2 matches found
CVE-2014-1839
CVE-2014-1839 affects logilab-common (shellutils) before version 0.61.0. The Execute class in shellutils uses tempfile.mktemp, enabling local users to pre-create the temporary file and potentially impact the system. The vulnerability is local in scope with partial confidentiality/integrity/availa...
CVE-2014-1838
The CVE-2014-1838 issue affects logilab-common (before 0.61.0). The vulnerable components are extract_keys_from_pdf and fill_pdf in pdf_ext.py, which allow a local attacker to overwrite arbitrary files via a symlink attack on /tmp/toto.fdf. Impact is local, with partial confidentiality/integrity/...