VYPR

Fedora

by Fedoraproject

CVEs (790)

  • CVE-2015-2151Mar 12, 2015
    risk 0.00cvss epss 0.01

    The x86 emulator in Xen 3.2.x through 4.5.x does not properly ignore segment overrides for instructions with register operands, which allows local guest users to obtain sensitive information, cause a denial of service (memory corruption), or possibly execute arbitrary code via…

  • CVE-2015-2045Mar 12, 2015
    risk 0.00cvss epss 0.00

    The HYPERVISOR_xen_version hypercall in Xen 3.2.x through 4.5.x does not properly initialize data structures, which allows local guest users to obtain sensitive information via unspecified vectors.

  • CVE-2014-8112Mar 10, 2015
    risk 0.00cvss epss 0.02

    389 Directory Server 1.3.1.x, 1.3.2.x before 1.3.2.27, and 1.3.3.x before 1.3.3.9 stores "unhashed" passwords even when the nsslapd-unhashed-pw-switch option is set to off, which allows remote authenticated users to obtain sensitive information by reading the Changelog.

  • CVE-2014-8105Mar 10, 2015
    risk 0.00cvss epss 0.02

    389 Directory Server before 1.3.2.27 and 1.3.3.x before 1.3.3.9 does not properly restrict access to the "cn=changelog" LDAP sub-tree, which allows remote attackers to obtain sensitive information from the changelog via unspecified vectors.

  • CVE-2015-2206Mar 9, 2015
    risk 0.00cvss epss 0.03

    libraries/select_lang.lib.php in phpMyAdmin 4.0.x before 4.0.10.9, 4.2.x before 4.2.13.2, and 4.3.x before 4.3.11.1 includes invalid language values in unknown-language error responses that contain a CSRF token and may be sent with HTTP compression, which makes it easier for…

  • CVE-2015-1464Mar 9, 2015
    risk 0.00cvss epss 0.02

    RT (aka Request Tracker) before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to hijack sessions via an RSS feed URL.

  • CVE-2015-1165Mar 9, 2015
    risk 0.00cvss epss 0.02

    RT (aka Request Tracker) 3.8.8 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to obtain sensitive RSS feed URLs and ticket data via unspecified vectors.

  • CVE-2014-9472Mar 9, 2015
    risk 0.00cvss epss 0.03

    The email gateway in RT (aka Request Tracker) 3.0.0 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to cause a denial of service (CPU and disk consumption) via a crafted email.

  • CVE-2015-0886Feb 28, 2015
    risk 0.00cvss epss 0.05

    Integer overflow in the crypt_raw method in the key-stretching implementation in jBCrypt before 0.4 makes it easier for remote attackers to determine cleartext values of password hashes via a brute-force attack against hashes associated with the maximum exponent.

  • CVE-2014-9465Feb 19, 2015
    risk 0.00cvss epss 0.03

    senddocument.php in Zarafa WebApp before 2.0 beta 3 and WebAccess in Zarafa Collaboration Platform (ZCP) 7.x before 7.1.12 beta 1 and 7.2.x before 7.2.0 beta 1 allows remote attackers to cause a denial of service (/tmp disk consumption) by uploading a large number of files.

  • CVE-2015-0247Feb 17, 2015
    risk 0.00cvss epss 0.01

    Heap-based buffer overflow in openfs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code via crafted block group descriptor data in a filesystem image.

  • CVE-2015-1563Feb 9, 2015
    risk 0.00cvss epss 0.00

    The ARM GIC distributor virtualization in Xen 4.4.x and 4.5.x allows local guests to cause a denial of service by causing a large number messages to be logged.

  • CVE-2014-9675Feb 8, 2015
    risk 0.00cvss epss 0.04

    bdf/bdflib.c in FreeType before 2.5.4 identifies property names by only verifying that an initial substring is present, which allows remote attackers to discover heap pointer values and bypass the ASLR protection mechanism via a crafted BDF font.

  • CVE-2014-9674Feb 8, 2015
    risk 0.00cvss epss 0.06

    The Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 proceeds with adding to length values without validating the original values, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly…

  • CVE-2014-9670Feb 8, 2015
    risk 0.00cvss epss 0.04

    Multiple integer signedness errors in the pcf_get_encodings function in pcf/pcfread.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (integer overflow, NULL pointer dereference, and application crash) via a crafted PCF file that specifies negative…

  • CVE-2014-9669Feb 8, 2015
    risk 0.00cvss epss 0.04

    Multiple integer overflows in sfnt/ttcmap.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (out-of-bounds read or memory corruption) or possibly have unspecified other impact via a crafted cmap SFNT table.

  • CVE-2014-9668Feb 8, 2015
    risk 0.00cvss epss 0.02

    The woff_open_font function in sfnt/sfobjs.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting length values, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have…

  • CVE-2014-9667Feb 8, 2015
    risk 0.00cvss epss 0.03

    sfnt/ttload.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting the values, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact via a crafted SFNT table.

  • CVE-2014-9666Feb 8, 2015
    risk 0.00cvss epss 0.04

    The tt_sbit_decoder_init function in sfnt/ttsbit.c in FreeType before 2.5.4 proceeds with a count-to-size association without restricting the count value, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have…

  • CVE-2014-9665Feb 8, 2015
    risk 0.00cvss epss 0.05

    The Load_SBit_Png function in sfnt/pngshim.c in FreeType before 2.5.4 does not restrict the rows and pitch values of PNG data, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact…

Page 30 of 40