VYPR

Fedora

by Fedoraproject

CVEs (790)

  • CVE-2014-9664Feb 8, 2015
    risk 0.00cvss epss 0.04

    FreeType before 2.5.4 does not check for the end of the data during certain parsing actions, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted Type42 font, related to type42/t42parse.c and…

  • CVE-2014-9663Feb 8, 2015
    risk 0.00cvss epss 0.05

    The tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before 2.5.4 validates a certain length field before that field's value is completely calculated, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact…

  • CVE-2014-9662Feb 8, 2015
    risk 0.00cvss epss 0.04

    cff/cf2ft.c in FreeType before 2.5.4 does not validate the return values of point-allocation functions, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted OTF font.

  • CVE-2014-9661Feb 8, 2015
    risk 0.00cvss epss 0.04

    type42/t42parse.c in FreeType before 2.5.4 does not consider that scanning can be incomplete without triggering an error, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted Type42 font.

  • CVE-2014-9660Feb 8, 2015
    risk 0.00cvss epss 0.05

    The _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before 2.5.4 does not properly handle a missing ENDCHAR record, which allows remote attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted BDF font.

  • CVE-2014-9658Feb 8, 2015
    risk 0.00cvss epss 0.05

    The tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5.4 enforces an incorrect minimum table length, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font.

  • CVE-2014-9657Feb 8, 2015
    risk 0.00cvss epss 0.05

    The tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font.

  • CVE-2014-9656Feb 8, 2015
    risk 0.00cvss epss 0.05

    The tt_sbit_decoder_load_image function in sfnt/ttsbit.c in FreeType before 2.5.4 does not properly check for an integer overflow, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted OpenType…

  • CVE-2015-1463Feb 3, 2015
    risk 0.00cvss epss 0.03

    ClamAV before 0.98.6 allows remote attackers to cause a denial of service (crash) via a crafted petite packer file, related to an "incorrect compiler optimization."

  • CVE-2015-1462Feb 3, 2015
    risk 0.00cvss epss 0.03

    ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upx packer file, related to a "heap out of bounds condition."

  • CVE-2015-1461Feb 3, 2015
    risk 0.00cvss epss 0.03

    ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted (1) Yoda's crypter or (2) mew packer file, related to a "heap out of bounds condition."

  • CVE-2015-1433Feb 3, 2015
    risk 0.00cvss epss 0.03

    program/lib/Roundcube/rcube_washtml.php in Roundcube before 1.0.5 does not properly quote strings, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the style attribute in an email.

  • CVE-2014-9328Feb 3, 2015
    risk 0.00cvss epss 0.03

    ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upack packer file, related to a "heap out of bounds condition."

  • CVE-2014-8630Feb 1, 2015
    risk 0.00cvss epss 0.02

    Bugzilla before 4.0.16, 4.1.x and 4.2.x before 4.2.12, 4.3.x and 4.4.x before 4.4.7, and 5.x before 5.0rc1 allows remote authenticated users to execute arbitrary commands by leveraging the editcomponents privilege and triggering crafted input to a two-argument Perl open call, as…

  • CVE-2014-9639Jan 23, 2015
    risk 0.00cvss epss 0.04

    Integer overflow in oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (crash) via a crafted number of channels in a WAV file, which triggers an out-of-bounds memory access.

  • CVE-2014-9638Jan 23, 2015
    risk 0.00cvss epss 0.04

    oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a WAV file with the number of channels set to zero.

  • CVE-2015-0432Jan 21, 2015
    risk 0.00cvss epss 0.04

    Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DDL : Foreign Key.

  • CVE-2015-1038Jan 21, 2015
    risk 0.00cvss epss 0.03

    p7zip 9.20.1 allows remote attackers to write to arbitrary files via a symlink attack in an archive.

  • CVE-2015-0407Jan 21, 2015
    risk 0.00cvss epss 0.04

    Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to Swing.

  • CVE-2015-0383Jan 21, 2015
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allows local users to affect integrity and availability via unknown vectors related to Hotspot.

Page 31 of 40