Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*
There are 177 matching records.
Displaying matches 141 through 160.
Vuln ID Summary CVSS Severity
CVE-2014-9221

strongSwan 4.5.x through 5.2.x before 5.2.1 allows remote attackers to cause a denial of service (invalid pointer dereference) via a crafted IKEv2 Key Exchange (KE) message with Diffie-Hellman (DH) group 1025.

Published: January 07, 2015; 2:59:01 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2014-9449

Buffer overflow in the RiffVideo::infoTagsHandler function in riffvideo.cpp in Exiv2 0.24 allows remote attackers to cause a denial of service (crash) via a long IKEY INFO tag value in an AVI file.

Published: January 02, 2015; 3:59:08 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2014-8132

Double free vulnerability in the ssh_packet_kexinit function in kex.c in libssh 0.5.x and 0.6.x before 0.6.4 allows remote attackers to cause a denial of service via a crafted kexinit packet.

Published: December 28, 2014; 7:59:00 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2014-8124

OpenStack Dashboard (Horizon) before 2014.1.3 and 2014.2.x before 2014.2.1 does not properly handle session records when using a db or memcached session engine, which allows remote attackers to cause a denial of service via a large number of requests to the login page.

Published: December 12, 2014; 10:59:09 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2014-8488

Cross-site scripting (XSS) vulnerability in the administrator panel in Yourls 1.7 allows remote attackers to inject arbitrary web script or HTML via a URL that is processed by the Shorten functionality.

Published: December 09, 2014; 8:59:00 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2014-9274

UnRTF allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code as demonstrated by a file containing the string "{\cb-999999999".

Published: December 09, 2014; 6:59:10 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2014-8737

Multiple directory traversal vulnerabilities in GNU binutils 2.24 and earlier allow local users to delete arbitrary files via a .. (dot dot) or full path name in an archive to (1) strip or (2) objcopy or create arbitrary files via (3) a .. (dot dot) or full path name in an archive to ar.

Published: December 09, 2014; 6:59:07 PM -0500
V3.x:(not available)
V2.0: 3.6 LOW
CVE-2014-8504

Stack-based buffer overflow in the srec_scan function in bfd/srec.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a crafted file.

Published: December 09, 2014; 6:59:06 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2014-8503

Stack-based buffer overflow in the ihex_scan function in bfd/ihex.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a crafted ihex file.

Published: December 09, 2014; 6:59:05 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2014-8502

Heap-based buffer overflow in the pe_print_edata function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a truncated export table in a PE file.

Published: December 09, 2014; 6:59:04 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2014-8501

The _bfd_XXi_swap_aouthdr_in function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) and possibly have other unspecified impact via a crafted NumberOfRvaAndSizes field in the AOUT header in a PE executable.

Published: December 09, 2014; 6:59:03 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2014-8485

The setup_group function in bfd/elf.c in libbfd in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted section group headers in an ELF file.

Published: December 09, 2014; 6:59:01 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2014-8484

The srec_scan function in bfd/srec.c in libdbfd in GNU binutils before 2.25 allows remote attackers to cause a denial of service (out-of-bounds read) via a small S-record.

Published: December 09, 2014; 6:59:00 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2014-9220

SQL injection vulnerability in OpenVAS Manager before 4.0.6 and 5.x before 5.0.7 allows remote attackers to execute arbitrary SQL commands via the timezone parameter in a modify_schedule OMP command.

Published: December 02, 2014; 8:59:02 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2013-6494

fedup 0.9.0 in Fedora 19, 20, and 21 uses a temporary directory with a static name for its download cache, which allows local users to cause a denial of service (prevention of system updates).

Published: December 01, 2014; 8:59:00 PM -0500
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2013-0334

Bundler before 1.7, when multiple top-level source lines are used, allows remote attackers to install arbitrary gems by creating a gem with the same name as another gem in a different source.

Published: October 31, 2014; 10:55:02 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2014-3566

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.

Published: October 14, 2014; 8:55:02 PM -0400
V3.1: 3.4 LOW
V2.0: 4.3 MEDIUM
CVE-2014-1573

Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 does not ensure that a scalar context is used for certain CGI parameters, which allows remote attackers to conduct cross-site scripting (XSS) attacks by sending three values for a single parameter name.

Published: October 12, 2014; 9:55:07 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2014-1572

The confirm_create_account function in the account-creation feature in token.cgi in Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 does not specify a scalar context for the realname parameter, which allows remote attackers to create accounts with unverified e-mail addresses by sending three realname values with realname=login_name as the second, as demonstrated by selecting an e-mail address with a domain name for which group privileges are automatically granted.

Published: October 12, 2014; 9:55:06 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2014-1571

Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 allows remote authenticated users to obtain sensitive private-comment information by leveraging a role as a flag recipient, related to Bug.pm, Flag.pm, and a mail template.

Published: October 12, 2014; 9:55:05 PM -0400
V3.x:(not available)
V2.0: 4.0 MEDIUM