{"vulnerability": "CVE-2014-1420", "sightings": [{"uuid": "72a8f078-49dc-417d-8a19-7e909356d173", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2014-1420", "type": "seen", "source": "https://t.me/cibsecurity/14608", "content": "ATENTION\u203c New - CVE-2014-1420\n\nOn desktop, Ubuntu UI Toolkit's StateSaver would serialise data on tmp/ files which an attacker could use to expose potentially sensitive data. StateSaver would also open files without the O_EXCL flag. An attacker could exploit this to launch a symlink attack, though this is partially mitigated by symlink and hardlink restrictions in Ubuntu. Fixed in 1.1.1188+14.10.20140813.4-0ubuntu1.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-09-11T07:55:32.000000Z"}]}