VYPR

linux

by Debian

Source repositories

CVEs (3,015)

  • CVE-2016-6351MedSep 7, 2016
    risk 0.44cvss 6.7epss 0.00

    The esp_do_dma function in hw/scsi/esp.c in QEMU (aka Quick Emulator), when built with ESP/NCR53C9x controller emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or execute arbitrary code on the QEMU…

  • CVE-2014-9904HigJun 27, 2016
    risk 0.44cvss 7.8epss 0.00

    The snd_compress_check_input function in sound/core/compress_offload.c in the ALSA subsystem in the Linux kernel before 3.17 does not properly check for an integer overflow, which allows local users to cause a denial of service (insufficient memory allocation) or possibly have…

  • CVE-2016-4439MedMay 20, 2016
    risk 0.44cvss 6.7epss 0.00

    The esp_reg_write function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check command buffer length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or potentially…

  • CVE-2016-1840HigMay 20, 2016
    risk 0.44cvss 7.8epss 0.03

    Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory…

  • CVE-2016-1834HigMay 20, 2016
    risk 0.44cvss 7.8epss 0.05

    Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption)…

  • CVE-2015-8325HigMay 1, 2016
    risk 0.44cvss 7.8epss 0.01

    The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the…

  • CVE-2016-2143HigApr 27, 2016
    risk 0.44cvss 7.8epss 0.01

    The fork implementation in the Linux kernel before 4.5 on s390 platforms mishandles the case of four page-table levels, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted application, related to…

  • CVE-2016-0774MedApr 27, 2016
    risk 0.44cvss 6.8epss 0.00

    The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in a certain Linux kernel backport in the linux package before 3.2.73-2+deb7u3 on Debian wheezy and the kernel package before 3.10.0-229.26.2 on Red Hat Enterprise Linux (RHEL) 7.1 do not properly consider the…

  • CVE-2016-2774MedMar 9, 2016
    risk 0.44cvss 5.9epss 0.74

    ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service (INSIST assertion failure or request-processing outage) by establishing many sessions.

  • CVE-2016-2270MedFeb 19, 2016
    risk 0.44cvss 6.8epss 0.01

    Xen 4.6.x and earlier allows local guest administrators to cause a denial of service (host reboot) via vectors related to multiple mappings of MMIO pages with different cachability settings.

  • CVE-2014-8369HigNov 10, 2014
    risk 0.44cvss 7.8epss 0.01

    The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.17.2 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to cause a denial of service (host OS page unpinning) or possibly have unspecified…

  • CVE-2020-8285HigDec 14, 2020
    risk 0.43cvss 7.5epss 0.10

    curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.

  • CVE-2016-10708HigJan 21, 2018
    risk 0.43cvss 7.5epss 0.16

    sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c.

  • CVE-2017-1000385MedDec 12, 2017
    risk 0.43cvss 5.9epss 0.22

    The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS #1 1.5 padding. This allows an attacker to decrypt content or sign messages with the server's private key (this is a variation of the Bleichenbacher attack).

  • CVE-2017-15099MedNov 22, 2017
    risk 0.43cvss 6.5epss 0.06

    INSERT ... ON CONFLICT DO UPDATE commands in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, and 9.5.x before 9.5.10 disclose table contents that the invoker lacks privilege to read. These exploits affect only tables where the attacker lacks full read access but has both INSERT…

  • CVE-2017-16541MedNov 4, 2017
    risk 0.43cvss 6.5epss 0.04

    Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to bypass the intended anonymity feature and discover a client IP address via vectors involving a crafted web site that leverages file:// mishandling in Firefox, aka TorMoil. NOTE: Tails is unaffected.

  • CVE-2017-16533MedNov 4, 2017
    risk 0.43cvss 6.6epss 0.00

    The usbhid_parse function in drivers/hid/usbhid/hid-core.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.

  • CVE-2017-16532MedNov 4, 2017
    risk 0.43cvss 6.6epss 0.00

    The get_endpoints function in drivers/usb/misc/usbtest.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.

  • CVE-2017-16529MedNov 4, 2017
    risk 0.43cvss 6.6epss 0.00

    The snd_usb_create_streams function in sound/usb/card.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.

  • CVE-2017-16527MedNov 4, 2017
    risk 0.43cvss 6.6epss 0.00

    sound/usb/mixer.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (snd_usb_mixer_interrupt use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device.

Page 51 of 151