Vulnerabilities > Redhat > Enterprise Linux Server > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-01-21 | CVE-2015-0381 | Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0382. | 4.3 |
| 2014-12-18 | CVE-2014-8108 | Remote Denial of Service vulnerability in Apache Subversion The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.7.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request for a URI that triggers a lookup for a virtual transaction name that does not exist. | 5.0 |
| 2014-12-18 | CVE-2014-3580 | Remote Denial of Service vulnerability in Apache Subversion The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a REPORT request for a resource that does not exist. | 5.0 |
| 2014-12-16 | CVE-2014-8964 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero repeats. | 5.0 |
| 2014-12-08 | CVE-2014-9273 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products lib/handle.c in Hivex before 1.3.11 allows local users to execute arbitrary code and gain privileges via a small hive files, which triggers an out-of-bounds read or write. | 4.6 |
| 2014-11-24 | CVE-2012-6662 | Cross-Site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not properly handled in the autocomplete combo box demo. | 4.3 |
| 2014-11-15 | CVE-2014-4975 | Buffer Errors vulnerability in Ruby-Lang Ruby Off-by-one error in the encodes function in pack.c in Ruby 1.9.3 and earlier, and 2.x through 2.1.2, when using certain format string specifiers, allows context-dependent attackers to cause a denial of service (segmentation fault) via vectors that trigger a stack-based buffer overflow. | 5.0 |
| 2014-11-13 | CVE-2014-8564 | Cryptographic Issues vulnerability in multiple products The _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in GnuTLS 3.x before 3.1.28, 3.2.x before 3.2.20, and 3.3.x before 3.3.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) Elliptic Curve Cryptography (ECC) certificate or (2) certificate signing requests (CSR), related to generating key IDs. | 5.0 |
| 2014-08-27 | CVE-2014-3575 | Information Exposure vulnerability in multiple products The OLE preview generation in Apache OpenOffice before 4.1.1 and OpenOffice.org (OOo) might allow remote attackers to embed arbitrary data into documents via crafted OLE objects. | 4.3 |
| 2014-08-19 | CVE-2014-3528 | Credentials Management vulnerability in multiple products Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted authentication realm. | 4.0 |