VYPR

linux

by Debian

Source repositories

CVEs (3,015)

  • CVE-2015-2788Apr 14, 2015
    risk 0.00cvss epss 0.04

    Multiple stack-based buffer overflows in the ib_fill_isqlda function in dbdimp.c in DBD-Firebird before 1.19 allow remote attackers to have unspecified impact via unknown vectors that trigger an error condition, related to binding octets to columns.

  • CVE-2015-2782Apr 8, 2015
    risk 0.00cvss epss 0.06

    Buffer overflow in Open-source ARJ archiver 3.10.22 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ARJ archive.

  • CVE-2015-2756Apr 1, 2015
    risk 0.00cvss epss 0.00

    QEMU, as used in Xen 3.3.x through 4.5.x, does not properly restrict access to PCI command registers, which might allow local HVM guest users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express…

  • CVE-2014-9713Apr 1, 2015
    risk 0.00cvss epss 0.02

    The default slapd configuration in the Debian openldap package 2.4.23-3 through 2.4.39-1.1 allows remote authenticated users to modify the user's permissions and other user attributes via unspecified vectors.

  • CVE-2015-2776Mar 31, 2015
    risk 0.00cvss epss 0.02

    The parse_SST function in FreeXL before 1.0.0i allows remote attackers to cause a denial of service (memory consumption) via a crafted shared strings table in a workbook.

  • CVE-2015-2754Mar 31, 2015
    risk 0.00cvss epss 0.03

    FreeXL before 1.0.0i allows remote attackers to cause a denial of service (stack corruption) and possibly execute arbitrary code via a crafted workbook, related to a "premature EOF."

  • CVE-2015-2753Mar 31, 2015
    risk 0.00cvss epss 0.03

    FreeXL before 1.0.0i allows remote attackers to cause a denial of service (stack corruption) or possibly execute arbitrary code via a crafted sector in a workbook.

  • CVE-2015-2684Mar 31, 2015
    risk 0.00cvss epss 0.02

    Shibboleth Service Provider (SP) before 2.5.4 allows remote authenticated users to cause a denial of service (crash) via a crafted SAML message.

  • CVE-2015-0838Mar 31, 2015
    risk 0.00cvss epss 0.03

    Buffer overflow in the C implementation of the apply_delta function in _pack.c in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a crafted pack file.

  • CVE-2014-9706Mar 31, 2015
    risk 0.00cvss epss 0.05

    The build_index_from_tree function in index.py in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a commit with a directory path starting with .git/, which is not properly handled when checking out a working tree.

  • CVE-2014-9653Mar 30, 2015
    risk 0.00cvss epss 0.05

    readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service…

  • CVE-2015-2157Mar 27, 2015
    risk 0.00cvss epss 0.01

    The (1) ssh2_load_userkey and (2) ssh2_save_userkey functions in PuTTY 0.51 through 0.63 do not properly wipe SSH-2 private keys from memory, which allows local users to obtain sensitive information by reading the memory.

  • CVE-2015-2559Mar 25, 2015
    risk 0.00cvss epss 0.02

    Drupal 6.x before 6.35 and 7.x before 7.35 allows remote authenticated users to reset the password of other accounts by leveraging an account with the same password hash as another account and a crafted password reset URL.

  • CVE-2015-2317Mar 25, 2015
    risk 0.00cvss epss 0.05

    The utils.http.is_safe_url function in Django before 1.4.20, 1.5.x, 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1 does not properly validate URLs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a control character in a URL, as…

  • CVE-2015-0252Mar 24, 2015
    risk 0.00cvss epss 0.40

    internal/XMLReader.cpp in Apache Xerces-C before 3.1.2 allows remote attackers to cause a denial of service (segmentation fault and crash) via crafted XML data.

  • CVE-2015-1803Mar 20, 2015
    risk 0.00cvss epss 0.05

    The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly handle character bitmaps it cannot read, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) and…

  • CVE-2015-1421Mar 16, 2015
    risk 0.00cvss epss 0.10

    Use-after-free vulnerability in the sctp_assoc_update function in net/sctp/associola.c in the Linux kernel before 3.18.8 allows remote attackers to cause a denial of service (slab corruption and panic) or possibly have unspecified other impact by triggering an INIT collision…

  • CVE-2015-1420Mar 16, 2015
    risk 0.00cvss epss 0.00

    Race condition in the handle_to_path function in fs/fhandle.c in the Linux kernel through 3.19.1 allows local users to bypass intended size restrictions and trigger read operations on additional memory locations by changing the handle_bytes value of a file handle during the…

  • CVE-2014-8159Mar 16, 2015
    risk 0.00cvss epss 0.00

    The InfiniBand (IB) implementation in the Linux kernel package before 2.6.32-504.12.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly restrict use of User Verbs for registration of memory regions, which allows local users to access arbitrary physical memory locations, and…

  • CVE-2015-1782Mar 13, 2015
    risk 0.00cvss epss 0.04

    The kex_agree_methods function in libssh2 before 1.5.0 allows remote servers to cause a denial of service (crash) or have other unspecified impact via crafted length values in an SSH_MSG_KEXINIT packet.

Page 115 of 151