VYPR

Vendor CVEs

Fedoraproject

All CVEs

833 total · sorted by risk
  • CVE-2014-8504Dec 9, 2014
    risk 0.00cvss epss 0.06

    Stack-based buffer overflow in the srec_scan function in bfd/srec.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a crafted file.

  • CVE-2014-8503Dec 9, 2014
    risk 0.00cvss epss 0.06

    Stack-based buffer overflow in the ihex_scan function in bfd/ihex.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a crafted ihex file.

  • CVE-2014-8502Dec 9, 2014
    risk 0.00cvss epss 0.05

    Heap-based buffer overflow in the pe_print_edata function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a truncated export table in a PE file.

  • CVE-2014-8501Dec 9, 2014
    risk 0.00cvss epss 0.05

    The _bfd_XXi_swap_aouthdr_in function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) and possibly have other unspecified impact via a crafted NumberOfRvaAndSizes field in the AOUT header in a PE…

  • CVE-2014-8484Dec 9, 2014
    risk 0.00cvss epss 0.05

    The srec_scan function in bfd/srec.c in libdbfd in GNU binutils before 2.25 allows remote attackers to cause a denial of service (out-of-bounds read) via a small S-record.

  • CVE-2014-8990Dec 5, 2014
    risk 0.00cvss epss 0.05

    default-rsyncssh.lua in Lsyncd 2.1.5 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a filename.

  • CVE-2014-9220Dec 3, 2014
    risk 0.00cvss epss 0.02

    SQL injection vulnerability in OpenVAS Manager before 4.0.6 and 5.x before 5.0.7 allows remote attackers to execute arbitrary SQL commands via the timezone parameter in a modify_schedule OMP command.

  • CVE-2014-9093Nov 26, 2014
    risk 0.00cvss epss 0.04

    LibreOffice before 4.3.5 allows remote attackers to cause a denial of service (invalid write operation and crash) and possibly execute arbitrary code via a crafted RTF file.

  • CVE-2014-7821Nov 24, 2014
    risk 0.00cvss epss 0.04

    OpenStack Neutron before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (crash) via a crafted dns_nameservers value in the DNS configuration.

  • CVE-2013-0334Oct 31, 2014
    risk 0.00cvss epss 0.04

    Bundler before 1.7, when multiple top-level source lines are used, allows remote attackers to install arbitrary gems by creating a gem with the same name as another gem in a different source.

  • CVE-2014-1573Oct 13, 2014
    risk 0.00cvss epss 0.02

    Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 does not ensure that a scalar context is used for certain CGI parameters, which allows remote attackers to conduct cross-site scripting (XSS) attacks by…

  • CVE-2014-1572Oct 13, 2014
    risk 0.00cvss epss 0.02

    The confirm_create_account function in the account-creation feature in token.cgi in Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 does not specify a scalar context for the realname parameter, which…

  • CVE-2014-1571Oct 13, 2014
    risk 0.00cvss epss 0.01

    Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 allows remote authenticated users to obtain sensitive private-comment information by leveraging a role as a flag recipient, related to Bug.pm, Flag.pm,…

  • CVE-2014-6394Oct 8, 2014
    risk 0.00cvss epss 0.04

    visionmedia send before 0.8.4 for Node.js uses a partial comparison for verifying whether a directory is within the document root, which allows remote attackers to access restricted directories, as demonstrated using "public-restricted" under a "public" directory.

  • CVE-2014-7155Oct 2, 2014
    risk 0.00cvss epss 0.01

    The x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen 4.4.x and earlier does not properly check supervisor mode permissions, which allows local HVM users to cause a denial of service (guest crash) or gain guest kernel mode privileges via vectors involving an (1)…

  • CVE-2014-7154Oct 2, 2014
    risk 0.00cvss epss 0.01

    Race condition in HVMOP_track_dirty_vram in Xen 4.0.0 through 4.4.x does not ensure possession of the guarding lock for dirty video RAM tracking, which allows certain local guest domains to cause a denial of service via unspecified vectors.

