Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2014-9657 |
The tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font. Published: February 08, 2015; 6:59:19 AM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2014-9656 |
The tt_sbit_decoder_load_image function in sfnt/ttsbit.c in FreeType before 2.5.4 does not properly check for an integer overflow, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted OpenType font. Published: February 08, 2015; 6:59:15 AM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2014-9636 |
unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression. Published: February 06, 2015; 10:59:06 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-1463 |
ClamAV before 0.98.6 allows remote attackers to cause a denial of service (crash) via a crafted petite packer file, related to an "incorrect compiler optimization." Published: February 03, 2015; 11:59:34 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-1462 |
ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upx packer file, related to a "heap out of bounds condition." Published: February 03, 2015; 11:59:34 AM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2015-1461 |
ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted (1) Yoda's crypter or (2) mew packer file, related to a "heap out of bounds condition." Published: February 03, 2015; 11:59:33 AM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2014-9328 |
ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upack packer file, related to a "heap out of bounds condition." Published: February 03, 2015; 11:59:02 AM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2014-8630 |
Bugzilla before 4.0.16, 4.1.x and 4.2.x before 4.2.12, 4.3.x and 4.4.x before 4.4.7, and 5.x before 5.0rc1 allows remote authenticated users to execute arbitrary commands by leveraging the editcomponents privilege and triggering crafted input to a two-argument Perl open call, as demonstrated by shell metacharacters in a product name. Published: February 01, 2015; 10:59:04 AM -0500 |
V3.x:(not available) V2.0: 6.5 MEDIUM |
CVE-2014-9639 |
Integer overflow in oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (crash) via a crafted number of channels in a WAV file, which triggers an out-of-bounds memory access. Published: January 23, 2015; 10:59:09 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2014-9638 |
oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a WAV file with the number of channels set to zero. Published: January 23, 2015; 10:59:07 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-0432 |
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DDL : Foreign Key. Published: January 21, 2015; 2:59:17 PM -0500 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2015-0411 |
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Server : Security : Encryption. Published: January 21, 2015; 2:59:00 PM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2015-0407 |
Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to Swing. Published: January 21, 2015; 1:59:47 PM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-0383 |
Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allows local users to affect integrity and availability via unknown vectors related to Hotspot. Published: January 21, 2015; 1:59:28 PM -0500 |
V3.x:(not available) V2.0: 5.4 MEDIUM |
CVE-2015-0382 |
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0381. Published: January 21, 2015; 1:59:27 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2015-0381 |
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0382. Published: January 21, 2015; 1:59:26 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2015-0374 |
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges : Foreign Key. Published: January 21, 2015; 1:59:21 PM -0500 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2014-6568 |
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DML. Published: January 21, 2015; 10:28:07 AM -0500 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2015-1051 |
Open redirect vulnerability in the Context UI module in the Context module 7.x-3.x before 7.x-3.6 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination parameter. Published: January 15, 2015; 10:59:31 AM -0500 |
V3.x:(not available) V2.0: 5.8 MEDIUM |
CVE-2014-8738 |
The _bfd_slurp_extended_name_table function in bfd/archive.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (invalid write, segmentation fault, and crash) via a crafted extended name table in an archive. Published: January 15, 2015; 10:59:14 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |