Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2015-01-21	CVE-2015-0383	Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allows local users to affect integrity and availability via unknown vectors related to Hotspot. local redhat fedoraproject canonical novell debian opensuse oracle	5.4
2015-01-21	CVE-2015-0382	Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0381. network oracle debian canonical fedoraproject mariadb redhat suse	4.3
2015-01-21	CVE-2015-0381	Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0382. network oracle debian canonical fedoraproject mariadb redhat suse	4.3
2015-01-16	CVE-2014-9601	Improper Input Validation vulnerability in multiple products Pillow before 2.7.0 allows remote attackers to cause a denial of service via a compressed text chunk in a PNG image that has a large size when it is decompressed. network low complexity python oracle fedoraproject opensuse CWE-20	5.0
2015-01-15	CVE-2015-1051	Open redirect vulnerability in the Context UI module in the Context module 7.x-3.x before 7.x-3.6 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination parameter. network context-project fedoraproject	5.8
2015-01-06	CVE-2014-9527	Resource Management Errors vulnerability in multiple products HSLFSlideShow in Apache POI before 3.11 allows remote attackers to cause a denial of service (infinite loop and deadlock) via a crafted PPT file. network low complexity fedoraproject apache CWE-399	5.0
2015-01-02	CVE-2014-9449	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Buffer overflow in the RiffVideo::infoTagsHandler function in riffvideo.cpp in Exiv2 0.24 allows remote attackers to cause a denial of service (crash) via a long IKEY INFO tag value in an AVI file. network low complexity exiv2 fedoraproject CWE-119	5.0
2014-12-29	CVE-2014-8132	Double free vulnerability in the ssh_packet_kexinit function in kex.c in libssh 0.5.x and 0.6.x before 0.6.4 allows remote attackers to cause a denial of service via a crafted kexinit packet. network low complexity libssh debian opensuse fedoraproject canonical	5.0
2014-12-16	CVE-2014-8964	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero repeats. network low complexity pcre mariadb fedoraproject opensuse oracle redhat CWE-119	5.0
2014-12-10	CVE-2014-8488	Cross-Site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in the administrator panel in Yourls 1.7 allows remote attackers to inject arbitrary web script or HTML via a URL that is processed by the Shorten functionality. network yourls fedoraproject CWE-79	4.3