VYPR

linux

by Debian

Source repositories

CVEs (3,007)

  • CVE-2017-5043HigApr 24, 2017
    risk 0.57cvss 8.8epss 0.01

    Chrome Apps in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac had a use after free bug in GuestView, which allowed a remote attacker to perform an out of bounds memory read via a crafted Chrome extension.

  • CVE-2017-5029HigApr 24, 2017
    risk 0.57cvss 8.8epss 0.02

    The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to…

  • CVE-2016-10195CriMar 15, 2017
    risk 0.57cvss 9.8epss 0.07

    The name_parse function in evdns.c in libevent before 2.1.6-beta allows remote attackers to have unspecified impact via vectors involving the label_len variable, which triggers an out-of-bounds stack read.

  • CVE-2016-8714HigMar 10, 2017
    risk 0.57cvss 8.8epss 0.02

    An exploitable buffer overflow vulnerability exists in the LoadEncoding functionality of the R programming language version 3.3.0. A specially crafted R script can cause a buffer overflow resulting in a memory corruption. An attacker can send a malicious R script to trigger this…

  • CVE-2017-5946CriFeb 27, 2017
    risk 0.57cvss 9.8epss 0.03

    The Zip::File component in the rubyzip gem before 1.2.1 for Ruby has a directory traversal vulnerability. If a site allows uploading of .zip files, an attacker can upload a malicious file that uses "../" pathname substrings to write arbitrary files to the filesystem.

  • CVE-2016-1245CriFeb 22, 2017
    risk 0.57cvss 9.8epss 0.04

    It was discovered that the zebra daemon in Quagga before 1.0.20161017 suffered from a stack-based buffer overflow when processing IPv6 Neighbor Discovery messages. The root cause was relying on BUFSIZ to be compatible with a message size; however, BUFSIZ is system-dependent.

  • CVE-2016-8677HigFeb 15, 2017
    risk 0.57cvss 8.8epss 0.04

    The AcquireQuantumPixels function in MagickCore/quantum.c in ImageMagick before 7.0.3-1 allows remote attackers to have unspecified impact via a crafted image file, which triggers a memory allocation failure.

  • CVE-2017-5611CriJan 30, 2017
    risk 0.57cvss 9.8epss 0.10

    SQL injection vulnerability in wp-includes/class-wp-query.php in WP_Query in WordPress before 4.7.2 allows remote attackers to execute arbitrary SQL commands by leveraging the presence of an affected plugin or theme that mishandles a crafted post type name.

  • CVE-2016-10160CriJan 24, 2017
    risk 0.57cvss 9.8epss 0.07

    Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PHAR archive with an alias mismatch.

  • CVE-2013-1430CriDec 16, 2016
    risk 0.57cvss 9.8epss 0.01

    An issue was discovered in xrdp before 0.9.1. When successfully logging in using RDP into an xrdp session, the file ~/.vnc/sesman_${username}_passwd is created. Its content is the equivalent of the user's cleartext password, DES encrypted with a known key.

  • CVE-2015-8871CriSep 21, 2016
    risk 0.57cvss 9.8epss 0.03

    Use-after-free vulnerability in the opj_j2k_write_mco function in j2k.c in OpenJPEG before 2.1.1 allows remote attackers to have unspecified impact via unknown vectors.

  • CVE-2016-6211HigSep 9, 2016
    risk 0.57cvss 8.8epss 0.03

    The User module in Drupal 7.x before 7.44 allows remote authenticated users to gain privileges via vectors involving contributed or custom code that triggers a rebuild of the user profile form.

  • CVE-2015-8949CriAug 19, 2016
    risk 0.57cvss 9.8epss 0.04

    Use-after-free vulnerability in the my_login function in DBD::mysql before 4.033_01 allows attackers to have unspecified impact by leveraging a call to mysql_errno after a failure of my_login.

  • CVE-2014-9906CriAug 19, 2016
    risk 0.57cvss 9.8epss 0.06

    Use-after-free vulnerability in DBD::mysql before 4.029 allows attackers to cause a denial of service (program crash) or possibly execute arbitrary code via vectors related to a lost server connection.

  • CVE-2016-5131HigJul 23, 2016
    risk 0.57cvss 8.8epss 0.02

    Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.

  • CVE-2016-5387HigJul 19, 2016
    risk 0.57cvss 8.1epss 0.56

    The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP…

  • CVE-2016-5385HigJul 19, 2016
    risk 0.57cvss 8.1epss 0.50

    PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an…

  • CVE-2016-2831HigJun 13, 2016
    risk 0.57cvss 8.8epss 0.01

    Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 do not ensure that the user approves the fullscreen and pointerlock settings, which allows remote attackers to cause a denial of service (UI outage), or conduct clickjacking or spoofing attacks, via a crafted web site.

  • CVE-2016-2828HigJun 13, 2016
    risk 0.57cvss 8.8epss 0.03

    Use-after-free vulnerability in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via WebGL content that triggers texture access after destruction of the texture's recycle pool.

  • CVE-2016-1703HigJun 5, 2016
    risk 0.57cvss 8.8epss 0.01

    Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.79 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

Page 18 of 151