Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2015-02-08	CVE-2014-9664	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products FreeType before 2.5.4 does not check for the end of the data during certain parsing actions, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted Type42 font, related to type42/t42parse.c and type1/t1load.c. network redhat debian opensuse canonical fedoraproject freetype oracle CWE-119	6.8
2015-02-06	CVE-2014-9636	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression. network low complexity unzip-project canonical debian fedoraproject CWE-119	5.0
2015-02-03	CVE-2015-1463	Code vulnerability in multiple products ClamAV before 0.98.6 allows remote attackers to cause a denial of service (crash) via a crafted petite packer file, related to an "incorrect compiler optimization." network low complexity clamav fedoraproject CWE-17	5.0
2015-02-03	CVE-2015-1433	Cross-site Scripting vulnerability in multiple products program/lib/Roundcube/rcube_washtml.php in Roundcube before 1.0.5 does not properly quote strings, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the style attribute in an email. network roundcube opensuse fedoraproject CWE-79	4.3
2015-02-01	CVE-2014-8630	Command Injection vulnerability in multiple products Bugzilla before 4.0.16, 4.1.x and 4.2.x before 4.2.12, 4.3.x and 4.4.x before 4.4.7, and 5.x before 5.0rc1 allows remote authenticated users to execute arbitrary commands by leveraging the editcomponents privilege and triggering crafted input to a two-argument Perl open call, as demonstrated by shell metacharacters in a product name. network low complexity mozilla fedoraproject CWE-77	6.5
2015-01-23	CVE-2014-9639	Local Denial of Service vulnerability in Vorbis Tools Integer overflow in oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (crash) via a crafted number of channels in a WAV file, which triggers an out-of-bounds memory access. network low complexity xiph fedoraproject opensuse	5.0
2015-01-23	CVE-2014-9638	Local Denial of Service vulnerability in Vorbis Tools oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a WAV file with the number of channels set to zero. network low complexity fedoraproject opensuse xiph	5.0
2015-01-21	CVE-2015-0432	Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DDL : Foreign Key. network low complexity oracle debian canonical redhat fedoraproject suse mariadb	4.0
2015-01-21	CVE-2015-1038	Link Following vulnerability in multiple products p7zip 9.20.1 allows remote attackers to write to arbitrary files via a symlink attack in an archive. network fedoraproject oracle 7-zip CWE-59	5.8
2015-01-21	CVE-2015-0407	Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to Swing. network low complexity redhat canonical debian fedoraproject oracle	5.0