CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 1CVE-2014-8089
https://notcve.org/view.php?id=CVE-2014-8089
SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before 2.3.3, when using the sqlsrv PHP extension, allows remote attackers to execute arbitrary SQL commands via a null byte. Una vulnerabilidad de inyección SQL en Zend Framework versiones anteriores a 1.12.9, versiones 2.2.x anteriores a 2.2.8 y versiones 2.3.x anteriores a 2.3.3, cuando se usa la extensión PHP sqlsrv, permite a atacantes remotos ejecutar comandos SQL arbitrarios por medio de un byte null. • http://framework.zend.com/security/advisory/ZF2014-06 http://seclists.org/oss-sec/2014/q4/276 http://www.securityfocus.com/bid/70011 https://bugzilla.redhat.com/show_bug.cgi?id=1151277 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2014-1859
https://notcve.org/view.php?id=CVE-2014-1859
(1) core/tests/test_memmap.py, (2) core/tests/test_multiarray.py, (3) f2py/f2py2e.py, and (4) lib/tests/test_io.py in NumPy before 1.8.1 allow local users to write to arbitrary files via a symlink attack on a temporary file. (1) core/tests/test_memmap.py, (2) core/tests/test_multiarray.py, (3) f2py/f2py2e.py y (4) lib/tests/test_io.py en NumPy en versiones anteriores a la 1.8.1 permiten que los usuarios locales escriban en archivos arbitrarios mediante un ataque symlink en un archivo temporal. • http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128358.html http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128781.html http://www.openwall.com/lists/oss-security/2014/02/08/3 http://www.securityfocus.com/bid/65440 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737778 https://bugzilla.redhat.com/show_bug.cgi?id=1062009 https://exchange.xforce.ibmcloud.com/vulnerabilities/91317 https://github.com/numpy/numpy/blob/maintenance/1.8.x/doc/ • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2014-3219
https://notcve.org/view.php?id=CVE-2014-3219
fish before 2.1.1 allows local users to write to arbitrary files via a symlink attack on (1) /tmp/fishd.log.%s, (2) /tmp/.pac-cache.$USER, (3) /tmp/.yum-cache.$USER, or (4) /tmp/.rpm-cache.$USER. fish, en versiones anteriores a la 2.1.1, permite que usuarios locales escriban en archivos arbitrarios mediante un ataque de vínculo simbólico en (1) /tmp/fishd.log. • http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132751.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00059.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00071.html http://security.gentoo.org/glsa/glsa-201412-49.xml http://www.openwall.com/lists/oss-security/2014/05/06/3 http://www.openwall.com/lists/oss-security/2014/09/28/8 http://www.securityfocus.com/bid/67115 https://bugzilla.redhat.com/show_bug.cgi?id=109209 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 5.0EPSS: 9%CPEs: 20EXPL: 0CVE-2014-8132
https://notcve.org/view.php?id=CVE-2014-8132
Double free vulnerability in the ssh_packet_kexinit function in kex.c in libssh 0.5.x and 0.6.x before 0.6.4 allows remote attackers to cause a denial of service via a crafted kexinit packet. Vulnerabilidad de doble liberación en la función ssh_packet_kexinit en kex.c en libssh 0.5.x y 0.6.x anterior a 0.6.4 permite a atacantes remotos causar una denegación de servicio a través del paquete modificado kexinit. • http://advisories.mageia.org/MGASA-2015-0014.html http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147367.html http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147452.html http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147464.html http://lists.opensuse.org/opensuse-updates/2015-01/msg00007.html http://secunia.com/advisories/60838 http://www.debian.org/security/2016/dsa-3488 http://www.libssh.org/2014/12/19/libssh-0-6-4-secu •
CVSS: 5.0EPSS: 2%CPEs: 23EXPL: 0CVE-2014-8964 – pcre: incorrect handling of zero-repeat assertion conditions
https://notcve.org/view.php?id=CVE-2014-8964
Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero repeats. Desbordamiento de buffer basado en memoria dinámica en PCRE 8.36 y anteriores permite a atacantes remotos causar una denegación de servicio (caída) o tener otro impacto no especificado a través de una expresión regular manipulada, relacionado con una aserción que permite cero repeticiones. A flaw was found in the way PCRE handled certain malformed regular expressions. This issue could cause an application (for example, Konqueror) linked against PCRE to crash while parsing malicious regular expressions. • http://advisories.mageia.org/MGASA-2014-0534.html http://bugs.exim.org/show_bug.cgi?id=1546 http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145843.html http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147474.html http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147511.html http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147516.html http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html http://rhn.redhat • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •