Search Results (Refine Search)
- Keyword (text search): cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2014-9529 |
Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service (memory corruption or panic) or possibly have unspecified other impact via keyctl commands that trigger access to a key structure member during garbage collection of a key. Published: January 09, 2015; 4:59:00 PM -0500 |
V3.x:(not available) V2.0: 6.9 MEDIUM |
CVE-2014-9527 |
HSLFSlideShow in Apache POI before 3.11 allows remote attackers to cause a denial of service (infinite loop and deadlock) via a crafted PPT file. Published: January 06, 2015; 10:59:05 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2014-8132 |
Double free vulnerability in the ssh_packet_kexinit function in kex.c in libssh 0.5.x and 0.6.x before 0.6.4 allows remote attackers to cause a denial of service via a crafted kexinit packet. Published: December 28, 2014; 7:59:00 PM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2014-8964 |
Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero repeats. Published: December 16, 2014; 1:59:10 PM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2014-8488 |
Cross-site scripting (XSS) vulnerability in the administrator panel in Yourls 1.7 allows remote attackers to inject arbitrary web script or HTML via a URL that is processed by the Shorten functionality. Published: December 09, 2014; 8:59:00 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2014-8737 |
Multiple directory traversal vulnerabilities in GNU binutils 2.24 and earlier allow local users to delete arbitrary files via a .. (dot dot) or full path name in an archive to (1) strip or (2) objcopy or create arbitrary files via (3) a .. (dot dot) or full path name in an archive to ar. Published: December 09, 2014; 6:59:07 PM -0500 |
V3.x:(not available) V2.0: 3.6 LOW |
CVE-2014-8504 |
Stack-based buffer overflow in the srec_scan function in bfd/srec.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a crafted file. Published: December 09, 2014; 6:59:06 PM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2014-8503 |
Stack-based buffer overflow in the ihex_scan function in bfd/ihex.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a crafted ihex file. Published: December 09, 2014; 6:59:05 PM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2014-8502 |
Heap-based buffer overflow in the pe_print_edata function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a truncated export table in a PE file. Published: December 09, 2014; 6:59:04 PM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2014-8501 |
The _bfd_XXi_swap_aouthdr_in function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) and possibly have other unspecified impact via a crafted NumberOfRvaAndSizes field in the AOUT header in a PE executable. Published: December 09, 2014; 6:59:03 PM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2014-8485 |
The setup_group function in bfd/elf.c in libbfd in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted section group headers in an ELF file. Published: December 09, 2014; 6:59:01 PM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2014-8484 |
The srec_scan function in bfd/srec.c in libdbfd in GNU binutils before 2.25 allows remote attackers to cause a denial of service (out-of-bounds read) via a small S-record. Published: December 09, 2014; 6:59:00 PM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2014-8990 |
default-rsyncssh.lua in Lsyncd 2.1.5 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a filename. Published: December 05, 2014; 11:59:11 AM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2013-6494 |
fedup 0.9.0 in Fedora 19, 20, and 21 uses a temporary directory with a static name for its download cache, which allows local users to cause a denial of service (prevention of system updates). Published: December 01, 2014; 8:59:00 PM -0500 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2014-9093 |
LibreOffice before 4.3.5 allows remote attackers to cause a denial of service (invalid write operation and crash) and possibly execute arbitrary code via a crafted RTF file. Published: November 26, 2014; 10:59:09 AM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2014-7821 |
OpenStack Neutron before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (crash) via a crafted dns_nameservers value in the DNS configuration. Published: November 24, 2014; 10:59:02 AM -0500 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2013-0334 |
Bundler before 1.7, when multiple top-level source lines are used, allows remote attackers to install arbitrary gems by creating a gem with the same name as another gem in a different source. Published: October 31, 2014; 10:55:02 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2014-3566 |
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. Published: October 14, 2014; 8:55:02 PM -0400 |
V3.1: 3.4 LOW V2.0: 4.3 MEDIUM |
CVE-2014-1573 |
Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 does not ensure that a scalar context is used for certain CGI parameters, which allows remote attackers to conduct cross-site scripting (XSS) attacks by sending three values for a single parameter name. Published: October 12, 2014; 9:55:07 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2014-1572 |
The confirm_create_account function in the account-creation feature in token.cgi in Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 does not specify a scalar context for the realname parameter, which allows remote attackers to create accounts with unverified e-mail addresses by sending three realname values with realname=login_name as the second, as demonstrated by selecting an e-mail address with a domain name for which group privileges are automatically granted. Published: October 12, 2014; 9:55:06 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |