VYPR

linux

by Debian

Source repositories

CVEs (3,008)

  • CVE-2017-15924HigOct 27, 2017
    risk 0.51cvss 7.8epss 0.01

    In manager.c in ss-manager in shadowsocks-libev 3.1.0, improper parsing allows command injection via shell metacharacters in a JSON configuration request received via 127.0.0.1 UDP traffic, related to the add_server, build_config, and construct_command_line functions.

  • CVE-2013-6049HigOct 20, 2017
    risk 0.51cvss 7.8epss 0.00

    apt-listbugs before 0.1.10 creates temporary files insecurely, which allows attackers to have unspecified impact via unknown vectors.

  • CVE-2017-13723HigOct 10, 2017
    risk 0.51cvss 7.8epss 0.00

    In X.Org Server (aka xserver and xorg-server) before 1.19.4, a local attacker authenticated to the X server could overflow a global buffer, causing crashes of the X server or potentially other problems by injecting large or malformed XKB related atoms and accessing them via…

  • CVE-2017-1000111HigOct 5, 2017
    risk 0.51cvss 7.8epss 0.00

    Linux kernel: heap out-of-bounds in AF_PACKET sockets. This new issue is analogous to previously disclosed CVE-2016-8655. In both cases, a socket option that changes socket state may race with safety checks in packet_set_ring. Previously with PACKET_VERSION. This time with…

  • CVE-2017-14497HigSep 15, 2017
    risk 0.51cvss 7.8epss 0.01

    The tpacket_rcv function in net/packet/af_packet.c in the Linux kernel before 4.13 mishandles vnet headers, which might allow local users to cause a denial of service (buffer overflow, and disk and memory corruption) or possibly have unspecified other impact via crafted system…

  • CVE-2017-2870HigSep 5, 2017
    risk 0.51cvss 7.8epss 0.03

    An exploitable integer overflow vulnerability exists in the tiff_image_parse functionality of Gdk-Pixbuf 2.36.6 when compiled with Clang. A specially crafted tiff file can cause a heap-overflow resulting in remote code execution. An attacker can send a file or a URL to trigger…

  • CVE-2017-2862HigSep 5, 2017
    risk 0.51cvss 7.8epss 0.05

    An exploitable heap overflow vulnerability exists in the gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf 2.36.6. A specially crafted jpeg file can cause a heap overflow resulting in remote code execution. An attacker can send a file or url to trigger this…

  • CVE-2017-12136HigAug 24, 2017
    risk 0.51cvss 7.8epss 0.00

    Race condition in the grant table code in Xen 4.6.x through 4.9.x allows local guest OS administrators to cause a denial of service (free list corruption and host crash) or gain privileges on the host via vectors involving maptrack free list handling.

  • CVE-2017-11714HigJul 28, 2017
    risk 0.51cvss 7.8epss 0.02

    psi/ztoken.c in Artifex Ghostscript 9.21 mishandles references to the scanner state structure, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PostScript document, related to an out-of-bounds…

  • CVE-2017-9835HigJul 26, 2017
    risk 0.51cvss 7.8epss 0.03

    The gs_alloc_ref_array function in psi/ialloc.c in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document. This is related to a…

  • CVE-2017-9739HigJul 26, 2017
    risk 0.51cvss 7.8epss 0.03

    The Ins_JMPR function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document.

  • CVE-2017-9727HigJul 26, 2017
    risk 0.51cvss 7.8epss 0.03

    The gx_ttfReader__Read function in base/gxttfb.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document.

  • CVE-2017-9726HigJul 26, 2017
    risk 0.51cvss 7.8epss 0.03

    The Ins_MDRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document.

  • CVE-2017-9612HigJul 26, 2017
    risk 0.51cvss 7.8epss 0.02

    The Ins_IP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via a crafted document.

  • CVE-2017-9611HigJul 26, 2017
    risk 0.51cvss 7.8epss 0.02

    The Ins_MIRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document.

  • CVE-2017-7980HigJul 25, 2017
    risk 0.51cvss 7.8epss 0.01

    Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2.8 and earlier allows local guest OS users to execute arbitrary code or cause a denial of service (crash) via vectors related to a VNC client updating its display after a VGA operation.

  • CVE-2017-1000363HigJul 17, 2017
    risk 0.51cvss 7.8epss 0.01

    Linux drivers/char/lp.c Out-of-Bounds Write. Due to a missing bounds check, and the fact that parport_ptr integer is static, a 'secure boot' kernel command line adversary (can happen due to bootloader vulns, e.g. Google Nexus 6's CVE-2016-10277, where due to a vulnerability the…

  • CVE-2017-9994HigJun 28, 2017
    risk 0.51cvss 7.8epss 0.02

    libavcodec/webp.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 does not ensure that pix_fmt is set, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or…

  • CVE-2017-9776HigJun 22, 2017
    risk 0.51cvss 7.8epss 0.02

    Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document.

  • CVE-2017-9780HigJun 21, 2017
    risk 0.51cvss 7.8epss 0.00

    In Flatpak before 0.8.7, a third-party app repository could include malicious apps that contain files with inappropriate permissions, for example setuid or world-writable. The files are deployed with those permissions, which would let a local attacker run the setuid executable…

Page 30 of 151