Resolved Bugs
1227243 – CVE-2015-0848, CVE-2015-4588 libwmf: heap overflow when decoding BMP images
1227244 – CVE-2015-0848 libwmf: heap overflow when decoding BMP images [fedora-all]<br
CVE-2015-0848 Heap overflow
CVE-2015-4588 RLE decoding doesn’t check that the “count” fits into the image
CVE-2015-4695 meta_pen_create heap buffer overflow
CVE-2015-4696 wmf2gd/wmf2eps use after free
CVE-2015-0848 heap overflow when decoding BMP images
CVE-2015-0848 libwmf: heap overflow when decoding BMP images
Monthly Archives: June 2015
WordPress Nextend Twitter Connect 1.5.1 Cross Site Scripting
WordPress Nextend Twitter Connect plugin version 1.5.1 suffers from a cross site scripting vulnerability.
Fedora 21 Security Update: libwmf-0.2.8.4-45.fc21
CVE-2015-0848 Heap overflow
CVE-2015-4588 RLE decoding doesn’t check that the “count” fits into the image
CVE-2015-4695 meta_pen_create heap buffer overflow
CVE-2015-4696 wmf2gd/wmf2eps use after free
Fedora 20 Security Update: ecryptfs-utils-106-1.fc20
Fedora 21 Security Update: ecryptfs-utils-106-1.fc21
CVE-2014-4875 (chec)
CreateBossCredentials.jar in Toshiba CHEC before 6.6 build 4014 and 6.7 before build 4329 contains a hardcoded AES key, which allows attackers to discover Back Office System Server (BOSS) DB2 database credentials by leveraging knowledge of this key in conjunction with bossinfo.pro read access.
CVE-2015-2308 (symfony)
Eval injection vulnerability in the HttpCache class in HttpKernel in Symfony 2.x before 2.3.27, 2.4.x and 2.5.x before 2.5.11, and 2.6.x before 2.6.6 allows remote attackers to execute arbitrary PHP code via a language=”php” attribute of a SCRIPT element.
CVE-2015-3109 (photoshop_cc)
Adobe Photoshop CC before 16.0 (aka 2015.0.0) allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
CVE-2015-3110 (bridge, photoshop_cc)
Integer overflow in Adobe Photoshop CC before 16.0 (aka 2015.0.0) and Adobe Bridge CC before 6.11 allows attackers to execute arbitrary code via unspecified vectors.
CVE-2015-3112 (bridge, photoshop_cc)
Adobe Photoshop CC before 16.0 (aka 2015.0.0) and Adobe Bridge CC before 6.11 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.