00001.html",
                  },
                  {
                     name: "GLSA-201507-06",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/201507-06",
                  },
                  {
                     name: "https://bugzilla.redhat.com/show_bug.cgi?id=1170233",
                     refsource: "CONFIRM",
                     url: "https://bugzilla.redhat.com/show_bug.cgi?id=1170233",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2014-9274",
      datePublished: "2014-12-09T22:52:00",
      dateReserved: "2014-12-04T00:00:00",
      dateUpdated: "2024-08-06T13:40:24.592Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2014-7824
Vulnerability from cvelistv5
Published
2014-11-18 15:00
Modified
2024-08-06 13:03
Severity ?
Summary
D-Bus 1.3.0 through 1.6.x before 1.6.26, 1.8.x before 1.8.10, and 1.9.x before 1.9.2 allows local users to cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3636.1.
References
http://www.openwall.com/lists/oss-security/2014/11/10/2mailing-list, x_refsource_MLIST
http://secunia.com/advisories/62603third-party-advisory, x_refsource_SECUNIA
http://advisories.mageia.org/MGASA-2014-0457.htmlx_refsource_CONFIRM
https://bugs.freedesktop.org/show_bug.cgi?id=85105x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/98576vdb-entry, x_refsource_XF
http://www.securityfocus.com/bid/71012vdb-entry, x_refsource_BID
http://www.ubuntu.com/usn/USN-2425-1vendor-advisory, x_refsource_UBUNTU
http://www.debian.org/security/2014/dsa-3099vendor-advisory, x_refsource_DEBIAN
http://www.mandriva.com/security/advisories?name=MDVSA-2015:176vendor-advisory, x_refsource_MANDRIVA
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T13:03:27.015Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "[oss-security] 20141110 CVE-2014-7824: D-Bus denial of service via incomplete fix for CVE-2014-3636",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2014/11/10/2",
               },
               {
                  name: "62603",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/62603",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://advisories.mageia.org/MGASA-2014-0457.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugs.freedesktop.org/show_bug.cgi?id=85105",
               },
               {
                  name: "dbus-cve20147824-dos(98576)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/98576",
               },
               {
                  name: "71012",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/71012",
               },
               {
                  name: "USN-2425-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-2425-1",
               },
               {
                  name: "DSA-3099",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2014/dsa-3099",
               },
               {
                  name: "MDVSA-2015:176",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MANDRIVA",
                     "x_transferred",
                  ],
                  url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2014-11-10T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "D-Bus 1.3.0 through 1.6.x before 1.6.26, 1.8.x before 1.8.10, and 1.9.x before 1.9.2 allows local users to cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3636.1.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-09-07T15:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "[oss-security] 20141110 CVE-2014-7824: D-Bus denial of service via incomplete fix for CVE-2014-3636",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2014/11/10/2",
            },
            {
               name: "62603",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/62603",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://advisories.mageia.org/MGASA-2014-0457.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugs.freedesktop.org/show_bug.cgi?id=85105",
            },
            {
               name: "dbus-cve20147824-dos(98576)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/98576",
            },
            {
               name: "71012",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/71012",
            },
            {
               name: "USN-2425-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-2425-1",
            },
            {
               name: "DSA-3099",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2014/dsa-3099",
            },
            {
               name: "MDVSA-2015:176",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
               ],
               url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2014-7824",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "D-Bus 1.3.0 through 1.6.x before 1.6.26, 1.8.x before 1.8.10, and 1.9.x before 1.9.2 allows local users to cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3636.1.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "[oss-security] 20141110 CVE-2014-7824: D-Bus denial of service via incomplete fix for CVE-2014-3636",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2014/11/10/2",
                  },
                  {
                     name: "62603",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/62603",
                  },
                  {
                     name: "http://advisories.mageia.org/MGASA-2014-0457.html",
                     refsource: "CONFIRM",
                     url: "http://advisories.mageia.org/MGASA-2014-0457.html",
                  },
                  {
                     name: "https://bugs.freedesktop.org/show_bug.cgi?id=85105",
                     refsource: "CONFIRM",
                     url: "https://bugs.freedesktop.org/show_bug.cgi?id=85105",
                  },
                  {
                     name: "dbus-cve20147824-dos(98576)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/98576",
                  },
                  {
                     name: "71012",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/71012",
                  },
                  {
                     name: "USN-2425-1",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/USN-2425-1",
                  },
                  {
                     name: "DSA-3099",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2014/dsa-3099",
                  },
                  {
                     name: "MDVSA-2015:176",
                     refsource: "MANDRIVA",
                     url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2014-7824",
      datePublished: "2014-11-18T15:00:00",
      dateReserved: "2014-10-03T00:00:00",
      dateUpdated: "2024-08-06T13:03:27.015Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2014-9037
Vulnerability from cvelistv5
Published
2014-11-25 23:00
Modified
2024-08-06 13:33
Severity ?
