VYPR

linux

by Debian

Source repositories

CVEs (3,015)

  • CVE-2026-3497HigMar 12, 2026
    risk 0.49cvss 7.5epss 0.02

    Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions and does not affect the OpenSSH upstream project itself. The usage of sshpkt_disconnect() on an error, which does…

  • CVE-2025-26465MedFeb 18, 2025
    risk 0.49cvss 6.8epss 0.07

    A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when…

  • CVE-2023-5363HigOct 25, 2023
    risk 0.49cvss 7.5epss 0.03

    Issue summary: A bug has been identified in the processing of key and initialisation vector (IV) lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in non-uniqueness,…

  • CVE-2022-27775HigJun 2, 2022
    risk 0.49cvss 7.5epss 0.03

    An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead.

  • CVE-2022-21476HigApr 19, 2022
    risk 0.49cvss 7.5epss 0.04

    Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2.…

  • CVE-2022-24763HigMar 30, 2022
    risk 0.49cvss 7.5epss 0.02

    PJSIP is a free and open source multimedia communication library written in the C language. Versions 2.12 and prior contain a denial-of-service vulnerability that affects PJSIP users that consume PJSIP's XML parsing in their apps. Users are advised to update. There are no known…

  • CVE-2020-27153HigOct 15, 2020
    risk 0.49cvss 8.6epss 0.04

    In BlueZ before 5.55, a double free was found in the gatttool disconnect_cb() routine from shared/att.c. A remote attacker could potentially cause a denial of service or code execution, during service discovery, due to a redundant disconnect MGMT event.

  • CVE-2020-11022MedApr 29, 2020
    risk 0.49cvss 6.9epss 0.99

    In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

  • CVE-2007-5743HigNov 7, 2019
    risk 0.49cvss 7.5epss 0.01

    viewvc 1.0.3 allows improper access control to files in a repository when using the "forbidden" configuration option.

  • CVE-2018-17958HigOct 9, 2018
    risk 0.49cvss 7.5epss 0.06

    Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used.

  • CVE-2018-9989HigApr 10, 2018
    risk 0.49cvss 7.5epss 0.02

    ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_psk_hint() that could cause a crash on invalid input.

  • CVE-2018-9988HigApr 10, 2018
    risk 0.49cvss 7.5epss 0.02

    ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_key_exchange() that could cause a crash on invalid input.

  • CVE-2017-17997HigDec 30, 2017
    risk 0.49cvss 7.5epss 0.02

    In Wireshark before 2.2.12, the MRDISC dissector misuses a NULL pointer and crashes. This was addressed in epan/dissectors/packet-mrdisc.c by validating an IPv4 address. This vulnerability is similar to CVE-2017-9343.

  • CVE-2017-17935HigDec 27, 2017
    risk 0.49cvss 7.5epss 0.03

    The File_read_line function in epan/wslua/wslua_file.c in Wireshark through 2.2.11 does not properly strip '\n' characters, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet that triggers the attempted…

  • CVE-2017-17848HigDec 27, 2017
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in Enigmail before 1.9.9. In a variant of CVE-2017-17847, signature spoofing is possible for multipart/related messages because a signed message part can be referenced with a cid: URI but not actually displayed. In other words, the entire containing…

  • CVE-2017-17847HigDec 27, 2017
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in Enigmail before 1.9.9. Signature spoofing is possible because the UI does not properly distinguish between an attachment signature, and a signature that applies to the entire containing message, aka TBE-01-021. This is demonstrated by an e-mail message…

  • CVE-2017-17846HigDec 27, 2017
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in Enigmail before 1.9.9. Regular expressions are exploitable for Denial of Service, because of attempts to match arbitrarily long strings, aka TBE-01-003.

  • CVE-2017-17783HigDec 20, 2017
    risk 0.49cvss 7.5epss 0.02

    In GraphicsMagick 1.3.27a, there is a buffer over-read in ReadPALMImage in coders/palm.c when QuantumDepth is 8.

  • CVE-2017-1000410HigDec 7, 2017
    risk 0.49cvss 7.5epss 0.04

    The Linux kernel version 3.3-rc1 and later is affected by a vulnerability lies in the processing of incoming L2CAP commands - ConfigRequest, and ConfigResponse messages. This info leak is a result of uninitialized stack variables that may be returned to an attacker in their…

  • CVE-2017-17439HigDec 6, 2017
    risk 0.49cvss 7.5epss 0.03

    In Heimdal through 7.4, remote unauthenticated attackers are able to crash the KDC by sending a crafted UDP packet containing empty data fields for client name or realm. The parser would unconditionally dereference NULL pointers in that case, leading to a segmentation fault.…

Page 36 of 151