CVE-2014-5255

Опубликовано: 21 нояб. 2019

Источник: nvd

CVSS3: 7

CVSS2: 4.4

EPSS Низкий

Описание

xcfa before 5.0.1 creates temporary files insecurely which could allow local users to launch a symlink attack and overwrite arbitrary files. Note: A different vulnerability than CVE-2014-5254.

Ссылки

http://www.openwall.com/lists/oss-security/2014/08/15/4
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/69020
Third Party Advisory
VDB Entry
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756600
Exploit
Mailing List
Third Party Advisory
https://bugs.gentoo.org/show_bug.cgi?id=CVE-2014-5255
Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/95332
Third Party Advisory
VDB Entry
https://security-tracker.debian.org/tracker/CVE-2014-5255
Third Party Advisory
http://www.openwall.com/lists/oss-security/2014/08/15/4
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/69020
Third Party Advisory
VDB Entry
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756600
Exploit
Mailing List
Third Party Advisory
https://bugs.gentoo.org/show_bug.cgi?id=CVE-2014-5255
Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/95332
Third Party Advisory
VDB Entry
https://security-tracker.debian.org/tracker/CVE-2014-5255
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:xcfa_project:xcfa:*:*:*:*:*:*:*:*

Версия до 5.0.1 (исключая)

Конфигурация 2

Одно из

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

EPSS

Процентиль: 25%

0.00088

Низкий

7 High

CVSS3

4.4 Medium

CVSS2

Дефекты

CWE-362

Связанные уязвимости

CVE-2014-5255

CVSS3: 7

ubuntu

около 6 лет назад

xcfa before 5.0.1 creates temporary files insecurely which could allow local users to launch a symlink attack and overwrite arbitrary files. Note: A different vulnerability than CVE-2014-5254.

CVE-2014-5255

CVSS3: 7

debian

около 6 лет назад

xcfa before 5.0.1 creates temporary files insecurely which could allow ...

GHSA-mrc9-9rhm-fccj

CVSS3: 7

github

больше 3 лет назад

xcfa before 5.0.1 creates temporary files insecurely which could allow local users to launch a symlink attack and overwrite arbitrary files. Note: A different vulnerability than CVE-2014-5254.

EPSS

Процентиль: 25%

0.00088

Низкий

7 High

CVSS3

4.4 Medium

CVSS2

Дефекты

CWE-362