VYPR

Linux

by Oracle Corporation

CVEs (223)

  • CVE-2016-1954HigMar 13, 2016
    risk 0.57cvss 8.8epss 0.02

    The nsCSPContext::SendReports function in dom/security/nsCSPContext.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not prevent use of a non-HTTP report-uri for a Content Security Policy (CSP) violation report, which allows remote attackers to cause a…

  • CVE-2016-1952HigMar 13, 2016
    risk 0.57cvss 8.8epss 0.03

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

  • CVE-2015-1779HigJan 12, 2016
    risk 0.56cvss 8.6epss 0.07

    The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section.

  • CVE-2016-4997HigJul 3, 2016
    risk 0.54cvss 7.8epss 0.06

    The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a…

  • CVE-2016-0778HigJan 14, 2016
    risk 0.54cvss 8.1epss 0.20

    The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a…

  • CVE-2016-3477HigJul 21, 2016
    risk 0.53cvss 8.1epss 0.00

    Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows local users to affect confidentiality, integrity, and availability via vectors related to…

  • CVE-2016-5386HigJul 19, 2016
    risk 0.53cvss 8.1epss 0.05

    The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to…

  • CVE-2016-4555HigMay 10, 2016
    risk 0.53cvss 7.5epss 0.54

    client_side_request.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via crafted Edge Side Includes (ESI) responses.

  • CVE-2016-1714HigApr 7, 2016
    risk 0.53cvss 8.1epss 0.06

    The (1) fw_cfg_write and (2) fw_cfg_read functions in hw/nvram/fw_cfg.c in QEMU before 2.4, when built with the Firmware Configuration device emulation support, allow guest OS users with the CAP_SYS_RAWIO privilege to cause a denial of service (out-of-bounds read or write access…

  • CVE-2016-6302HigSep 16, 2016
    risk 0.51cvss 7.5epss 0.26

    The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of service via a ticket that is too short.

  • CVE-2016-2181HigSep 16, 2016
    risk 0.51cvss 7.5epss 0.23

    The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number, which allows remote attackers to cause a denial of service (false-positive packet drops) via spoofed DTLS records,…

  • CVE-2016-2179HigSep 16, 2016
    risk 0.51cvss 7.5epss 0.27

    The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service (memory consumption) by maintaining many crafted DTLS sessions…

  • CVE-2016-5126HigJun 1, 2016
    risk 0.51cvss 7.8epss 0.01

    Heap-based buffer overflow in the iscsi_aio_ioctl function in block/iscsi.c in QEMU allows local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call.

  • CVE-2016-4951HigMay 23, 2016
    risk 0.51cvss 7.8epss 0.01

    The tipc_nl_publ_dump function in net/tipc/socket.c in the Linux kernel through 4.6 does not verify socket existence, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a dumpit…

  • CVE-2016-4913HigMay 23, 2016
    risk 0.51cvss 7.8epss 0.01

    The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles NM (aka alternate name) entries containing \0 characters, which allows local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via…

  • CVE-2016-4805HigMay 23, 2016
    risk 0.51cvss 7.8epss 0.00

    Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel before 4.5.2 allows local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to…

  • CVE-2016-4556HigMay 10, 2016
    risk 0.51cvss 7.5epss 0.23

    Double free vulnerability in Esi.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via a crafted Edge Side Includes (ESI) response.

  • CVE-2016-5388HigJul 19, 2016
    risk 0.50cvss 8.1epss 0.51

    Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote…

  • CVE-2015-7701HigAug 7, 2017
    risk 0.49cvss 7.5epss 0.07

    Memory leak in the CRYPTO_ASSOC function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (memory consumption).

  • CVE-2015-7692HigAug 7, 2017
    risk 0.49cvss 7.5epss 0.07

    The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.

Page 4 of 12