Fedoraproject

Fedora

5353 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2014-9659

Exploit
  • EPSS 2.87%
  • Veröffentlicht 08.02.2015 11:59:21
  • Zuletzt bearbeitet 12.04.2025 10:46:40

cff/cf2intrp.c in the CFF CharString interpreter in FreeType before 2.5.4 proceeds with additional hints after the hint mask has been computed, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer o...

7.5

CVE-2014-9658

Exploit
  • EPSS 1.52%
  • Veröffentlicht 08.02.2015 11:59:20
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5.4 enforces an incorrect minimum table length, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a craft...

7.5

CVE-2014-9657

Exploit
  • EPSS 1.52%
  • Veröffentlicht 08.02.2015 11:59:19
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a cr...

7.5

CVE-2014-9656

Exploit
  • EPSS 2.46%
  • Veröffentlicht 08.02.2015 11:59:15
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The tt_sbit_decoder_load_image function in sfnt/ttsbit.c in FreeType before 2.5.4 does not properly check for an integer overflow, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impa...

5

CVE-2014-9636

  • EPSS 65.04%
  • Veröffentlicht 06.02.2015 15:59:06
  • Zuletzt bearbeitet 12.04.2025 10:46:40

unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression.

7.5

CVE-2015-1462

  • EPSS 1.14%
  • Veröffentlicht 03.02.2015 16:59:34
  • Zuletzt bearbeitet 12.04.2025 10:46:40

ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upx packer file, related to a "heap out of bounds condition."

5

CVE-2015-1463

  • EPSS 1.88%
  • Veröffentlicht 03.02.2015 16:59:34
  • Zuletzt bearbeitet 12.04.2025 10:46:40

ClamAV before 0.98.6 allows remote attackers to cause a denial of service (crash) via a crafted petite packer file, related to an "incorrect compiler optimization."

7.5

CVE-2015-1461

  • EPSS 1.14%
  • Veröffentlicht 03.02.2015 16:59:33
  • Zuletzt bearbeitet 12.04.2025 10:46:40

ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted (1) Yoda's crypter or (2) mew packer file, related to a "heap out of bounds condition."

4.3

CVE-2015-1433

Exploit
  • EPSS 0.59%
  • Veröffentlicht 03.02.2015 16:59:24
  • Zuletzt bearbeitet 12.04.2025 10:46:40

program/lib/Roundcube/rcube_washtml.php in Roundcube before 1.0.5 does not properly quote strings, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the style attribute in an email.

7.5

CVE-2014-9328

  • EPSS 6.07%
  • Veröffentlicht 03.02.2015 16:59:02
  • Zuletzt bearbeitet 12.04.2025 10:46:40

ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upack packer file, related to a "heap out of bounds condition."