VYPR

linux

by Debian

Source repositories

CVEs (3,015)

  • CVE-2022-0204HigMar 10, 2022
    risk 0.50cvss 8.8epss 0.02

    A heap overflow vulnerability was found in bluez in versions prior to 5.63. An attacker with local network access could pass specially crafted files causing an application to halt or crash, leading to a denial of service.

  • CVE-2020-11112HigMar 31, 2020
    risk 0.50cvss 8.8epss 0.04

    FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).

  • CVE-2017-15275HigNov 27, 2017
    risk 0.50cvss 7.5epss 0.21

    Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failure of the server to clear allocated heap memory.

  • CVE-2017-16227HigOct 29, 2017
    risk 0.50cvss 7.5epss 0.19

    The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.2.2 allows remote attackers to cause a denial of service (session drop) via BGP UPDATE messages, because AS_PATH size calculation for long paths counts certain bytes twice and consequently constructs an invalid…

  • CVE-2015-5395HigSep 20, 2017
    risk 0.50cvss 8.8epss 0.01

    Cross-site request forgery (CSRF) vulnerability in SOGo before 3.1.0.

  • CVE-2017-10661HigAug 19, 2017
    risk 0.50cvss 7.0epss 0.13

    Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing.

  • CVE-2015-7704HigAug 7, 2017
    risk 0.50cvss 7.5epss 0.11

    The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages.

  • CVE-2016-8743HigJul 27, 2017
    risk 0.50cvss 7.5epss 0.13

    Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or…

  • CVE-2017-11173HigJul 13, 2017
    risk 0.50cvss 8.8epss 0.02

    Missing anchor in generated regex for rack-cors before 0.4.1 allows a malicious third-party site to perform CORS requests. If the configuration were intended to allow only the trusted example.com domain name and not the malicious example.net domain name, then…

  • CVE-2017-9993HigJun 28, 2017
    risk 0.50cvss 7.5epss 0.16

    FFmpeg before 2.8.12, 3.0.x and 3.1.x before 3.1.9, 3.2.x before 3.2.6, and 3.3.x before 3.3.2 does not properly restrict HTTP Live Streaming filename extensions and demuxer names, which allows attackers to read arbitrary files via crafted playlist data.

  • CVE-2017-9064HigMay 18, 2017
    risk 0.50cvss 8.8epss 0.02

    In WordPress before 4.7.5, a Cross Site Request Forgery (CSRF) vulnerability exists in the filesystem credentials dialog because a nonce is not required for updating credentials.

  • CVE-2017-3309HigApr 24, 2017
    risk 0.50cvss 7.7epss 0.03

    Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network…

  • CVE-2017-3308HigApr 24, 2017
    risk 0.50cvss 7.7epss 0.03

    Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access…

  • CVE-2015-8567HigApr 13, 2017
    risk 0.50cvss 7.7epss 0.06

    Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption).

  • CVE-2016-1516HigApr 10, 2017
    risk 0.50cvss 8.8epss 0.02

    OpenCV 3.0.0 has a double free issue that allows attackers to execute arbitrary code.

  • CVE-2016-5420HigAug 10, 2016
    risk 0.50cvss 7.5epss 0.15

    curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate.

  • CVE-2016-5419HigAug 10, 2016
    risk 0.50cvss 7.5epss 0.15

    curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session.

  • CVE-2016-4463HigJul 8, 2016
    risk 0.50cvss 7.5epss 0.14

    Stack-based buffer overflow in Apache Xerces-C++ before 3.1.4 allows context-dependent attackers to cause a denial of service via a deeply nested DTD.

  • CVE-2016-4447HigJun 9, 2016
    risk 0.50cvss 7.5epss 0.14

    The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName.

  • CVE-2016-4450HigJun 7, 2016
    risk 0.50cvss 7.5epss 0.16

    os/unix/ngx_files.c in nginx before 1.10.1 and 1.11.x before 1.11.1 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a crafted request, involving writing a client request body to a temporary file.

Page 35 of 151