Security Vulnerabilities
- CVEs Published In November 2017
October CMS build 412 is vulnerable to file path modification in asset move functionality resulting in creating creating malicious files on the server.
tcmu-runner daemon version 0.9.0 to 1.2.0 is vulnerable to invalid memory references in the handler_glfs.so handler resulting in denial of service
tcmu-runner version 0.91 up to 1.20 is vulnerable to information disclosure in handler_qcow.so resulting in non-privileged users being able to check for existence of any file with root privileges.
tcmu-runner version 1.0.5 to 1.2.0 is vulnerable to a dbus triggered NULL pointer dereference in the tcmu-runner daemon's on_unregister_handler() function resulting in denial of service
In SWFTools, an address access exception was found in swfdump swf_GetBits().
In SWFTools, a memcpy buffer overflow was found in swfc.
In SWFTools, a memory leak was found in wav2swf.
In SWFTools, a memcpy buffer overflow was found in gif2swf.
In SWFTools, a stack overflow was found in pdf2swf.
In SWFTools, an address access exception was found in pdf2swf. FoFiTrueType::writeTTF()