Vulnerabilities > Fedoraproject > High

DATE CVE VULNERABILITY TITLE RISK
2015-02-03 CVE-2015-1462 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upx packer file, related to a "heap out of bounds condition."
network
low complexity
fedoraproject clamav CWE-119
7.5
7.5
2015-02-03 CVE-2015-1461 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted (1) Yoda's crypter or (2) mew packer file, related to a "heap out of bounds condition."
network
low complexity
fedoraproject clamav CWE-119
7.5
7.5
2015-02-03 CVE-2014-9328 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upack packer file, related to a "heap out of bounds condition."
network
low complexity
fedoraproject clamav CWE-119
7.5
7.5
2015-01-21 CVE-2015-0411 Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Server : Security : Encryption. 7.5
7.5
2014-12-09 CVE-2014-9274 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products
UnRTF allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code as demonstrated by a file containing the string "{\cb-999999999". 		7.5
7.5
2014-12-05 CVE-2014-8990 Command Injection vulnerability in multiple products
default-rsyncssh.lua in Lsyncd 2.1.5 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a filename.
network
low complexity
debian fedoraproject lsyncd-project CWE-77
7.5
7.5
2014-12-03 CVE-2014-9220 SQL Injection vulnerability in multiple products
SQL injection vulnerability in OpenVAS Manager before 4.0.6 and 5.x before 5.0.7 allows remote attackers to execute arbitrary SQL commands via the timezone parameter in a modify_schedule OMP command.
network
low complexity
fedoraproject openvas opensuse CWE-89
7.5
7.5
2014-11-26 CVE-2014-9093 Improper Input Validation vulnerability in multiple products
LibreOffice before 4.3.5 allows remote attackers to cause a denial of service (invalid write operation and crash) and possibly execute arbitrary code via a crafted RTF file. 		7.5
7.5
2014-10-08 CVE-2014-6394 Path Traversal vulnerability in multiple products
visionmedia send before 0.8.4 for Node.js uses a partial comparison for verifying whether a directory is within the document root, which allows remote attackers to access restricted directories, as demonstrated using "public-restricted" under a "public" directory.
network
low complexity
fedoraproject apple joyent CWE-22
7.5
7.5
2014-09-30 CVE-2014-6051 Numeric Errors vulnerability in multiple products
Integer overflow in the MallocFrameBuffer function in vncviewer.c in LibVNCServer 0.9.9 and earlier allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via an advertisement for a large screen size, which triggers a heap-based buffer overflow. 		7.5
7.5