Fixed vulnerabilities:

CVE-2015-1209 (VulnLIB link), CVE-2015-1210 (VulnLIB link), CVE-2015-1211 (VulnLIB link), CVE-2015-1212 (VulnLIB link)
Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash or, potentially, execute arbitrary code with the privileges of the user running Chromium.

Affected releases:
Red Hat Enterprise Linux Desktop Supplementary (v. 6)
Red Hat Enterprise Linux Server Supplementary (v. 6)
Red Hat Enterprise Linux Server Supplementary EUS (v. 6.6.z)
Red Hat Enterprise Linux Workstation Supplementary (v. 6)
Software description:
chromium-browser
Solution:
Check VulnLIB for fixes for CVEs listed above and the source.
Source:
RHSA-2015:0163-1 - Important: chromium-browser security update

Fixed vulnerabilities:

CVE-2014-3580 (VulnLIB link)
A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled REPORT requests. A remote, unauthenticated attacker could use a specially crafted REPORT request to crash mod_dav_svn. 
CVE-2014-3528 (VulnLIB link)
It was discovered that Subversion clients retrieved cached authentication credentials using the MD5 hash of the server realm string without also checking the server's URL. A malicious server able to provide a realm that triggers an MD5 collision could possibly use this flaw to obtain the credentials for a different realm. 

Affected releases:
Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux HPC Node (v. 6)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Server EUS (v. 6.6.z)
Red Hat Enterprise Linux Workstation (v. 6)
Software description:
subversion
Solution:
Check VulnLIB for fixes for CVEs listed above and the source.
Source:
RHSA-2015:0165-1 - Moderate: subversion security update

Fixed vulnerabilities:

CVE-2014-3580 (VulnLIB link)
A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled REPORT requests. A remote, unauthenticated attacker could use a specially crafted REPORT request to crash mod_dav_svn. 
CVE-2014-3528 (VulnLIB link)
It was discovered that Subversion clients retrieved cached authentication credentials using the MD5 hash of the server realm string without also checking the server's URL. A malicious server able to provide a realm that triggers an MD5 collision could possibly use this flaw to obtain the credentials for a different realm. 
CVE-2014-8108 (VulnLIB link)
A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled certain requests for URIs that trigger a lookup of a virtual transaction name. A remote, unauthenticated attacker could send a request for a virtual transaction name that does not exist, causing mod_dav_svn to crash. 

Affected releases:
Red Hat Enterprise Linux Desktop (v. 7)
Red Hat Enterprise Linux HPC Node (v. 7)
Red Hat Enterprise Linux Server (v. 7)
Red Hat Enterprise Linux Workstation (v. 7)
Software description:
subversion
Solution:
Check VulnLIB for fixes for CVEs listed above and the source.
Source:
RHSA-2015:0166-1 - Moderate: subversion security update

Fixed vulnerabilities:
CVE-2014-7822 (VulnLIB link)
A flaw was found in the way the Linux kernel's splice() system call validated its parameters. On certain file systems, a local, unprivileged user could use this flaw to write past the maximum file size, and thus crash the system.

Affected releases:
CentOS 5
Software description:
kernel
Solution:
Check VulnLIB for fixes for CVEs listed above and the source.
Source:

CESA-2015:0164 Moderate CentOS 5 kernel Security Update

Fixed vulnerabilities:
CVE-2014-3580 (VulnLIB link)
A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled REPORT requests. A remote, unauthenticated attacker could use a specially crafted REPORT request to crash mod_dav_svn. 
CVE-2014-3528 (VulnLIB link)
It was discovered that Subversion clients retrieved cached authentication credentials using the MD5 hash of the server realm string without also checking the server's URL. A malicious server able to provide a realm that triggers an MD5 collision could possibly use this flaw to obtain the credentials for a different realm. 
CVE-2014-8108 (VulnLIB link)
A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled certain requests for URIs that trigger a lookup of a virtual transaction name. A remote, unauthenticated attacker could send a request for a virtual transaction name that does not exist, causing mod_dav_svn to crash. 

Affected releases:
CentOS 7
Software description:
subversion
Solution:
Check VulnLIB for fixes for CVEs listed above and the source.
Source:

CESA-2015:0166 Moderate CentOS 7 subversion Security Update

Fixed vulnerabilities:
CVE-2014-3580 (VulnLIB link)
A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled REPORT requests. A remote, unauthenticated attacker could use a specially crafted REPORT request to crash mod_dav_svn. 
CVE-2014-3528 (VulnLIB link)
It was discovered that Subversion clients retrieved cached authentication credentials using the MD5 hash of the server realm string without also checking the server's URL. A malicious server able to provide a realm that triggers an MD5 collision could possibly use this flaw to obtain the credentials for a different realm. 

