Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*
There are 177 matching records.
Displaying matches 121 through 140.
Vuln ID Summary CVSS Severity
CVE-2014-9660

The _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before 2.5.4 does not properly handle a missing ENDCHAR record, which allows remote attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted BDF font.

Published: February 08, 2015; 6:59:22 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2014-9659

cff/cf2intrp.c in the CFF CharString interpreter in FreeType before 2.5.4 proceeds with additional hints after the hint mask has been computed, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted OpenType font. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2240.

Published: February 08, 2015; 6:59:21 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2014-9658

The tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5.4 enforces an incorrect minimum table length, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font.

Published: February 08, 2015; 6:59:20 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2014-9657

The tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font.

Published: February 08, 2015; 6:59:19 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2014-9656

The tt_sbit_decoder_load_image function in sfnt/ttsbit.c in FreeType before 2.5.4 does not properly check for an integer overflow, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted OpenType font.

Published: February 08, 2015; 6:59:15 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2014-9636

unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression.

Published: February 06, 2015; 10:59:06 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2015-1463

ClamAV before 0.98.6 allows remote attackers to cause a denial of service (crash) via a crafted petite packer file, related to an "incorrect compiler optimization."

Published: February 03, 2015; 11:59:34 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2015-1462

ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upx packer file, related to a "heap out of bounds condition."

Published: February 03, 2015; 11:59:34 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2015-1461

ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted (1) Yoda's crypter or (2) mew packer file, related to a "heap out of bounds condition."

Published: February 03, 2015; 11:59:33 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2015-1433

program/lib/Roundcube/rcube_washtml.php in Roundcube before 1.0.5 does not properly quote strings, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the style attribute in an email.

Published: February 03, 2015; 11:59:24 AM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2014-9328

ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upack packer file, related to a "heap out of bounds condition."

Published: February 03, 2015; 11:59:02 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2014-8630

Bugzilla before 4.0.16, 4.1.x and 4.2.x before 4.2.12, 4.3.x and 4.4.x before 4.4.7, and 5.x before 5.0rc1 allows remote authenticated users to execute arbitrary commands by leveraging the editcomponents privilege and triggering crafted input to a two-argument Perl open call, as demonstrated by shell metacharacters in a product name.

Published: February 01, 2015; 10:59:04 AM -0500
V3.x:(not available)
V2.0: 6.5 MEDIUM
CVE-2014-9639

Integer overflow in oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (crash) via a crafted number of channels in a WAV file, which triggers an out-of-bounds memory access.

Published: January 23, 2015; 10:59:09 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2014-9638

oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a WAV file with the number of channels set to zero.

Published: January 23, 2015; 10:59:07 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2015-0383

Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allows local users to affect integrity and availability via unknown vectors related to Hotspot.

Published: January 21, 2015; 1:59:28 PM -0500
V3.x:(not available)
V2.0: 5.4 MEDIUM
CVE-2014-9601

Pillow before 2.7.0 allows remote attackers to cause a denial of service via a compressed text chunk in a PNG image that has a large size when it is decompressed.

Published: January 16, 2015; 11:59:17 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2015-1051

Open redirect vulnerability in the Context UI module in the Context module 7.x-3.x before 7.x-3.6 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination parameter.

Published: January 15, 2015; 10:59:31 AM -0500
V3.x:(not available)
V2.0: 5.8 MEDIUM
CVE-2014-8738

The _bfd_slurp_extended_name_table function in bfd/archive.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (invalid write, segmentation fault, and crash) via a crafted extended name table in an archive.

Published: January 15, 2015; 10:59:14 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2014-9585

The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD.

Published: January 09, 2015; 4:59:02 PM -0500
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2014-9529

Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service (memory corruption or panic) or possibly have unspecified other impact via keyctl commands that trigger access to a key structure member during garbage collection of a key.

Published: January 09, 2015; 4:59:00 PM -0500
V3.x:(not available)
V2.0: 6.9 MEDIUM