Summary
WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to obtain access to an account idle since 2008 by leveraging an improper PHP dynamic type comparison for an MD5 hash.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T13:33:13.510Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "DSA-3085",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2014/dsa-3085",
               },
               {
                  name: "[oss-security] 20141125 Re: WordPress 4.0.1 Security Release",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://openwall.com/lists/oss-security/2014/11/25/12",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://advisories.mageia.org/MGASA-2014-0493.html",
               },
               {
                  name: "1031243",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id/1031243",
               },
               {
                  name: "MDVSA-2014:233",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MANDRIVA",
                     "x_transferred",
                  ],
                  url: "http://www.mandriva.com/security/advisories?name=MDVSA-2014:233",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://wordpress.org/news/2014/11/wordpress-4-0-1/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2014-11-20T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to obtain access to an account idle since 2008 by leveraging an improper PHP dynamic type comparison for an MD5 hash.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2015-04-28T13:57:00",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "DSA-3085",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2014/dsa-3085",
            },
            {
               name: "[oss-security] 20141125 Re: WordPress 4.0.1 Security Release",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://openwall.com/lists/oss-security/2014/11/25/12",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://advisories.mageia.org/MGASA-2014-0493.html",
            },
            {
               name: "1031243",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id/1031243",
            },
            {
               name: "MDVSA-2014:233",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
               ],
               url: "http://www.mandriva.com/security/advisories?name=MDVSA-2014:233",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://wordpress.org/news/2014/11/wordpress-4-0-1/",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2014-9037",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to obtain access to an account idle since 2008 by leveraging an improper PHP dynamic type comparison for an MD5 hash.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "DSA-3085",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2014/dsa-3085",
                  },
                  {
                     name: "[oss-security] 20141125 Re: WordPress 4.0.1 Security Release",
                     refsource: "MLIST",
                     url: "http://openwall.com/lists/oss-security/2014/11/25/12",
                  },
                  {
                     name: "http://advisories.mageia.org/MGASA-2014-0493.html",
                     refsource: "CONFIRM",
                     url: "http://advisories.mageia.org/MGASA-2014-0493.html",
                  },
                  {
                     name: "1031243",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id/1031243",
                  },
                  {
                     name: "MDVSA-2014:233",
                     refsource: "MANDRIVA",
                     url: "http://www.mandriva.com/security/advisories?name=MDVSA-2014:233",
                  },
                  {
                     name: "https://wordpress.org/news/2014/11/wordpress-4-0-1/",
                     refsource: "CONFIRM",
                     url: "https://wordpress.org/news/2014/11/wordpress-4-0-1/",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2014-9037",
      datePublished: "2014-11-25T23:00:00",
      dateReserved: "2014-11-20T00:00:00",
      dateUpdated: "2024-08-06T13:33:13.510Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2014-3424
Vulnerability from cvelistv5
Published
2014-05-08 10:00
Modified
2024-08-06 10:43
Severity ?