Affected releases:
CentOS 6
Software description:
subversion
Solution:
Check VulnLIB for fixes for CVEs listed above and the source.
Source:

CESA-2015:0165 Moderate CentOS 6 subversion Security Update

Fixed vulnerabilities:
CVE-2015-1209 (VulnLIB link)
A use-after-free bug was discovered in the DOM implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process.
CVE-2015-1210 (VulnLIB link)
It was discovered that V8 did not properly consider frame access restrictions when throwing exceptions in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same origin restrictions.
CVE-2015-1211 (VulnLIB link)
It was discovered that Chromium did not properly restrict the URI scheme during ServiceWorker registration. If a user were tricked in to downloading and opening a specially crafted HTML file, an attacker could potentially exploit this to bypass security restrictions.
CVE-2015-1212 (VulnLIB link)
Multiple security issues were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking the program.

Affected releases:
Ubuntu 14.10
Ubuntu 14.04 LTS
Software description:
oxide-qt - Web browser engine library for Qt (QML plugin) 
Solution:
Check VulnLIB for fixes for CVEs listed above and the source.
Source:

USN-2495-1: Oxide vulnerabilities

Fixed vulnerabilities:
CVE-2014-5351 (VulnLIB link)
It was discovered that Kerberos incorrectly sent old keys in response to a -randkey -keepold request. An authenticated remote attacker could use this issue to forge tickets by leveraging administrative access. This issue only affected Ubuntu 10.04 LTS, Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.
CVE-2014-5352 (VulnLIB link)
It was discovered that the libgssapi_krb5 library incorrectly processed security context handles. A remote attacker could use this issue to cause a denial of service, or possibly execute arbitrary code.
CVE-2014-5353 (VulnLIB link)
Patrik Kis discovered that Kerberos incorrectly handled LDAP queries with no results. An authenticated remote attacker could use this issue to cause the KDC to crash, resulting in a denial of service.
CVE-2014-5354 (VulnLIB link)
It was discovered that Kerberos incorrectly handled creating database entries for a keyless principal when using LDAP. An authenticated remote attacker could use this issue to cause the KDC to crash, resulting in a denial of service.
CVE-2014-9421 (VulnLIB link)
It was discovered that Kerberos incorrectly handled memory when processing XDR data. A remote attacker could use this issue to cause kadmind to crash, resulting in a denial of service, or possibly execute arbitrary code.
CVE-2014-9422 (VulnLIB link)
It was discovered that Kerberos incorrectly handled two-component server principals. A remote attacker could use this issue to perform impersonation attacks.
CVE-2014-9423 (VulnLIB link)
It was discovered that the libgssrpc library leaked uninitialized bytes. A remote attacker could use this issue to possibly obtain sensitive information.

Affected releases:
Ubuntu 14.10
Ubuntu 14.04 LTS
Ubuntu 12.04 LTS
Ubuntu 10.04 LTS
Software description:
krb5 - MIT Kerberos Network Authentication Protocol
Solution:
Check VulnLIB for fixes for CVEs listed above and the source.
Source:

USN-2498-1: Kerberos vulnerabilities

Fixed vulnerabilities:

CVE-2014-8080 (VulnLIB link), CVE-2014-8090 (VulnLIB link)
The REXML parser could be coerced into allocating large string objects that could consume all available memory on the system. This could allow remote attackers to cause a denial of service (crash).

Affected distribution:
Debian 7 / wheezy
Debian 8 / jessie
Affected Packages:
ruby1.8
Solution:
Check VulnLIB for fixes for CVEs listed above and publisher advisory listed under source.
Source:

DSA-3159-1 ruby1.8 -- security update

Fixed vulnerabilities:

CVE-2014-9274 (VulnLIB link), CVE-2014-9275 (VulnLIB link)
Michal Zalewski and Hanno Boeck discovered several vulnerabilities in unrtf, a RTF to other formats converter, leading to a denial of service (application crash) or, potentially, the execution of arbitrary code.

Affected distribution:
Debian 7 / wheezy
Debian 8 / jessie
Affected Packages:
unrtf
Solution:
Check VulnLIB for fixes for CVEs listed above.
Source:

DSA-3158-1 unrtf -- security update

Fixed vulnerabilities:
CVE-2014-4975 (VulnLIB link)
The encodes() function in pack.c had an off-by-one error that could lead to a stack-based buffer overflow. This could allow remote attackers to cause a denial of service (crash) or arbitrary code execution.
CVE-2014-8080 (VulnLIB link), CVE-2014-8090 (VulnLIB link)
The REXML parser could be coerced into allocating large string objects that could consume all available memory on the system. This could allow remote attackers to cause a denial of service (crash).