  • CVE-2014-6055Sep 30, 2014
    risk 0.00cvss epss 0.08

    Multiple stack-based buffer overflows in the File Transfer feature in rfbserver.c in LibVNCServer 0.9.9 and earlier allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a (1) long file or (2) directory name or the (3)…

  • CVE-2014-6051Sep 30, 2014
    risk 0.00cvss epss 0.08

    Integer overflow in the MallocFrameBuffer function in vncviewer.c in LibVNCServer 0.9.9 and earlier allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via an advertisement for a large screen size, which triggers a heap-based buffer…

  • CVE-2014-3562Aug 21, 2014
    risk 0.00cvss epss 0.02

    Red Hat Directory Server 8 and 389 Directory Server, when debugging is enabled, allows remote attackers to obtain sensitive replicated metadata by searching the directory.

  • CVE-2014-2524Aug 20, 2014
    risk 0.00cvss epss 0.00

    The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file.

  • CVE-2014-4909Jul 29, 2014
    risk 0.00cvss epss 0.05

    Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bitfield.c in Transmission before 2.84 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted peer message, which triggers an out-of-bounds write.

  • CVE-2014-0103Jul 29, 2014
    risk 0.00cvss epss 0.00

    WebAccess in Zarafa before 7.1.10 and WebApp before 1.6 stores credentials in cleartext, which allows local Apache users to obtain sensitive information by reading the PHP session files.

  • CVE-2014-3537Jul 23, 2014
    risk 0.00cvss epss 0.00

    The web interface in CUPS before 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/.

  • CVE-2014-4341Jul 20, 2014
    risk 0.00cvss epss 0.07

    MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) by injecting invalid tokens into a GSSAPI application session.

  • CVE-2014-3499Jul 11, 2014
    risk 0.00cvss epss 0.00

    Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors.

  • CVE-2014-0477Jul 3, 2014
    risk 0.00cvss epss 0.04

    The parse function in Email::Address module before 1.905 for Perl uses an inefficient regular expression, which allows remote attackers to cause a denial of service (CPU consumption) via an empty quoted string in an RFC 2822 address.

  • CVE-2014-0247Jul 3, 2014
    risk 0.00cvss epss 0.04

    LibreOffice 4.2.4 executes unspecified VBA macros automatically, which has unspecified impact and attack vectors, possibly related to doc/docmacromode.cxx.

  • CVE-2014-4668Jul 2, 2014
    risk 0.00cvss epss 0.03

    The cherokee_validator_ldap_check function in validator_ldap.c in Cherokee 1.2.103 and earlier, when LDAP is used, does not properly consider unauthenticated-bind semantics, which allows remote attackers to bypass authentication via an empty password.

  • CVE-2014-0249Jun 11, 2014
    risk 0.00cvss epss 0.00

    The System Security Services Daemon (SSSD) 1.11.6 does not properly identify group membership when a non-POSIX group is in a group membership chain, which allows local users to bypass access restrictions via unspecified vectors.

  • CVE-2014-3956Jun 4, 2014
    risk 0.00cvss epss 0.01

    The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting expected FD_CLOEXEC flags, which allows local users to access unintended high-numbered file descriptors via a custom mail-delivery program.

  • CVE-2013-2014Jun 2, 2014
    risk 0.00cvss epss 0.03

    OpenStack Identity (Keystone) before 2013.1 allows remote attackers to cause a denial of service (memory consumption and crash) via multiple long requests.

  • CVE-2014-3152May 21, 2014
    risk 0.00cvss epss 0.02

    Integer underflow in the LCodeGen::PrepareKeyedOperand function in arm/lithium-codegen-arm.cc in Google V8 before 3.25.28.16, as used in Google Chrome before 35.0.1916.114, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors…

  • CVE-2014-1685May 8, 2014
    risk 0.00cvss epss 0.01

    The Frontend in Zabbix before 1.8.20rc2, 2.0.x before 2.0.11rc2, and 2.2.x before 2.2.2rc1 allows remote "Zabbix Admin" users to modify the media of arbitrary users via unspecified vectors.

