VYPR

linux

by Debian

Source repositories

CVEs (3,015)

  • CVE-2015-6496Aug 24, 2015
    risk 0.00cvss epss 0.03

    conntrackd in conntrack-tools 1.4.2 and earlier does not ensure that the optional kernel modules are loaded before using them, which allows remote attackers to cause a denial of service (crash) via a (1) DCCP, (2) SCTP, or (3) ICMPv6 packet.

  • CVE-2014-6272Aug 24, 2015
    risk 0.00cvss epss 0.02

    Multiple integer overflows in the evbuffer API in Libevent 1.4.x before 1.4.15, 2.0.x before 2.0.22, and 2.1.x before 2.1.5-beta allow context-dependent attackers to cause a denial of service or possibly have other unspecified impact via "insanely large inputs" to the (1)…

  • CVE-2015-3219Aug 20, 2015
    risk 0.00cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in OpenStack Dashboard (Horizon) 2014.2 before 2014.2.4 and 2015.1.x before 2015.1.1 allows remote attackers to inject arbitrary web script or HTML via the description parameter in a heat template, which…

  • CVE-2015-5523Aug 11, 2015
    risk 0.00cvss epss 0.04

    The ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving multiple whitespace characters before an empty href, which triggers a large memory allocation.

  • CVE-2015-5522Aug 11, 2015
    risk 0.00cvss epss 0.05

    Heap-based buffer overflow in the ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving a command character in an href.

  • CVE-2015-3636Aug 6, 2015
    risk 0.00cvss epss 0.02

    The ping_unhash function in net/ipv4/ping.c in the Linux kernel before 4.0.3 does not initialize a certain list data structure during an unhash operation, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) by leveraging the…

  • CVE-2015-4167Aug 5, 2015
    risk 0.00cvss epss 0.00

    The udf_read_inode function in fs/udf/inode.c in the Linux kernel before 3.19.1 does not validate certain length values, which allows local users to cause a denial of service (incorrect data representation or integer overflow, and OOPS) via a crafted UDF filesystem.

  • CVE-2015-3439Aug 5, 2015
    risk 0.00cvss epss 0.06

    Cross-site scripting (XSS) vulnerability in the Ephox (formerly Moxiecode) plupload.flash.swf shim 2.1.2 in Plupload, as used in WordPress 3.9.x, 4.0.x, and 4.1.x before 4.1.2 and other products, allows remote attackers to execute same-origin JavaScript functions via the target…

  • CVE-2015-3438Aug 5, 2015
    risk 0.00cvss epss 0.08

    Multiple cross-site scripting (XSS) vulnerabilities in WordPress before 4.1.2, when MySQL is used without strict mode, allow remote attackers to inject arbitrary web script or HTML via a (1) four-byte UTF-8 character or (2) invalid character that reaches the database layer, as…

  • CVE-2015-5623Aug 3, 2015
    risk 0.00cvss epss 0.09

    WordPress before 4.2.3 does not properly verify the edit_posts capability, which allows remote authenticated users to bypass intended access restrictions and create drafts by leveraging the Subscriber role, as demonstrated by a post-quickdraft-save action to wp-admin/post.php.

  • CVE-2015-5622Aug 3, 2015
    risk 0.00cvss epss 0.06

    Cross-site scripting (XSS) vulnerability in WordPress before 4.2.3 allows remote authenticated users to inject arbitrary web script or HTML by leveraging the Author or Contributor role to place a crafted shortcode inside an HTML element, related to wp-includes/kses.php and…

  • CVE-2015-3440Aug 3, 2015
    risk 0.00cvss epss 0.18

    Cross-site scripting (XSS) vulnerability in wp-includes/wp-db.php in WordPress before 4.2.1 allows remote attackers to inject arbitrary web script or HTML via a long comment that is improperly stored because of limitations on the MySQL TEXT data type.

  • CVE-2015-1289Jul 23, 2015
    risk 0.00cvss epss 0.01

    Multiple unspecified vulnerabilities in Google Chrome before 44.0.2403.89 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

  • CVE-2015-1288Jul 23, 2015
    risk 0.00cvss epss 0.01

    The Spellcheck API implementation in Google Chrome before 44.0.2403.89 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted…

  • CVE-2015-1287Jul 23, 2015
    risk 0.00cvss epss 0.01

    Blink, as used in Google Chrome before 44.0.2403.89, enables a quirks-mode exception that limits the cases in which a Cascading Style Sheets (CSS) document is required to have the text/css content type, which allows remote attackers to bypass the Same Origin Policy via a crafted…

  • CVE-2015-1286Jul 23, 2015
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the V8ContextNativeHandler::GetModuleSystem function in extensions/renderer/v8_context_native_handler.cc in Google Chrome before 44.0.2403.89 allows remote attackers to inject arbitrary web script or HTML by leveraging the lack of a…

  • CVE-2015-1285Jul 23, 2015
    risk 0.00cvss epss 0.01

    The XSSAuditor::canonicalize function in core/html/parser/XSSAuditor.cpp in the XSS auditor in Blink, as used in Google Chrome before 44.0.2403.89, does not properly choose a truncation point, which makes it easier for remote attackers to obtain sensitive information via an…

  • CVE-2015-1282Jul 23, 2015
    risk 0.00cvss epss 0.02

    Multiple use-after-free vulnerabilities in fpdfsdk/src/javascript/Document.cpp in PDFium, as used in Google Chrome before 44.0.2403.89, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document, related to the (1)…

  • CVE-2015-1281Jul 23, 2015
    risk 0.00cvss epss 0.02

    core/loader/ImageLoader.cpp in Blink, as used in Google Chrome before 44.0.2403.89, does not properly determine the V8 context of a microtask, which allows remote attackers to bypass Content Security Policy (CSP) restrictions by providing an image from an unintended source.

  • CVE-2015-1280Jul 23, 2015
    risk 0.00cvss epss 0.02

    SkPictureShader.cpp in Skia, as used in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging access to a renderer process and providing crafted serialized data.

Page 109 of 151