VYPR

linux

by Debian

Source repositories

CVEs (3,015)

  • CVE-2014-3564Oct 20, 2014
    risk 0.00cvss epss 0.04

    Multiple heap-based buffer overflows in the status_handler function in (1) engine-gpgsm.c and (2) engine-uiserver.c in GPGME before 1.5.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to "different line…

  • CVE-2014-3686Oct 16, 2014
    risk 0.00cvss epss 0.05

    wpa_supplicant and hostapd 0.7.2 through 2.2, when running with certain configurations and using wpa_cli or hostapd_cli with action scripts, allows remote attackers to execute arbitrary commands via a crafted frame.

  • CVE-2014-1829Oct 15, 2014
    risk 0.00cvss epss 0.02

    Requests (aka python-requests) before 2.3.0 allows remote servers to obtain a netrc password by reading the Authorization header in a redirected request.

  • CVE-2014-5270Oct 10, 2014
    risk 0.00cvss epss 0.01

    Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext randomization, which makes it easier for physically proximate attackers to conduct key-extraction attacks by leveraging the ability to collect voltage…

  • CVE-2014-7204Oct 7, 2014
    risk 0.00cvss epss 0.04

    jscript.c in Exuberant Ctags 5.8 allows remote attackers to cause a denial of service (infinite loop and CPU and disk consumption) via a crafted JavaScript file.

  • CVE-2014-6054Oct 6, 2014
    risk 0.00cvss epss 0.06

    The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier allows remote attackers to cause a denial of service (divide-by-zero error and server crash) via a zero value in the scaling factor in a (1) PalmVNCSetScaleFactor or (2)…

  • CVE-2014-7155Oct 2, 2014
    risk 0.00cvss epss 0.01

    The x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen 4.4.x and earlier does not properly check supervisor mode permissions, which allows local HVM users to cause a denial of service (guest crash) or gain guest kernel mode privileges via vectors involving an (1)…

  • CVE-2014-7154Oct 2, 2014
    risk 0.00cvss epss 0.01

    Race condition in HVMOP_track_dirty_vram in Xen 4.0.0 through 4.4.x does not ensure possession of the guarding lock for dirty video RAM tracking, which allows certain local guest domains to cause a denial of service via unspecified vectors.

  • CVE-2014-6055Sep 30, 2014
    risk 0.00cvss epss 0.08

    Multiple stack-based buffer overflows in the File Transfer feature in rfbserver.c in LibVNCServer 0.9.9 and earlier allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a (1) long file or (2) directory name or the (3)…

  • CVE-2014-6051Sep 30, 2014
    risk 0.00cvss epss 0.08

    Integer overflow in the MallocFrameBuffer function in vncviewer.c in LibVNCServer 0.9.9 and earlier allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via an advertisement for a large screen size, which triggers a heap-based buffer…

  • CVE-2014-3169Aug 27, 2014
    risk 0.00cvss epss 0.03

    Use-after-free vulnerability in core/dom/ContainerNode.cpp in the DOM implementation in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging script execution that occurs…

  • CVE-2014-3168Aug 27, 2014
    risk 0.00cvss epss 0.02

    Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper caching associated with animation.

  • CVE-2014-0481Aug 26, 2014
    risk 0.00cvss epss 0.02

    The default configuration for the file upload handling system in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 uses a sequential file name generation process when a file with a conflicting name is uploaded, which allows remote…

  • CVE-2014-5266Aug 18, 2014
    risk 0.00cvss epss 0.24

    The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, does not limit the number of elements in an XML document, which allows remote attackers to cause a denial of service (CPU consumption) via a large document, a…

  • CVE-2014-5265Aug 18, 2014
    risk 0.00cvss epss 0.03

    The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, permits entity declarations without considering recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU…

  • CVE-2014-5240Aug 18, 2014
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in wp-includes/pluggable.php in WordPress before 3.9.2, when Multisite is enabled, allows remote authenticated administrators to inject arbitrary web script or HTML, and obtain Super Admin privileges, via a crafted avatar URL.

  • CVE-2014-5204Aug 18, 2014
    risk 0.00cvss epss 0.02

    wp-includes/pluggable.php in WordPress before 3.9.2 rejects invalid CSRF nonces with a different timing depending on which characters in the nonce are incorrect, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force attack.

  • CVE-2014-4344Aug 14, 2014
    risk 0.00cvss epss 0.07

    The acc_ctx_cont function in the SPNEGO acceptor in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty continuation…

  • CVE-2014-4343Aug 14, 2014
    risk 0.00cvss epss 0.06

    Double free vulnerability in the init_ctx_reselect function in the SPNEGO initiator in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.10.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (memory corruption) or possibly execute…

  • CVE-2014-3167Aug 13, 2014
    risk 0.00cvss epss 0.01

    Multiple unspecified vulnerabilities in Google Chrome before 36.0.1985.143 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

Page 121 of 151