  • CVE-2014-1682May 8, 2014
    risk 0.00cvss epss 0.02

    The API in Zabbix before 1.8.20rc1, 2.0.x before 2.0.11rc1, and 2.2.x before 2.2.2rc1 allows remote authenticated users to spoof arbitrary users via the user name in a user.login request.

  • CVE-2014-0190May 8, 2014
    risk 0.00cvss epss 0.04

    The GIF decoder in QtGui in Qt before 5.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via invalid width and height values in a GIF image.

  • CVE-2010-5109May 5, 2014
    risk 0.00cvss epss 0.02

    Off-by-one error in the DecompressRTF function in ytnef.c in Yerase's TNEF Stream Reader allows remote attackers to cause a denial of service (crash) via a crafted TNEF file, which triggers a buffer overflow.

  • CVE-2014-1528Apr 30, 2014
    risk 0.00cvss epss 0.06

    The sse2_composite_src_x888_8888 function in Pixman, as used in Cairo in Mozilla Firefox 28.0 and SeaMonkey 2.25 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write and application crash) by painting on a CANVAS element.

  • CVE-2014-1527Apr 30, 2014
    risk 0.00cvss epss 0.01

    Mozilla Firefox before 29.0 on Android allows remote attackers to spoof the address bar via crafted JavaScript code that uses DOM events to prevent the reemergence of the actual address bar after scrolling has taken it off of the screen.

  • CVE-2014-1526Apr 30, 2014
    risk 0.00cvss epss 0.02

    The XrayWrapper implementation in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site that is visited in the debugger, leading to unwrapping operations and calls to DOM methods…

  • CVE-2014-1525Apr 30, 2014
    risk 0.00cvss epss 0.04

    The mozilla::dom::TextTrack::AddCue function in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 does not properly perform garbage collection for Text Track Manager variables, which allows remote attackers to execute arbitrary code or cause a denial of service…

  • CVE-2014-1522Apr 30, 2014
    risk 0.00cvss epss 0.05

    The mozilla::dom::OscillatorNodeEngine::ComputeCustom function in the Web Audio subsystem in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read, memory corruption, and…

  • CVE-2014-1520Apr 30, 2014
    risk 0.00cvss epss 0.00

    maintenservice_installer.exe in the Maintenance Service Installer in Mozilla Firefox before 29.0 and Firefox ESR 24.x before 24.5 on Windows allows local users to gain privileges by placing a Trojan horse DLL file into a temporary directory at an unspecified point in the update…

  • CVE-2014-1519Apr 30, 2014
    risk 0.00cvss epss 0.05

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

  • CVE-2014-2328Apr 23, 2014
    risk 0.00cvss epss 0.04

    lib/graph_export.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in unspecified vectors.

  • CVE-2013-6371Apr 22, 2014
    risk 0.00cvss epss 0.03

    The hash functionality in json-c before 0.12 allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted JSON data, involving collisions.

  • CVE-2013-6370Apr 22, 2014
    risk 0.00cvss epss 0.04

    Buffer overflow in the printbuf APIs in json-c before 0.12 allows remote attackers to cause a denial of service via unspecified vectors.

  • CVE-2014-1517Apr 20, 2014
    risk 0.00cvss epss 0.01

    The login form in Bugzilla 2.x, 3.x, 4.x before 4.4.3, and 4.5.x before 4.5.3 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login…

  • CVE-2014-2287Apr 18, 2014
    risk 0.00cvss epss 0.02

    channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.15 before 1.8.15-cert5 and 11.6 before 11.6-cert2, when chan_sip has a certain configuration, allows remote authenticated users to cause…

  • CVE-2013-6456Apr 15, 2014
    risk 0.00cvss epss 0.01

    The LXC driver (lxc/lxc_driver.c) in libvirt 1.0.1 through 1.2.1 allows local users to (1) delete arbitrary host devices via the virDomainDeviceDettach API and a symlink attack on /dev in the container; (2) create arbitrary nodes (mknod) via the virDomainDeviceAttach API and a…

  • CVE-2014-2678Apr 1, 2014
    risk 0.00cvss epss 0.00

    The rds_iw_laddr_check function in net/rds/iw.c in the Linux kernel through 3.14 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks…

Page 14 of 17