PT-2014-1847 · X.Org +5 · Xorg-X11-Server +15

Name of the Vulnerable Software and Affected Versions: xorg-x11-server-Xdmx version 1.15.0 xorg-x11-server-debuginfo version 1.15.0 xorg-x11-server-Xnest version 1.15.0 xorg-x11-server-Xephyr version 1.15.0 xorg-x11-server-source version 1.15.0 xorg-x11-server-Xvfb version 1.15.0...

PT-2014-1843 · X.Org +5 · Xorg-X11-Server +14

Name of the Vulnerable Software and Affected Versions: xorg-x11-server-Xdmx versions 1.15.0 xorg-x11-server-debuginfo versions 1.15.0 xorg-x11-server-Xnest versions 1.15.0 xorg-x11-server-Xephyr versions 1.15.0 xorg-x11-server-source versions 1.15.0 xorg-x11-server-Xvfb versions 1.15.0...

UBUNTU-CVE-2014-8097

The DBE extension in X.Org X Window System aka X11 or X X11R6.1 and X.Org Server aka xserver and xorg-server before 1.16.3 allows remote authenticated users to cause a denial of service out-of-bounds read or write or possibly execute arbitrary code via a crafted length or index value to the 1...

UBUNTU-CVE-2014-8103

X.Org Server aka xserver and xorg-server 1.15.0 through 1.16.x before 1.16.3 allows remote authenticated users to cause a denial of service out-of-bounds read or write or possibly execute arbitrary code via a crafted length or index value to the 1 sprocdri3queryversion, 2 sprocdri3open, 3...

UBUNTU-CVE-2014-8094

Integer overflow in the ProcDRI2GetBuffers function in the DRI2 extension in X.Org Server aka xserver and xorg-server 1.7.0 through 1.16.x before 1.16.3 allows remote authenticated users to cause a denial of service crash or possibly execute arbitrary code via a crafted request, which triggers an...

UBUNTU-CVE-2014-8101

The RandR extension in XFree86 4.2.0, X.Org X Window System aka X11 or X X11R6.7, and X.Org Server aka xserver and xorg-server before 1.16.3 allows remote authenticated users to cause a denial of service out-of-bounds read or write or possibly execute arbitrary code via a crafted length or index...

CVE-2014-5462

OpenEMR 4.1.2 (Patch 7) and earlier contain multiple SQL injection vulnerabilities exploitable by remote authenticated users. Affected components include interface/super/edit_layout.php (layout_id), interface/reports/prescriptions_report.php (several), interface/billing/edit_payment.php, interfac...

CVE-2014-9278

The OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 and when running in a Kerberos environment, allows remote authenticated users to log in as another user when they are listed in the .k5users file of that user, which might bypass intended authentication requirements that would...

CVE-2014-4629

EMC Documentum Content Server 7.0, 7.1 before 7.1 P10, and 6.7 before SP2 P19 allows remote authenticated users to read or delete arbitrary files via unspecified vectors related to an insecure direct object reference...

mysql: unspecified vulnerability related to SERVER:DML (CPU October 2014)

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML...

mysql: unspecified vulnerability related to SERVER:DML (CPU October 2014)

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to SERVER:DML...

Design/Logic Flaw

GleamTech FileVista before 6.1 allows remote authenticated users to obtain sensitive information via a crafted path when saving a zip file, which reveals the installation path in an error message...

mysql: unspecified vulnerability related to ENARC (CPU July 2014)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to ENARC...

mysql: unspecified vulnerability related to SERVER:INNODB DML FOREIGN KEYS (CPU October 2014)

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB DML FOREIGN KEYS...

mysql: unspecified vulnerability related to SERVER:DDL (CPU October 2014)

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:DDL...

mysql: unspecified vulnerability related to SERVER:DML (CPU October 2014)

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to SERVER:DML...

mysql: unspecified vulnerability related to SERVER:OPTIMIZER (CPU October 2014)

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:OPTIMIZER...

UBUNTU-CVE-2014-8104

OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service server crash via a small control channel packet...

Code injection

The ViewPoint web application in Dell SonicWALL Global Management System GMS before 7.2 SP2, SonicWALL Analyzer before 7.2 SP2, and SonicWALL UMA before 7.2 SP2 allows remote authenticated users to execute arbitrary code via unspecified vectors...

CVE-2014-8368

The CVE-2014-8368 issue affects Aruba Networks AirWave prior to 7.7.14 and 8.x prior to 8.0.5. The vulnerability allows remote authenticated users to gain privileges and execute arbitrary commands via unspecified vectors. The provided documents do not specify the exact vulnerable component, vecto...