CVSS: 9.8EPSS: 7%CPEs: 8EXPL: 1CVE-2014-8089 – Debian Security Advisory 3265-1
https://notcve.org/view.php?id=CVE-2014-8089
30 Mar 2015 — SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before 2.3.3, when using the sqlsrv PHP extension, allows remote attackers to execute arbitrary SQL commands via a null byte. Una vulnerabilidad de inyección SQL en Zend Framework versiones anteriores a 1.12.9, versiones 2.2.x anteriores a 2.2.8 y versiones 2.3.x anteriores a 2.3.3, cuando se usa la extensión PHP sqlsrv, permite a atacantes remotos ejecutar comandos SQL arbitrarios por medio de un byte null. XML eXter... • http://framework.zend.com/security/advisory/ZF2014-06 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2014-1859 – Mandriva Linux Security Advisory 2015-077
https://notcve.org/view.php?id=CVE-2014-1859
27 Mar 2015 — (1) core/tests/test_memmap.py, (2) core/tests/test_multiarray.py, (3) f2py/f2py2e.py, and (4) lib/tests/test_io.py in NumPy before 1.8.1 allow local users to write to arbitrary files via a symlink attack on a temporary file. (1) core/tests/test_memmap.py, (2) core/tests/test_multiarray.py, (3) f2py/f2py2e.py y (4) lib/tests/test_io.py en NumPy en versiones anteriores a la 1.8.1 permiten que los usuarios locales escriban en archivos arbitrarios mediante un ataque symlink en un archivo temporal. f2py insecure... • http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128358.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.5EPSS: 2%CPEs: 20EXPL: 0CVE-2014-8132 – Mandriva Linux Security Advisory 2015-020
https://notcve.org/view.php?id=CVE-2014-8132
29 Dec 2014 — Double free vulnerability in the ssh_packet_kexinit function in kex.c in libssh 0.5.x and 0.6.x before 0.6.4 allows remote attackers to cause a denial of service via a crafted kexinit packet. Vulnerabilidad de doble liberación en la función ssh_packet_kexinit en kex.c en libssh 0.5.x y 0.6.x anterior a 0.6.4 permite a atacantes remotos causar una denegación de servicio a través del paquete modificado kexinit. When using libssh before 0.6.3, a libssh-based server, when accepting a new connection, forks and t... • http://advisories.mageia.org/MGASA-2015-0014.html •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2014-3219 – Gentoo Linux Security Advisory 201412-49
https://notcve.org/view.php?id=CVE-2014-3219
29 Dec 2014 — fish before 2.1.1 allows local users to write to arbitrary files via a symlink attack on (1) /tmp/fishd.log.%s, (2) /tmp/.pac-cache.$USER, (3) /tmp/.yum-cache.$USER, or (4) /tmp/.rpm-cache.$USER. fish, en versiones anteriores a la 2.1.1, permite que usuarios locales escriban en archivos arbitrarios mediante un ataque de vínculo simbólico en (1) /tmp/fishd.log. • http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132751.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 9.8EPSS: 2%CPEs: 23EXPL: 0CVE-2014-8964 – pcre: incorrect handling of zero-repeat assertion conditions
https://notcve.org/view.php?id=CVE-2014-8964
16 Dec 2014 — Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero repeats. Desbordamiento de buffer basado en memoria dinámica en PCRE 8.36 y anteriores permite a atacantes remotos causar una denegación de servicio (caída) o tener otro impacto no especificado a través de una expresión regular manipulada, relacionado con una aserción que permite cero repet... • http://advisories.mageia.org/MGASA-2014-0534.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 2CVE-2014-8737 – binutils: directory traversal vulnerability
https://notcve.org/view.php?id=CVE-2014-8737
09 Dec 2014 — Multiple directory traversal vulnerabilities in GNU binutils 2.24 and earlier allow local users to delete arbitrary files via a .. (dot dot) or full path name in an archive to (1) strip or (2) objcopy or create arbitrary files via (3) a .. (dot dot) or full path name in an archive to ar. Múltiples vulnerabilidades de salto de directorio en GNU binutils 2.24 y anteriores permiten a usuarios locales eliminar ficheros arbitrarios a través de un .. (punto punto) o nombre completo de ruta en un archivo en (1) st... • http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145256.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 2%CPEs: 8EXPL: 0CVE-2014-8484 – binutils: invalid read flaw in libbfd
https://notcve.org/view.php?id=CVE-2014-8484
09 Dec 2014 — The srec_scan function in bfd/srec.c in libdbfd in GNU binutils before 2.25 allows remote attackers to cause a denial of service (out-of-bounds read) via a small S-record. La función srec_scan en bfd/srec.c en libdbfd en GNU binutils anterior a 2.25 permite a atacantes remotos causar una denegación de servicio (lectura fuera de rango) a través de un S-record pequeño. An integer overflow flaw was found in the way the strings utility processed certain files. If a user were tricked into running the strings uti... • http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145262.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-839: Numeric Range Comparison Without Minimum Check •
CVSS: 7.8EPSS: 4%CPEs: 8EXPL: 1CVE-2014-8485 – binutils: lack of range checking leading to controlled write in _bfd_elf_setup_sections()
https://notcve.org/view.php?id=CVE-2014-8485
09 Dec 2014 — The setup_group function in bfd/elf.c in libbfd in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted section group headers in an ELF file. La función setup_group en bfd/elf.c en libbfd en GNU binutils 2.24 y anteriores permite a atacantes remotos causar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de cabeceras de grupo de sección manipuladas en un fichero ELF. A buffer overflow f... • http://lcamtuf.blogspot.co.uk/2014/10/psa-dont-run-strings-on-untrusted-files.html • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-822: Untrusted Pointer Dereference •
CVSS: 7.5EPSS: 2%CPEs: 8EXPL: 1CVE-2014-8501 – binutils: out-of-bounds write when parsing specially crafted PE executable
https://notcve.org/view.php?id=CVE-2014-8501
09 Dec 2014 — The _bfd_XXi_swap_aouthdr_in function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) and possibly have other unspecified impact via a crafted NumberOfRvaAndSizes field in the AOUT header in a PE executable. La función _bfd_XXi_swap_aouthdr_in en bfd/peXXigen.c en GNU binutils 2.24 y anteriores permite a atacantes remotos causar una denegación de servicio (escritura fuera de rango) y posiblemente tener otro impacto no especificado... • http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145262.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 4%CPEs: 8EXPL: 1CVE-2014-8502 – binutils: heap overflow in objdump when parsing a crafted ELF/PE binary file (incomplete fix for CVE-2014-8485)
https://notcve.org/view.php?id=CVE-2014-8502
09 Dec 2014 — Heap-based buffer overflow in the pe_print_edata function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a truncated export table in a PE file. Desbordamiento de buffer basado en memoria dinámica en la función pe_print_edata en bfd/peXXigen.c en GNU binutils 2.24 y anteriores permite a atacantes remotos causar una denegación de servicio (caída) y posiblemente tener orto impacto no especificado a t... • http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145262.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •