FontForge 20161012 does not ensure a positive size in a weight vector memcpy call in readcfftopdict (parsettf.c) resulting in DoS via a crafted otf file. Date published : 2017-07-23 http://www.debian.org/security/2017/dsa-3958 https://github.com/fontforge/fontforge/issues/3091
FontForge 20161012 is vulnerable to a buffer over-read in strnmatch (char.c) resulting in DoS or code execution via a crafted otf file, related to a call from the readttfcopyrights function in parsettf.c. Date published...
FontForge 20161012 is vulnerable to a heap-based buffer overflow in readcffset (parsettf.c) resulting in DoS or code execution via a crafted otf file. Date published : 2017-07-23 http://www.debian.org/security/2017/dsa-3958 https://github.com/fontforge/fontforge/issues/3090
FontForge 20161012 is vulnerable to a buffer over-read in ValidatePostScriptFontName (parsettf.c) resulting in DoS or code execution via a crafted otf file. Date published : 2017-07-23 https://github.com/fontforge/fontforge/issues/3098
FontForge 20161012 is vulnerable to a heap-based buffer over-read in readcfftopdicts (parsettf.c) resulting in DoS or code execution via a crafted otf file. Date published : 2017-07-23 http://www.debian.org/security/2017/dsa-3958 https://github.com/fontforge/fontforge/issues/3092
FontForge 20161012 is vulnerable to a stack-based buffer overflow in addnibble (parsettf.c) resulting in DoS or code execution via a crafted otf file. Date published : 2017-07-23 http://www.debian.org/security/2017/dsa-3958 https://github.com/fontforge/fontforge/issues/3087
FontForge 20161012 is vulnerable to a buffer over-read in umodenc (parsettf.c) resulting in DoS or code execution via a crafted otf file. Date published : 2017-07-23 https://github.com/fontforge/fontforge/issues/3097
FontForge 20161012 is vulnerable to a heap-based buffer over-read in readttfcopyrights (parsettf.c) resulting in DoS or code execution via a crafted otf file. Date published : 2017-07-23 http://www.debian.org/security/2017/dsa-3958 https://github.com/fontforge/fontforge/issues/3093
FontForge 20161012 is vulnerable to a heap-based buffer over-read in PSCharStringToSplines (psread.c) resulting in DoS or code execution via a crafted otf file. Date published : 2017-07-23 http://www.debian.org/security/2017/dsa-3958 https://github.com/fontforge/fontforge/issues/3089
debian/tor.init in the Debian tor_0.2.9.11-1~deb9u1 package for Tor was designed to execute aa-exec from the standard system pathname if the apparmor package is installed, but implements this incorrectly (with a wrong assumption that the...
Directory Traversal exists in ATutor before 2.2.2 via the icon parameter to /mods/_core/courses/users/create_course.php. The attacker can read an arbitrary file by visiting get_course_icon.php?id= after the traversal attack. Date published : 2017-07-22 https://github.com/atutor/ATutor/releases/tag/atutor_2_2_2 https://www.htbridge.com/advisory/HTB23297
A hard-coded account named ‘upgrade’ in Fortinet FortiWLM 8.3.0 and lower versions allows a remote attacker to log-in and execute commands with ‘upgrade’ account privileges. Date published : 2017-07-22 http://www.securityfocus.com/bid/99351 https://fortiguard.com/advisory/FG-IR-17-115
Hard-coded credentials in AmosConnect 8 allow remote attackers to gain full administrative privileges, including the ability to execute commands on the Microsoft Windows host platform with SYSTEM privileges by abusing AmosConnect Task Manager. Date...
Blind SQL injection in Inmarsat AmosConnect 8 login form allows remote attackers to access user credentials, including user names and passwords. Date published : 2017-07-22 http://www.securityfocus.com/bid/99899 https://www.kb.cert.org/vuls/id/586501