VYPR

linux

by Debian

Source repositories

CVEs (3,015)

  • CVE-2015-7558HigMay 20, 2016
    risk 0.49cvss 7.5epss 0.02

    librsvg before 2.40.12 allows context-dependent attackers to cause a denial of service (infinite loop, stack consumption, and application crash) via cyclic references in an SVG document.

  • CVE-2016-3705HigMay 17, 2016
    risk 0.49cvss 7.5epss 0.05

    The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a crafted…

  • CVE-2016-3627HigMay 17, 2016
    risk 0.49cvss 7.5epss 0.07

    The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document.

  • CVE-2016-3993HigMay 13, 2016
    risk 0.49cvss 7.5epss 0.03

    Off-by-one error in the __imlib_MergeUpdate function in lib/updates.c in imlib2 before 1.4.9 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted coordinates.

  • CVE-2014-9771HigMay 13, 2016
    risk 0.49cvss 7.5epss 0.03

    Integer overflow in imlib2 before 1.4.7 allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted image, which triggers an invalid read operation.

  • CVE-2014-9764HigMay 13, 2016
    risk 0.49cvss 7.5epss 0.03

    imlib2 before 1.4.7 allows remote attackers to cause a denial of service (segmentation fault) via a crafted GIF file.

  • CVE-2014-9763HigMay 13, 2016
    risk 0.49cvss 7.5epss 0.03

    imlib2 before 1.4.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted PNM file.

  • CVE-2014-9762HigMay 13, 2016
    risk 0.49cvss 7.5epss 0.03

    imlib2 before 1.4.7 allows remote attackers to cause a denial of service (segmentation fault) via a GIF image without a colormap.

  • CVE-2011-5326HigMay 13, 2016
    risk 0.49cvss 7.5epss 0.03

    imlib2 before 1.4.9 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) by drawing a 2x1 ellipse.

  • CVE-2016-2849HigMay 13, 2016
    risk 0.49cvss 7.5epss 0.02

    Botan before 1.10.13 and 1.11.x before 1.11.29 do not use a constant-time algorithm to perform a modular inverse on the signature nonce k, which might allow remote attackers to obtain ECDSA secret keys via a timing side-channel attack.

  • CVE-2016-2194HigMay 13, 2016
    risk 0.49cvss 7.5epss 0.03

    The ressol function in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to cause a denial of service (infinite loop) via unspecified input to the OS2ECP function, related to a composite modulus.

  • CVE-2015-7827HigMay 13, 2016
    risk 0.49cvss 7.5epss 0.02

    Botan before 1.10.13 and 1.11.x before 1.11.22 make it easier for remote attackers to conduct million-message attacks by measuring time differences, related to decoding of PKCS#1 padding.

  • CVE-2015-5727HigMay 13, 2016
    risk 0.49cvss 7.5epss 0.01

    The BER decoder in Botan 1.10.x before 1.10.10 and 1.11.x before 1.11.19 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors, related to a length field.

  • CVE-2015-5726HigMay 13, 2016
    risk 0.49cvss 7.5epss 0.01

    The BER decoder in Botan 0.10.x before 1.10.10 and 1.11.x before 1.11.19 allows remote attackers to cause a denial of service (application crash) via an empty BIT STRING in ASN.1 data.

  • CVE-2015-8806HigApr 13, 2016
    risk 0.49cvss 7.5epss 0.05

    dict.c in libxml2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via an unexpected character immediately after the "<!DOCTYPE html" substring in a crafted HTML document.

  • CVE-2015-3146HigApr 13, 2016
    risk 0.49cvss 7.5epss 0.04

    The (1) SSH_MSG_NEWKEYS and (2) SSH_MSG_KEXDH_REPLY packet handlers in package_cb.c in libssh before 0.6.5 do not properly validate state, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted SSH packet.

  • CVE-2015-8080HigApr 13, 2016
    risk 0.49cvss 7.5epss 0.05

    Integer overflow in the getnum function in lua_struct.c in Redis 2.8.x before 2.8.24 and 3.0.x before 3.0.6 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly…

  • CVE-2016-3163HigApr 12, 2016
    risk 0.49cvss 7.5epss 0.01

    The XML-RPC system in Drupal 6.x before 6.38 and 7.x before 7.43 might make it easier for remote attackers to conduct brute-force attacks via a large number of calls made at once to the same method.

  • CVE-2015-8702HigApr 12, 2016
    risk 0.49cvss 8.6epss 0.02

    The DNS::GetResult function in dns.cpp in InspIRCd before 2.0.19 allows remote DNS servers to cause a denial of service (netsplit) via an invalid character in a PTR response, as demonstrated by a "\032" (whitespace) character in a hostname.

  • CVE-2012-6700HigApr 11, 2016
    risk 0.49cvss 7.5epss 0.02

    The decode_search function in dhcp.c in dhcpcd 3.x does not properly free allocated memory, which allows remote DHCP servers to cause a denial of service via a crafted response.

Page 43 of 151