Summary
lisp/net/tramp-sh.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/tramp.##### temporary file.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T10:43:05.773Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "[oss-security] 20140507 Re: CVE Request - Predictable temporary filenames in GNU Emacs",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://openwall.com/lists/oss-security/2014/05/07/7",
               },
               {
                  name: "[emacs-diffs] 20140506 emacs-24 r117071: Fix Bug#17415.",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00060.html",
               },
               {
                  name: "MDVSA-2015:117",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MANDRIVA",
                     "x_transferred",
                  ],
                  url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:117",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://advisories.mageia.org/MGASA-2014-0250.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17428#8",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2014-05-06T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "lisp/net/tramp-sh.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/tramp.##### temporary file.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2015-04-08T13:57:00",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "[oss-security] 20140507 Re: CVE Request - Predictable temporary filenames in GNU Emacs",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://openwall.com/lists/oss-security/2014/05/07/7",
            },
            {
               name: "[emacs-diffs] 20140506 emacs-24 r117071: Fix Bug#17415.",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00060.html",
            },
            {
               name: "MDVSA-2015:117",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
               ],
               url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:117",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://advisories.mageia.org/MGASA-2014-0250.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17428#8",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2014-3424",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "lisp/net/tramp-sh.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/tramp.##### temporary file.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "[oss-security] 20140507 Re: CVE Request - Predictable temporary filenames in GNU Emacs",
                     refsource: "MLIST",
                     url: "http://openwall.com/lists/oss-security/2014/05/07/7",
                  },
                  {
                     name: "[emacs-diffs] 20140506 emacs-24 r117071: Fix Bug#17415.",
                     refsource: "MLIST",
                     url: "http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00060.html",
                  },
                  {
                     name: "MDVSA-2015:117",
                     refsource: "MANDRIVA",
                     url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:117",
                  },
                  {
                     name: "http://advisories.mageia.org/MGASA-2014-0250.html",
                     refsource: "CONFIRM",
                     url: "http://advisories.mageia.org/MGASA-2014-0250.html",
                  },
                  {
                     name: "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17428#8",
                     refsource: "CONFIRM",
                     url: "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17428#8",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2014-3424",
      datePublished: "2014-05-08T10:00:00",
      dateReserved: "2014-05-07T00:00:00",
      dateUpdated: "2024-08-06T10:43:05.773Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2014-3533
Vulnerability from cvelistv5
Published
2014-07-19 19:00
Modified
2024-08-06 10:50
Severity ?
Summary
dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service (disconnect) via a certain sequence of crafted messages that cause the dbus-daemon to forward a message containing an invalid file descriptor.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T10:50:16.803Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "59798",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/59798",
               },
               {
                  name: "59611",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/59611",
               },
               {
                  name: "openSUSE-SU-2014:1239",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html",
               },
               {
                  name: "60236",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/60236",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugs.freedesktop.org/show_bug.cgi?id=80469",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://advisories.mageia.org/MGASA-2014-0294.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html",
               },
               {
                  name: "DSA-2971",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2014/dsa-2971",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugs.freedesktop.org/show_bug.cgi?id=79694",
               },
               {
                  name: "[oss-security] 20140702 CVE-2014-3532, -3533: two local DoS vulnerabilities in dbus-daemon",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://openwall.com/lists/oss-security/2014/07/02/4",
               },
               {
                  name: "MDVSA-2015:176",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MANDRIVA",
                     "x_transferred",
                  ],
                  url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2014-07-02T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service (disconnect) via a certain sequence of crafted messages that cause the dbus-daemon to forward a message containing an invalid file descriptor.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2016-10-12T16:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "59798",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/59798",
            },
            {
               name: "59611",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/59611",
            },
            {
               name: "openSUSE-SU-2014:1239",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html",
            },
            {
               name: "60236",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/60236",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugs.freedesktop.org/show_bug.cgi?id=80469",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://advisories.mageia.org/MGASA-2014-0294.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html",
            },
            {
               name: "DSA-2971",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2014/dsa-2971",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugs.freedesktop.org/show_bug.cgi?id=79694",
            },
            {
               name: "[oss-security] 20140702 CVE-2014-3532, -3533: two local DoS vulnerabilities in dbus-daemon",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://openwall.com/lists/oss-security/2014/07/02/4",
            },
            {
               name: "MDVSA-2015:176",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
               ],
               url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2014-3533",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service (disconnect) via a certain sequence of crafted messages that cause the dbus-daemon to forward a message containing an invalid file descriptor.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "59798",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/59798",
                  },
                  {
                     name: "59611",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/59611",
                  },
                  {
                     name: "openSUSE-SU-2014:1239",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html",
                  },
                  {
                     name: "60236",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/60236",
                  },
                  {
                     name: "https://bugs.freedesktop.org/show_bug.cgi?id=80469",
                     refsource: "CONFIRM",
                     url: "https://bugs.freedesktop.org/show_bug.cgi?id=80469",
                  },
                  {
                     name: "http://advisories.mageia.org/MGASA-2014-0294.html",
                     refsource: "CONFIRM",
                     url: "http://advisories.mageia.org/MGASA-2014-0294.html",
                  },
                  {
                     name: "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html",
                     refsource: "CONFIRM",
                     url: "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html",
                  },
                  {
                     name: "DSA-2971",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2014/dsa-2971",
                  },
                  {
                     name: "https://bugs.freedesktop.org/show_bug.cgi?id=79694",
                     refsource: "CONFIRM",
                     url: "https://bugs.freedesktop.org/show_bug.cgi?id=79694",
                  },
                  {
                     name: "[oss-security] 20140702 CVE-2014-3532, -3533: two local DoS vulnerabilities in dbus-daemon",
                     refsource: "MLIST",
                     url: "http://openwall.com/lists/oss-security/2014/07/02/4",
                  },
                  {
                     name: "MDVSA-2015:176",
                     refsource: "MANDRIVA",
                     url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2014-3533",
      datePublished: "2014-07-19T19:00:00",
      dateReserved: "2014-05-14T00:00:00",
      dateUpdated: "2024-08-06T10:50:16.803Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2014-3423
Vulnerability from cvelistv5
Published
2014-05-08 10:00
Modified
2024-08-06 10:43
Severity ?
Summary
lisp/net/browse-url.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/Mosaic.##### temporary file.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T10:43:06.077Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "[oss-security] 20140507 Re: CVE Request - Predictable temporary filenames in GNU Emacs",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://openwall.com/lists/oss-security/2014/05/07/7",
               },
               {
                  name: "[emacs-diffs] 20140506 emacs-24 r117068: browse-url.el comment",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00057.html",
               },
               {
                  name: "MDVSA-2015:117",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MANDRIVA",
                     "x_transferred",
                  ],
                  url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:117",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://advisories.mageia.org/MGASA-2014-0250.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17428#8",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2014-05-06T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "lisp/net/browse-url.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/Mosaic.##### temporary file.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2015-04-08T13:57:00",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "[oss-security] 20140507 Re: CVE Request - Predictable temporary filenames in GNU Emacs",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://openwall.com/lists/oss-security/2014/05/07/7",
            },
            {
               name: "[emacs-diffs] 20140506 emacs-24 r117068: browse-url.el comment",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00057.html",
            },
            {
               name: "MDVSA-2015:117",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
               ],
               url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:117",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://advisories.mageia.org/MGASA-2014-0250.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17428#8",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2014-3423",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "lisp/net/browse-url.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/Mosaic.##### temporary file.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "[oss-security] 20140507 Re: CVE Request - Predictable temporary filenames in GNU Emacs",
                     refsource: "MLIST",
                     url: "http://openwall.com/lists/oss-security/2014/05/07/7",
                  },
                  {
                     name: "[emacs-diffs] 20140506 emacs-24 r117068: browse-url.el comment",
                     refsource: "MLIST",
                     url: "http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00057.html",
                  },
                  {
                     name: "MDVSA-2015:117",
                     refsource: "MANDRIVA",
                     url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:117",
                  },
                  {
                     name: "http://advisories.mageia.org/MGASA-2014-0250.html",
                     refsource: "CONFIRM",
                     url: "http://advisories.mageia.org/MGASA-2014-0250.html",
                  },
                  {
                     name: "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17428#8",
                     refsource: "MISC",
                     url: "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17428#8",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2014-3423",
      datePublished: "2014-05-08T10:00:00",
      dateReserved: "2014-05-07T00:00:00",
      dateUpdated: "2024-08-06T10:43:06.077Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2014-9039
Vulnerability from cvelistv5
Published
2014-11-25 23:00
Modified
2024-08-06 13:33
Severity ?
Summary
wp-login.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to reset passwords by leveraging access to an e-mail account that received a password-reset message.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T13:33:13.527Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "DSA-3085",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2014/dsa-3085",
               },
               {
                  name: "[oss-security] 20141125 Re: WordPress 4.0.1 Security Release",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://openwall.com/lists/oss-security/2014/11/25/12",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://advisories.mageia.org/MGASA-2014-0493.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://core.trac.wordpress.org/changeset/30431",
               },
               {
                  name: "1031243",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id/1031243",
               },
               {
                  name: "MDVSA-2014:233",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MANDRIVA",
                     "x_transferred",
                  ],
                  url: "http://www.mandriva.com/security/advisories?name=MDVSA-2014:233",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://wordpress.org/news/2014/11/wordpress-4-0-1/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2014-11-20T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "wp-login.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to reset passwords by leveraging access to an e-mail account that received a password-reset message.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2015-04-28T13:57:00",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "DSA-3085",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2014/dsa-3085",
            },
            {
               name: "[oss-security] 20141125 Re: WordPress 4.0.1 Security Release",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://openwall.com/lists/oss-security/2014/11/25/12",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://advisories.mageia.org/MGASA-2014-0493.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://core.trac.wordpress.org/changeset/30431",
            },
            {
               name: "1031243",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id/1031243",
            },
            {
               name: "MDVSA-2014:233",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
               ],
               url: "http://www.mandriva.com/security/advisories?name=MDVSA-2014:233",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://wordpress.org/news/2014/11/wordpress-4-0-1/",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2014-9039",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "wp-login.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to reset passwords by leveraging access to an e-mail account that received a password-reset message.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "DSA-3085",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2014/dsa-3085",
                  },
                  {
                     name: "[oss-security] 20141125 Re: WordPress 4.0.1 Security Release",
                     refsource: "MLIST",
                     url: "http://openwall.com/lists/oss-security/2014/11/25/12",
                  },
                  {
                     name: "http://advisories.mageia.org/MGASA-2014-0493.html",
                     refsource: "CONFIRM",
                     url: "http://advisories.mageia.org/MGASA-2014-0493.html",
                  },
                  {
                     name: "http://core.trac.wordpress.org/changeset/30431",
                     refsource: "CONFIRM",
                     url: "http://core.trac.wordpress.org/changeset/30431",
                  },
                  {
                     name: "1031243",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id/1031243",
                  },
                  {
                     name: "MDVSA-2014:233",
                     refsource: "MANDRIVA",
                     url: "http://www.mandriva.com/security/advisories?name=MDVSA-2014:233",
                  },
                  {
                     name: "https://wordpress.org/news/2014/11/wordpress-4-0-1/",
                     refsource: "CONFIRM",
                     url: "https://wordpress.org/news/2014/11/wordpress-4-0-1/",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2014-9039",
      datePublished: "2014-11-25T23:00:00",
      dateReserved: "2014-11-20T00:00:00",
      dateUpdated: "2024-08-06T13:33:13.527Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2014-3421
Vulnerability from cvelistv5
Published
2014-05-08 10:00
Modified
2024-08-06 10:43
Severity ?
Summary
lisp/gnus/gnus-fun.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on the /tmp/gnus.face.ppm temporary file.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T10:43:05.509Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "[oss-security] 20140507 Re: CVE Request - Predictable temporary filenames in GNU Emacs",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://openwall.com/lists/oss-security/2014/05/07/7",
               },
               {
                  name: "[emacs-diffs] 20140506 emacs-24 r117066: * gnus-fun.el (gnus-grab-cam-face): Do not use predictable temp-file name.",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00055.html",
               },
               {
                  name: "MDVSA-2015:117",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MANDRIVA",
                     "x_transferred",
                  ],
                  url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:117",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://advisories.mageia.org/MGASA-2014-0250.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17428#8",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2014-05-06T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "lisp/gnus/gnus-fun.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on the /tmp/gnus.face.ppm temporary file.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2015-04-08T13:57:00",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "[oss-security] 20140507 Re: CVE Request - Predictable temporary filenames in GNU Emacs",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://openwall.com/lists/oss-security/2014/05/07/7",
            },
            {
               name: "[emacs-diffs] 20140506 emacs-24 r117066: * gnus-fun.el (gnus-grab-cam-face): Do not use predictable temp-file name.",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00055.html",
            },
            {
               name: "MDVSA-2015:117",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
               ],
               url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:117",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://advisories.mageia.org/MGASA-2014-0250.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17428#8",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2014-3421",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "lisp/gnus/gnus-fun.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on the /tmp/gnus.face.ppm temporary file.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "[oss-security] 20140507 Re: CVE Request - Predictable temporary filenames in GNU Emacs",
                     refsource: "MLIST",
                     url: "http://openwall.com/lists/oss-security/2014/05/07/7",
                  },
                  {
                     name: "[emacs-diffs] 20140506 emacs-24 r117066: * gnus-fun.el (gnus-grab-cam-face): Do not use predictable temp-file name.",
                     refsource: "MLIST",
                     url: "http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00055.html",
                  },
                  {
                     name: "MDVSA-2015:117",
                     refsource: "MANDRIVA",
                     url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:117",
                  },
                  {
                     name: "http://advisories.mageia.org/MGASA-2014-0250.html",
                     refsource: "CONFIRM",
                     url: "http://advisories.mageia.org/MGASA-2014-0250.html",
                  },
                  {
                     name: "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17428#8",
                     refsource: "CONFIRM",
                     url: "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17428#8",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2014-3421",
      datePublished: "2014-05-08T10:00:00",
      dateReserved: "2014-05-07T00:00:00",
      dateUpdated: "2024-08-06T10:43:05.509Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2014-4668
Vulnerability from cvelistv5
Published
2014-07-02 01:00
Modified
2024-08-06 11:27
Severity ?
