High

DATE	CVE	VULNERABILITY TITLE	RISK
2015-01-21	CVE-2015-0412	Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS. local low complexity redhat canonical novell debian opensuse oracle	7.2
2015-01-21	CVE-2015-0411	Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Server : Security : Encryption. network low complexity redhat canonical debian fedoraproject oracle mariadb	7.5
2015-01-06	CVE-2014-7209	Command Injection vulnerability in Debian Mime-Support run-mailcap in the Debian mime-support package before 3.52-1+deb7u1 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename. network low complexity debian CWE-77	7.5
2014-12-31	CVE-2014-8145	Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Multiple heap-based buffer overflows in Sound eXchange (SoX) 14.4.1 and earlier allow remote attackers to have unspecified impact via a crafted WAV file to the (1) start_read or (2) AdpcmReadBlock function. network low complexity sound-exchange-project debian oracle CWE-119	7.5
2014-12-16	CVE-2014-9057	SQL Injection vulnerability in multiple products SQL injection vulnerability in the XML-RPC interface in Movable Type before 5.18, 5.2.x before 5.2.11, and 6.x before 6.0.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. network low complexity debian sixapart CWE-89	7.5
2014-12-15	CVE-2014-6052	Improper Input Validation vulnerability in multiple products The HandleRFBServerMessage function in libvncclient/rfbproto.c in LibVNCServer 0.9.9 and earlier does not check certain malloc return values, which allows remote VNC servers to cause a denial of service (application crash) or possibly execute arbitrary code by specifying a large screen size in a (1) FramebufferUpdate, (2) ResizeFrameBuffer, or (3) PalmVNCReSizeFrameBuffer message. network low complexity libvncserver oracle debian canonical CWE-20	7.5
2014-12-09	CVE-2014-9274	Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products UnRTF allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code as demonstrated by a file containing the string "{\cb-999999999". network low complexity unrtf-project fedoraproject mageia-project debian CWE-119	7.5
2014-12-05	CVE-2014-8990	Command Injection vulnerability in multiple products default-rsyncssh.lua in Lsyncd 2.1.5 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a filename. network low complexity debian fedoraproject lsyncd-project CWE-77	7.5
2014-11-28	CVE-2014-9089	SQL Injection vulnerability in multiple products Multiple SQL injection vulnerabilities in view_all_bug_page.php in MantisBT before 1.2.18 allow remote attackers to execute arbitrary SQL commands via the (1) sort or (2) dir parameter to view_all_set.php. network low complexity debian mantisbt CWE-89	7.5
2014-11-26	CVE-2014-9093	Improper Input Validation vulnerability in multiple products LibreOffice before 4.3.5 allows remote attackers to cause a denial of service (invalid write operation and crash) and possibly execute arbitrary code via a crafted RTF file. network low complexity libreoffice fedoraproject canonical debian CWE-20	7.5