diff options
| author | security tracker role <sectracker@soriano.debian.org> | 2020-02-01 08:10:24 +0000 |
|---|---|---|
| committer | security tracker role <sectracker@soriano.debian.org> | 2020-02-01 08:10:24 +0000 |
| commit | 7983259e254e274d8ea2b24a78065330bff1290a (patch) | |
| tree | 615edc6e1dc339287821f33042ea2767d40d9dc8 /data/CVE/2014.list | |
| parent | 7284fe95cf4d1067732d1284f4325969ceccf89a (diff) | |
automatic update
Diffstat (limited to 'data/CVE/2014.list')
| -rw-r--r-- | data/CVE/2014.list | 43 |
1 files changed, 17 insertions, 26 deletions
diff --git a/data/CVE/2014.list b/data/CVE/2014.list index 0e2510f3fd..d8ddd561f8 100644 --- a/data/CVE/2014.list +++ b/data/CVE/2014.list @@ -5980,8 +5980,8 @@ CVE-2014-8340 (SQL injection vulnerability in Php/Functions/log_function.php in NOT-FOR-US: phpTrafficA CVE-2014-8339 (SQL injection vulnerability in midroll.php in Nuevolab Nuevoplayer for ...) NOT-FOR-US: Nuevolabs Nuevoplayer for clipshare -CVE-2014-8338 - RESERVED +CVE-2014-8338 (Cross-site scripting (XSS) vulnerability in vwrooms/js/jsor-jcarousel/ ...) + TODO: check CVE-2014-8337 (Unrestricted file upload vulnerability in includes/classes/uploadify-v ...) NOT-FOR-US: HelpDEZk CVE-2014-8336 (The "Sql Run Query" panel in WP-DBManager (aka Database Manager) plugi ...) @@ -6006,13 +6006,11 @@ CVE-2014-8323 (buddy-ng.c in Aircrack-ng before 1.2 Beta 3 allows remote attacke - aircrack-ng 1:1.2-0~beta3-2 (bug #767979) NOTE: https://github.com/aircrack-ng/aircrack-ng/commit/da087238963c1239fdabd47dc1b65279605aca70 NOTE: https://github.com/aircrack-ng/aircrack-ng/pull/15 -CVE-2014-8322 [tcp_test stack overflow] - RESERVED +CVE-2014-8322 (Stack-based buffer overflow in the tcp_test function in aireplay-ng.c ...) - aircrack-ng 1:1.2-0~beta3-2 (bug #767979) NOTE: https://github.com/aircrack-ng/aircrack-ng/commit/091b153f294b9b695b0b2831e65936438b550d7b NOTE: https://github.com/aircrack-ng/aircrack-ng/pull/14 -CVE-2014-8321 [GPS stack overflow] - RESERVED +CVE-2014-8321 (Stack-based buffer overflow in the gps_tracker function in airodump-ng ...) - aircrack-ng 1:1.2-0~beta3-2 (bug #767979) NOTE: https://github.com/aircrack-ng/aircrack-ng/commit/ff70494dd389ba570dbdbf36f217c28d4381c6b5 NOTE: https://github.com/aircrack-ng/aircrack-ng/pull/13 @@ -6576,16 +6574,13 @@ CVE-2014-8142 (Use-after-free vulnerability in the process_nested_data function NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=630f9c33c23639de85c3fd306b209b538b73b4c9 NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=53f129a44d3c4ec0fae57993b9ae2f6cb48973cc NOTE: Only affects an inherently insecure use case -CVE-2014-8141 [heap overflow in getZip64Data] - RESERVED +CVE-2014-8141 (Heap-based buffer overflow in the getZip64Data function in Info-ZIP Un ...) {DSA-3113-1 DLA-124-1} - unzip 6.0-13 (bug #773722) -CVE-2014-8140 [heap overflow in test_compr_eb] - RESERVED +CVE-2014-8140 (Heap-based buffer overflow in the test_compr_eb function in Info-ZIP U ...) {DSA-3113-1 DLA-124-1} - unzip 6.0-13 (bug #773722) -CVE-2014-8139 [CRC32 heap overflow] - RESERVED +CVE-2014-8139 (Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip ...) {DSA-3113-1 DLA-150-1 DLA-124-1} - unzip 6.0-16 (bug #773722) CVE-2014-8138 (Heap-based buffer overflow in the jp2_decode function in JasPer 1.900. ...) @@ -6675,8 +6670,7 @@ CVE-2014-8127 (LibTIFF 4.0.3 allows