Summary
The cherokee_validator_ldap_check function in validator_ldap.c in Cherokee 1.2.103 and earlier, when LDAP is used, does not properly consider unauthenticated-bind semantics, which allows remote attackers to bypass authentication via an empty password.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T11:27:35.278Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "68249",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/68249",
               },
               {
                  name: "[oss-security] 20140628 Re: CVE request / advisory: Cherokee",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://openwall.com/lists/oss-security/2014/06/28/7",
               },
               {
                  name: "FEDORA-2015-6392",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156190.html",
               },
               {
                  name: "MDVSA-2015:225",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MANDRIVA",
                     "x_transferred",
                  ],
                  url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:225",
               },
               {
                  name: "FEDORA-2015-6279",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156162.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/cherokee/webserver/commit/fbda667221c51f0aa476a02366e0cf66cb012f88",
               },
               {
                  name: "[oss-security] 20140628 CVE request / advisory: Cherokee",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://openwall.com/lists/oss-security/2014/06/28/3",
               },
               {
                  name: "FEDORA-2015-6194",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155776.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://advisories.mageia.org/MGASA-2015-0181.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2014-06-28T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The cherokee_validator_ldap_check function in validator_ldap.c in Cherokee 1.2.103 and earlier, when LDAP is used, does not properly consider unauthenticated-bind semantics, which allows remote attackers to bypass authentication via an empty password.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2016-12-30T15:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "68249",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/68249",
            },
            {
               name: "[oss-security] 20140628 Re: CVE request / advisory: Cherokee",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://openwall.com/lists/oss-security/2014/06/28/7",
            },
            {
               name: "FEDORA-2015-6392",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156190.html",
            },
            {
               name: "MDVSA-2015:225",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
               ],
               url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:225",
            },
            {
               name: "FEDORA-2015-6279",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156162.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/cherokee/webserver/commit/fbda667221c51f0aa476a02366e0cf66cb012f88",
            },
            {
               name: "[oss-security] 20140628 CVE request / advisory: Cherokee",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://openwall.com/lists/oss-security/2014/06/28/3",
            },
            {
               name: "FEDORA-2015-6194",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155776.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://advisories.mageia.org/MGASA-2015-0181.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2014-4668",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The cherokee_validator_ldap_check function in validator_ldap.c in Cherokee 1.2.103 and earlier, when LDAP is used, does not properly consider unauthenticated-bind semantics, which allows remote attackers to bypass authentication via an empty password.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "68249",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/68249",
                  },
                  {
                     name: "[oss-security] 20140628 Re: CVE request / advisory: Cherokee",
                     refsource: "MLIST",
                     url: "http://openwall.com/lists/oss-security/2014/06/28/7",
                  },
                  {
                     name: "FEDORA-2015-6392",
                     refsource: "FEDORA",
                     url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156190.html",
                  },
                  {
                     name: "MDVSA-2015:225",
                     refsource: "MANDRIVA",
                     url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:225",
                  },
                  {
                     name: "FEDORA-2015-6279",
                     refsource: "FEDORA",
                     url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156162.html",
                  },
                  {
                     name: "https://github.com/cherokee/webserver/commit/fbda667221c51f0aa476a02366e0cf66cb012f88",
                     refsource: "CONFIRM",
                     url: "https://github.com/cherokee/webserver/commit/fbda667221c51f0aa476a02366e0cf66cb012f88",
                  },
                  {
                     name: "[oss-security] 20140628 CVE request / advisory: Cherokee",
                     refsource: "MLIST",
                     url: "http://openwall.com/lists/oss-security/2014/06/28/3",
                  },
                  {
                     name: "FEDORA-2015-6194",
                     refsource: "FEDORA",
                     url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155776.html",
                  },
                  {
                     name: "http://advisories.mageia.org/MGASA-2015-0181.html",
                     refsource: "CONFIRM",
                     url: "http://advisories.mageia.org/MGASA-2015-0181.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2014-4668",
      datePublished: "2014-07-02T01:00:00",
      dateReserved: "2014-06-26T00:00:00",
      dateUpdated: "2024-08-06T11:27:35.278Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}