Lucene search
K

4459 matches found

Prion
Prion
added 2014/03/11 7:37 p.m.22 views

Code injection

The Execute class in shellutils in logilab-commons before 0.61.0 uses tempfile.mktemp, which allows local users to have an unspecified impact by pre-creating the temporary file...

4.4CVSS6.6AI score0.00355EPSS
Exploits0References5Affected Software2
UbuntuCve
UbuntuCve
added 2014/03/11 7:37 p.m.33 views

CVE-2014-1839

The Execute class in shellutils in logilab-commons before 0.61.0 uses tempfile.mktemp, which allows local users to have an unspecified impact by pre-creating the temporary file...

4.4CVSS5.9AI score0.00355EPSS
Exploits0References2
Cvelist
Cvelist
added 2014/03/11 3:0 p.m.49 views

CVE-2014-1839

The Execute class in shellutils in logilab-commons before 0.61.0 uses tempfile.mktemp, which allows local users to have an unspecified impact by pre-creating the temporary file...

5.9AI score0.00355EPSS
Exploits0References5
CVE
CVE
added 2014/03/11 3:0 p.m.76 views

CVE-2014-1838

The CVE-2014-1838 issue affects logilab-common (before 0.61.0). The vulnerable components are extract_keys_from_pdf and fill_pdf in pdf_ext.py, which allow a local attacker to overwrite arbitrary files via a symlink attack on /tmp/toto.fdf. Impact is local, with partial confidentiality/integrity/...

4.4CVSS6.4AI score0.00343EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2014/03/11 3:0 p.m.40 views

CVE-2014-1838

The 1 extractkeysfrompdf and 2 fillpdf functions in pdfext.py in logilab-commons before 0.61.0 allows local users to overwrite arbitrary files and possibly have other unspecified impact via a symlink attack on /tmp/toto.fdf...

6.2AI score0.00343EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2014/03/11 3:0 p.m.26 views

CVE-2014-1839

The Execute class in shellutils in logilab-commons before 0.61.0 uses tempfile.mktemp, which allows local users to have an unspecified impact by pre-creating the temporary file...

4.4CVSS6.1AI score0.00355EPSS
Exploits0
CVE
CVE
added 2014/03/11 3:0 p.m.79 views

CVE-2014-1839

CVE-2014-1839 affects logilab-common (shellutils) before version 0.61.0. The Execute class in shellutils uses tempfile.mktemp, enabling local users to pre-create the temporary file and potentially impact the system. The vulnerability is local in scope with partial confidentiality/integrity/availa...

4.4CVSS6AI score0.00355EPSS
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2014/03/06 12:0 a.m.47 views

RHEL 5 / 6 : Red Hat JBoss Enterprise Application Platform 6.2.1 (RHSA-2014:0253)

The remote Redhat Enterprise Linux 5 / 6 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2014:0253 advisory. Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. A denial of service flaw...

7.5CVSS7.1AI score0.83175EPSS
Exploits8References5
RedHat Linux
RedHat Linux
added 2014/03/05 7:5 p.m.52 views

Moderate: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.2.1 security update

An update for Red Hat JBoss Enterprise Application Platform 6.2.1 that fixes one security issue is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score,...

7.5CVSS6.7AI score0.83175EPSS
Exploits8References4
RedHat Linux
RedHat Linux
added 2014/03/05 7:5 p.m.5 views

apache-commons-fileupload: denial of service due to too-small buffer size used by MultipartStream

A denial of service flaw was found in the way Apache Commons FileUpload, which is embedded in Tomcat and JBoss Web, handled small-sized buffers used by MultipartStream. A remote attacker could use this flaw to create a malformed Content-Type header for a multipart request, causing Tomcat to enter...

7.5CVSS6.7AI score0.83175EPSS
Exploits8References4
RedHat Linux
RedHat Linux
added 2014/03/05 7:5 p.m.62 views

Moderate: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.2.1 security update

Updated Red Hat JBoss Enterprise Application Platform 6.2.1 packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base...

7.5CVSS6.7AI score0.83175EPSS
Exploits8References2
RedHat Linux
RedHat Linux
added 2014/03/05 7:5 p.m.5 views

apache-commons-fileupload: denial of service due to too-small buffer size used by MultipartStream

A denial of service flaw was found in the way Apache Commons FileUpload, which is embedded in Tomcat and JBoss Web, handled small-sized buffers used by MultipartStream. A remote attacker could use this flaw to create a malformed Content-Type header for a multipart request, causing Tomcat to enter...

7.5CVSS6.7AI score0.83175EPSS
Exploits8References4
OSV
OSV
added 2014/02/28 6:59 p.m.12 views

MGASA-2014-0110 Updated tomcat packages fix CVE-2014-0050

Updated tomcat packages fix security vulnerability: It was discovered that the Apache Commons FileUpload package for Java could enter an infinite loop while processing a multipart request with a crafted Content-Type, resulting in a denial-of-service condition CVE-2014-0050. Tomcat 7 includes an...

7.5CVSS6.5AI score0.83175EPSS
Exploits8References4
Mageia
Mageia
added 2014/02/28 6:59 p.m.64 views

Updated tomcat packages fix CVE-2014-0050

Updated tomcat packages fix security vulnerability: It was discovered that the Apache Commons FileUpload package for Java could enter an infinite loop while processing a multipart request with a crafted Content-Type, resulting in a denial-of-service condition CVE-2014-0050. Tomcat 7 includes an...

7.5CVSS7.7AI score0.83175EPSS
Exploits8References3
OSV
OSV
added 2014/02/28 6:57 p.m.10 views

MGASA-2014-0109 Updated apache-commons-fileupload package fixes CVE-2014-0050

Updated apache-commons-fileupload packages fix security vulnerability: It was discovered that the Apache Commons FileUpload package for Java could enter an infinite loop while processing a multipart request with a crafted Content-Type, resulting in a denial-of-service condition CVE-2014-0050...

7.5CVSS6.5AI score0.83175EPSS
Exploits8References5
Mageia
Mageia
added 2014/02/28 6:57 p.m.48 views

Updated apache-commons-fileupload package fixes CVE-2014-0050

Updated apache-commons-fileupload packages fix security vulnerability: It was discovered that the Apache Commons FileUpload package for Java could enter an infinite loop while processing a multipart request with a crafted Content-Type, resulting in a denial-of-service condition CVE-2014-0050...

7.5CVSS7.7AI score0.83175EPSS
Exploits8References4
Tenable Nessus
Tenable Nessus
added 2014/02/25 12:0 a.m.39 views

Apache Tomcat 8.0.0-RC1 < 8.0.3

The version of Tomcat installed on the remote host is prior to 8.0.3. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat8.0.3security-8 advisory. - MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other...

7.5CVSS7.1AI score0.83175EPSS
Exploits8References3
Metasploit
Metasploit
added 2014/02/22 1:56 p.m.87 views

Apache Commons FileUpload and Apache Tomcat DoS

This module triggers an infinite loop in Apache Commons FileUpload 1.0 through 1.3 via a specially crafted Content-Type header. Apache Tomcat 7 and Apache Tomcat 8 use a copy of FileUpload to handle mime-multipart requests, therefore, Apache Tomcat 7.0.0 through 7.0.50 and 8.0.0-RC1 through 8.0.1...

7.5CVSS6.8AI score0.83175EPSS
Exploits8
OpenVAS
OpenVAS
added 2014/02/20 12:0 a.m.48 views

Fedora Update for apache-commons-fileupload FEDORA-2014-2175

Check for the Version of apache-commons-fileupload OpenVAS Vulnerability Test Fedora Update for apache-commons-fileupload FEDORA-2014-2175 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can...

7.5CVSS0.3AI score0.83175EPSS
Exploits8References2
OpenVAS
OpenVAS
added 2014/02/20 12:0 a.m.56 views

Fedora Update for apache-commons-fileupload FEDORA-2014-2183

Check for the Version of apache-commons-fileupload OpenVAS Vulnerability Test Fedora Update for apache-commons-fileupload FEDORA-2014-2183 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can...

7.5CVSS0.3AI score0.83175EPSS
Exploits8References2
Rows per page
Query Builder