remote attackers to cause a denial of servic NOTE: 4.0.3-12.1 fixes all issues except 2500 NOTE: 2500 is fixed by upstream as per 2016-10-25 NOTE: Crash in a frontend tool w/o potential for code injection, marked as unimportant -CVE-2014-8126 [mailx invocation enables code execution as condor user] - RESERVED +CVE-2014-8126 (The scheduler in HTCondor before 8.2.6 allows remote authenticated use ...) {DSA-3149-1} - condor 8.2.3~dfsg.1-6 (bug #775276) NOTE: https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=4764 @@ -13310,8 +13304,7 @@ CVE-2014-5238 (XML external entity (XXE) vulnerability in Open-Xchange (OX) AppS NOT-FOR-US: Open-Xchange CVE-2014-5237 (Server-side request forgery (SSRF) vulnerability in the documentconver ...) NOT-FOR-US: Open-Xchange -CVE-2014-5236 - RESERVED +CVE-2014-5236 (Multiple absolute path traversal vulnerabilities in documentconverter ...) NOT-FOR-US: Open-Xchange CVE-2014-5235 (Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchan ...) NOT-FOR-US: Open-Xchange @@ -13912,8 +13905,8 @@ CVE-2014-5041 RESERVED CVE-2014-5040 (HP Helion Eucalyptus 4.1.x before 4.1.2 and HPE Helion Eucalyptus 4.2. ...) - eucalyptus <removed> -CVE-2014-5039 - RESERVED +CVE-2014-5039 (Cross-site scripting (XSS) vulnerability in Eucalyptus Management Cons ...) + TODO: check CVE-2014-5038 (Eucalyptus 3.0.0 through 4.0.1, when the log level is set to DEBUG or ...) - eucalyptus <removed> CVE-2014-5037 (Eucalyptus 4.0.0 through 4.0.1, when the log level is set to INFO, log ...) @@ -16745,8 +16738,8 @@ CVE-2014-3871 (Multiple SQL injection vulnerabilities in register.php in Geodesi NOT-FOR-US: GeodesicSolutions CVE-2014-3869 RESERVED -CVE-2014-3868 - RESERVED +CVE-2014-3868 (Multiple SQL injection vulnerabilities in ZeusCart 4.x. ...) + TODO: check CVE-2014-3867 (The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through ...) NOT-FOR-US: IBM Sametime CVE-2014-3863 (Cross-site scripting (XSS) vulnerability in the JChatSocial component ...) @@ -16907,8 +16900,7 @@ CVE-2014-3811 (Juniper Installer Service (JIS) Client 7.x before 7.4R6 for Windo NOT-FOR-US: Junos Pulse Client CVE-2014-3810 (SQL injection vulnerability in administration/profiles.php in BoonEx D ...) NOT-FOR-US: Dolphin (php thingy) -CVE-2014-3809 - RESERVED +CVE-2014-3809 (Cross-site scripting (XSS) vulnerability in the management interface i ...) NOT-FOR-US: Alcatel Lucent CVE-2014-3808 (Multiple cross-site scripting (XSS) vulnerabilities in BarracudaDrive ...) NOT-FOR-US: BarracudaDrive @@ -19072,8 +19064,8 @@ CVE-2014-3120 (The default configuration in Elasticsearch before 1.2 enables dyn - elasticsearch 1.0.3+dfsg-3 (bug #759736) NOTE: https://github.com/elasticsearch/elasticsearch/commit/81e83cca NOTE: https://github.com/elasticsearch/elasticsearch/issues/5853 -CVE-2014-3119 - RESERVED +CVE-2014-3119 (Multiple SQL injection vulnerabilities in web2Project 3.1 and earlier ...) + TODO: check CVE-2014-3118 RESERVED CVE-2014-3117 @@ -21784,8 +21776,7 @@ CVE-2014-2028 RESERVED CVE-2014-2026 (Cross-site scripting (XSS) vulnerability in the search functionality i ...) NOT-FOR-US: Intrexx -CVE-2014-2025 - RESERVED +CVE-2014-2025 (Unrestricted file upload vulnerability in an unspecified third party t ...) NOT-FOR-US: Intrexx CVE-2014-2024 (Cross-site scripting (XSS) vulnerability in classes/controller/error.p ...) NOT-FOR-US: Open Classifieds |