Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

CVE ID:CVE-2014-1933
Description:The (1) JpegImagePlugin.py and (2) EpsImagePlugin.py scripts in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 uses the names of temporary files on the command line, which makes it easier for local users to conduct symlink attacks by listing the processes.
Test IDs: 1.3.6.1.4.1.25623.1.0.867740   1.3.6.1.4.1.25623.1.0.867750   1.3.6.1.4.1.25623.1.1.4.2014.0705.1  
Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2014-1933
BugTraq ID: 65513
http://www.securityfocus.com/bid/65513
https://security.gentoo.org/glsa/201612-52
http://www.openwall.com/lists/oss-security/2014/02/10/15
http://www.openwall.com/lists/oss-security/2014/02/11/1
SuSE Security Announcement: openSUSE-SU-2014:0591 (Google Search)
http://lists.opensuse.org/opensuse-updates/2014-05/msg00002.html
http://www.ubuntu.com/usn/USN-2168-1




© 1998-2024 E-Soft Inc. All rights reserved.