VYPR

linux

by Debian

Source repositories

CVEs (3,015)

  • CVE-2017-4965MedJun 13, 2017
    risk 0.40cvss 6.1epss 0.03

    An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in…

  • CVE-2017-5045MedApr 24, 2017
    risk 0.40cvss 6.1epss 0.01

    XSS Auditor in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed detection of a blocked iframe load, which allowed a remote attacker to brute force JavaScript variables via a crafted HTML page.

  • CVE-2017-5938MedMar 15, 2017
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in the nav_path function in lib/viewvc.py in ViewVC before 1.0.14 and 1.1.x before 1.1.26 allows remote attackers to inject arbitrary web script or HTML via the nav_data name.

  • CVE-2016-9119MedJan 30, 2017
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2016-6316MedSep 7, 2016
    risk 0.40cvss 6.1epss 0.03

    Cross-site scripting (XSS) vulnerability in Action View in Ruby on Rails 3.x before 3.2.22.3, 4.x before 4.2.7.1, and 5.x before 5.0.0.1 might allow remote attackers to inject arbitrary web script or HTML via text declared as "HTML safe" and used as attribute values in tag…

  • CVE-2016-3992MedJul 26, 2016
    risk 0.40cvss 6.2epss 0.00

    cronic before 3 allows local users to write to arbitrary files via a symlink attack on a (1) cronic.out.$$, (2) cronic.err.$$, or (3) cronic.trace.$$ file in /tmp.

  • CVE-2016-1682MedJun 5, 2016
    risk 0.40cvss 6.1epss 0.01

    The ServiceWorkerContainer::registerServiceWorkerImpl function in WebKit/Source/modules/serviceworkers/ServiceWorkerContainer.cpp in Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via…

  • CVE-2016-1236MedMay 11, 2016
    risk 0.40cvss 6.1epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in (1) revision.php, (2) log.php, (3) listing.php, and (4) comp.php in WebSVN allow context-dependent attackers to inject arbitrary web script or HTML via the name of a (a) file or (b) directory in a repository.

  • CVE-2016-4561MedMay 10, 2016
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in the cgierror function in CGI.pm in ikiwiki before 3.20160506 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving an error message.

  • CVE-2016-0640MedApr 21, 2016
    risk 0.40cvss 6.1epss 0.01

    Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect integrity and availability via vectors related to DML.

  • CVE-2016-1652MedApr 18, 2016
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in the ModuleSystem::RequireForJsInner function in extensions/renderer/module_system.cc in the Extensions subsystem in Google Chrome before 50.0.2661.75 allows remote attackers to inject arbitrary web script or HTML via a crafted web…

  • CVE-2016-2511MedApr 7, 2016
    risk 0.40cvss 6.1epss 0.02

    Cross-site scripting (XSS) vulnerability in WebSVN 2.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the path parameter to log.php.

  • CVE-2014-1530MedApr 30, 2014
    risk 0.40cvss 6.1epss 0.02

    The docshell implementation in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to trigger the loading of a URL with a spoofed baseURI property, and conduct cross-site scripting (XSS) attacks,…

  • CVE-2024-26894MedApr 17, 2024
    risk 0.39cvss 6.0epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit() After unregistering the CPU idle device, the memory associated with it is not freed, leading to a memory leak: unreferenced object…

  • CVE-2023-48795MedDec 18, 2023
    risk 0.39cvss 5.9epss 0.93

    The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently…

  • CVE-2021-45105MedDec 18, 2021
    risk 0.39cvss 5.9epss 1.00

    Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is…

  • CVE-2020-1971MedDec 8, 2020
    risk 0.39cvss 5.9epss 0.07

    The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This…

  • CVE-2019-11840MedMay 9, 2019
    risk 0.39cvss 5.9epss 0.03

    An issue was discovered in the supplementary Go cryptography library, golang.org/x/crypto, before v0.0.0-20190320223903-b7391e95e576. A flaw was found in the amd64 implementation of the golang.org/x/crypto/salsa20 and golang.org/x/crypto/salsa20/salsa packages. If more than 256…

  • CVE-2017-3738MedDec 7, 2017
    risk 0.39cvss 5.9epss 0.13

    There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not…

  • CVE-2017-12613HigOct 24, 2017
    risk 0.39cvss 7.1epss 0.02

    When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially revealing the contents of a…

Page 63 of 151