|
291501
|
- |
|
google
|
chrome
|
Multiple unspecified vulnerabilities in Google Chrome before 32.0.1700.102 have unknown impact and attack vectors, related to 12 "security fixes [that were not] either contributed by external researc…
|
NVD-CWE-noinfo
|
CVE-2014-1681
|
2024-11-21 11:04 |
2014-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291502
|
- |
|
debian
|
axiom
|
axiom-test.sh in axiom 20100701-1.1 uses tempfile to create a safe temporary file but appends a suffix to the original filename and writes to this new filename, which allows local users to overwrite …
|
CWE-59
Link Following
|
CVE-2014-1640
|
2024-11-21 11:04 |
2014-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291503
|
- |
|
debian
|
syncevolution
|
syncevo/installcheck-local.sh in syncevolution before 1.3.99.7 uses mktemp to create a safe temporary file but appends a suffix to the original filename and writes to this new filename, which allows …
|
CWE-59
Link Following
|
CVE-2014-1639
|
2024-11-21 11:04 |
2014-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291504
|
- |
|
debian
|
localepurge
|
(1) debian/postrm and (2) debian/localepurge.config in localepurge before 0.7.3.2 use tempfile to create a safe temporary file but appends a suffix to the original filename and writes to this new fil…
|
CWE-59
Link Following
|
CVE-2014-1638
|
2024-11-21 11:04 |
2014-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291505
|
- |
|
python
|
pyxdg
|
Race condition in the xdg.BaseDirectory.get_runtime_dir function in python-xdg 0.25 allows local users to overwrite arbitrary files by pre-creating /tmp/pyxdg-runtime-dir-fallback-victim to point to …
|
CWE-59
Link Following
|
CVE-2014-1624
|
2024-11-21 11:04 |
2014-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291506
|
- |
|
python
|
rply
|
The parser cache functionality in parsergenerator.py in RPLY (aka python-rply) before 0.7.1 allows local users to spoof cache data by pre-creating a temporary rply-*.json file with a predictable name.
|
NVD-CWE-Other
|
CVE-2014-1604
|
2024-11-21 11:04 |
2014-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291507
|
- |
|
citrix
|
gotomeeting
|
The Citrix GoToMeeting application 5.0.799.1238 for Android logs HTTP requests containing sensitive information, which allows attackers to obtain user IDs, meeting details, and authentication tokens …
|
CWE-200
Information Exposure
|
CVE-2014-1664
|
2024-11-21 11:04 |
2014-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291508
|
- |
|
drupal
|
drupal
|
Cross-site scripting (XSS) vulnerability in the EventCalendar module for Drupal 7.14 allows remote attackers to inject arbitrary web script or HTML via the year parameter to eventcalander/. NOTE: thi…
|
CWE-79
Cross-site Scripting
|
CVE-2014-1607
|
2024-11-21 11:04 |
2014-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291509
|
- |
|
xen
|
xen
|
The do_physdev_op function in Xen 4.1.5, 4.1.6.1, 4.2.2 through 4.2.3, and 4.3.x does not properly restrict access to the (1) PHYSDEVOP_prepare_msix and (2) PHYSDEVOP_release_msix operations, which a…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-1666
|
2024-11-21 11:04 |
2014-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291510
|
- |
|
xen
|
xen
|
The IRQ setup in Xen 4.2.x and 4.3.x, when using device passthrough and configured to support a large number of CPUs, frees certain memory that may still be intended for use, which allows local guest…
|
CWE-399
Resource Management Errors
|
CVE-2014-1642
|
2024-11-21 11:04 |
2014-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
