VYPR

linux

by Debian

Source repositories

CVEs (3,015)

  • CVE-2017-1000363HigJul 17, 2017
    risk 0.51cvss 7.8epss 0.01

    Linux drivers/char/lp.c Out-of-Bounds Write. Due to a missing bounds check, and the fact that parport_ptr integer is static, a 'secure boot' kernel command line adversary (can happen due to bootloader vulns, e.g. Google Nexus 6's CVE-2016-10277, where due to a vulnerability the…

  • CVE-2017-9994HigJun 28, 2017
    risk 0.51cvss 7.8epss 0.02

    libavcodec/webp.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 does not ensure that pix_fmt is set, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or…

  • CVE-2017-9776HigJun 22, 2017
    risk 0.51cvss 7.8epss 0.02

    Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document.

  • CVE-2017-9780HigJun 21, 2017
    risk 0.51cvss 7.8epss 0.00

    In Flatpak before 0.8.7, a third-party app repository could include malicious apps that contain files with inappropriate permissions, for example setuid or world-writable. The files are deployed with those permissions, which would let a local attacker run the setuid executable…

  • CVE-2017-4966HigJun 13, 2017
    risk 0.51cvss 7.8epss 0.00

    An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. RabbitMQ management…

  • CVE-2017-9527HigJun 11, 2017
    risk 0.51cvss 7.8epss 0.01

    The mark_context_stack function in gc.c in mruby through 1.2.0 allows attackers to cause a denial of service (heap-based use-after-free and application crash) or possibly have unspecified other impact via a crafted .rb file.

  • CVE-2017-9076HigMay 19, 2017
    risk 0.51cvss 7.8epss 0.00

    The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890.

  • CVE-2017-9075HigMay 19, 2017
    risk 0.51cvss 7.8epss 0.00

    The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890.

  • CVE-2017-7493HigMay 17, 2017
    risk 0.51cvss 7.8epss 0.00

    Quick Emulator (Qemu) built with the VirtFS, host directory sharing via Plan 9 File System(9pfs) support, is vulnerable to an improper access control issue. It could occur while accessing virtfs metadata files in mapped-file security mode. A guest user could use this flaw to…

  • CVE-2017-7487HigMay 14, 2017
    risk 0.51cvss 7.8epss 0.00

    The ipxitf_ioctl function in net/ipx/af_ipx.c in the Linux kernel through 4.11.1 mishandles reference counts, which allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a failed SIOCGIFADDR ioctl call for an IPX interface.

  • CVE-2017-8890HigMay 10, 2017
    risk 0.51cvss 7.8epss 0.01

    The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call.

  • CVE-2017-8844HigMay 8, 2017
    risk 0.51cvss 7.8epss 0.02

    The read_1g function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted archive.

  • CVE-2017-5039HigApr 24, 2017
    risk 0.51cvss 7.8epss 0.01

    A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

  • CVE-2017-5037HigApr 24, 2017
    risk 0.51cvss 7.8epss 0.01

    An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer.

  • CVE-2017-5036HigApr 24, 2017
    risk 0.51cvss 7.8epss 0.01

    A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to have an unspecified impact via a crafted PDF file.

  • CVE-2017-8064HigApr 23, 2017
    risk 0.51cvss 7.8epss 0.00

    drivers/media/usb/dvb-usb-v2/dvb_usb_core.c in the Linux kernel 4.9.x and 4.10.x before 4.10.12 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other…

  • CVE-2017-7889HigApr 17, 2017
    risk 0.51cvss 7.8epss 0.00

    The mm subsystem in the Linux kernel through 3.2 does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism, which allows local users to read or write to kernel memory locations in the first megabyte (and bypass slab-allocation access restrictions) via an…

  • CVE-2015-8666HigApr 11, 2017
    risk 0.51cvss 7.9epss 0.00

    Heap-based buffer overflow in QEMU, when built with the Q35-chipset-based PC system emulator.

  • CVE-2017-6964HigMar 28, 2017
    risk 0.51cvss 7.8epss 0.00

    dmcrypt-get-device, as shipped in the eject package of Debian and Ubuntu, does not check the return value of the (1) setuid or (2) setgid function, which might cause dmcrypt-get-device to execute code, which was intended to run as an unprivileged user, as root. This affects…

  • CVE-2017-5510HigMar 24, 2017
    risk 0.51cvss 7.8epss 0.02

    coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted PSD file, which triggers an out-of-bounds write.

Page 31 of 151