Affected distribution:
Debian 7 / wheezy
Debian 8 / jessie
Affected Packages:
ruby1.9.1
Solution:
Check VulnLIB for fixes for CVEs listed above.
Source:

DSA-3157-1 ruby1.9.1 -- security update

Fixed vulnerabilities:
CVE-2014-9297 (VulnLIB link)
Stephen Roettger, Sebastian Krahmer, and Harlan Stenn discovered that NTP incorrectly handled the length value in extension fields. A remote attacker could use this issue to possibly obtain leaked information, or cause the NTP daemon to crash, resulting in a denial of service.
CVE-2014-9298 (VulnLIB link)
Stephen Roettger discovered that NTP incorrectly handled ACLs based on certain IPv6 addresses.

Affected releases:
Ubuntu 14.10
Ubuntu 14.04 LTS
Ubuntu 12.04 LTS
Ubuntu 10.04 LTS
Software description:
ntp - Network Time Protocol daemon and utility programs 
Solution:
Check VulnLIB for fixes for CVEs listed above.
Source:

USN-2497-1: NTP vulnerabilities

Fixed vulnerabilities:
CVE-2014-8485 (VulnLIB link)
Michal Zalewski discovered that the setup_group function in libbfd in GNU binutils did not properly check group headers in ELF files. An attacker could use this to craft input that could cause a denial of service (application crash) or possibly execute arbitrary code.
CVE-2014-8501 (VulnLIB link)
Hanno Böck discovered that the _bfd_XXi_swap_aouthdr_in function in libbfd in GNU binutils allowed out-of-bounds writes. An attacker could use this to craft input that could cause a denial of service (application crash) or possibly execute arbitrary code.
CVE-2014-8502 (VulnLIB link)
Hanno Böck discovered a heap-based buffer overflow in the pe_print_edata function in libbfd in GNU binutils. An attacker could use this to craft input that could cause a denial of service (application crash) or possibly execute arbitrary code.
CVE-2014-8737 (VulnLIB link)
Alexander Cherepanov discovered multiple directory traversal vulnerabilities in GNU binutils. An attacker could use this to craft input that could delete arbitrary files.
CVE-2014-8738 (VulnLIB link)
Alexander Cherepanov discovered the _bfd_slurp_extended_name_table function in libbfd in GNU binutils allowed invalid writes when handling extended name tables in an archive. An attacker could use this to craft input that could cause a denial of service (application crash) or possibly execute arbitrary code.
CVE-2014-8503 (VulnLIB link)
Hanno Böck discovered a stack-based buffer overflow in the ihex_scan function in libbfd in GNU binutils. An attacker could use this to craft input that could cause a denial of service (application crash).
CVE-2014-8504 (VulnLIB link)
Michal Zalewski discovered a stack-based buffer overflow in the srec_scan function in libbfd in GNU binutils. An attacker could use this to to craft input that could cause a denial of service (application crash); the GNU C library's Fortify Source printf protection should prevent the possibility of executing arbitrary code.
CVE-2014-8484 (VulnLIB link)
Michal Zalewski discovered that the srec_scan function in libbfd in GNU binutils allowed out-of-bounds reads. An attacker could use this to craft input to cause a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 12.04 LTS, and Ubuntu 10.04 LTS.
CVE-2012-3509 (VulnLIB link)
Sang Kil Cha discovered multiple integer overflows in the _objalloc_alloc function and objalloc_alloc macro in binutils. This could allow an attacker to cause a denial of service (application crash). This issue only affected Ubuntu 12.04 LTS and Ubuntu 10.04 LTS.

Affected releases:
Ubuntu 14.10
Ubuntu 14.04 LTS
Ubuntu 12.04 LTS
Ubuntu 10.04 LTS
Software description:
binutils - GNU assembler, linker and binary utilities
Solution:
Check VulnLIB for fixes for CVEs listed above.
Source:

USN-2496-1: GNU binutils vulnerabilities

Fixed vulnerabilities:
CVE-2014-9636 (VulnLIB link)
Michal Zalewski discovered that unzip incorrectly handled certain malformed zip archives. If a user or automated system were tricked into processing a specially crafted zip archive, an attacker could possibly execute arbitrary code.
Affected releases:
Ubuntu 14.10
Ubuntu 14.04 LTS
Ubuntu 12.04 LTS
Ubuntu 10.04 LTS
Software description:
unzip - De-archiver for .zip files
Solution:
Check VulnLIB for fixes for CVEs listed above.
Source:

USN-2489-1: unzip vulnerability

Thank you for your interest in a completely novel approach to IT security.

VulnLIB is the result of a long-term effort to pool precise data about software security vulnerabilities into a unified format that allows IT security managers to view the specific software versions affected by vulnerabilities and how to resolve them. For several years, Ciproc has been using its growing vulnerability database to provide IT security services to its customers. Today, we're announcing that we're making this vast resource available to the general public through the VulnLIB website for free.

VulnLIB is designed to support the needs of patch management in a highly efficient way, which we hope will translate into significant savings in terms of time and resources devoted to IT security.

VulnLIB is always growing, so each day, we hope it will be a little better than the day before. Any suggestions you may have to help us improve the service are most welcome. We wish you great success in exploring our data.