VYPR

linux

by Debian

Source repositories

CVEs (3,015)

  • CVE-2017-14928MedSep 30, 2017
    risk 0.36cvss 5.5epss 0.01

    In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Configuration::Configuration in Annot.cc via a crafted PDF document.

  • CVE-2017-14926MedSep 30, 2017
    risk 0.36cvss 5.5epss 0.01

    In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Content::Content in Annot.cc via a crafted PDF document.

  • CVE-2017-14864MedSep 29, 2017
    risk 0.36cvss 5.5epss 0.01

    An Invalid memory address dereference was discovered in Exiv2::getULong in types.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.

  • CVE-2017-14862MedSep 29, 2017
    risk 0.36cvss 5.5epss 0.01

    An Invalid memory address dereference was discovered in Exiv2::DataValue::read in value.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.

  • CVE-2017-14859MedSep 29, 2017
    risk 0.36cvss 5.5epss 0.01

    An Invalid memory address dereference was discovered in Exiv2::StringValueBase::read in value.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.

  • CVE-2017-14737MedSep 26, 2017
    risk 0.36cvss 5.5epss 0.00

    A cryptographic cache-based side channel in the RSA implementation in Botan before 1.10.17, and 1.11.x and 2.x before 2.3.0, allows a local attacker to recover information about RSA secret keys, as demonstrated by CacheD. This occurs because an array is indexed with bits derived…

  • CVE-2017-14121MedSep 3, 2017
    risk 0.36cvss 5.5epss 0.01

    The DecodeNumber function in unrarlib.c in unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a NULL pointer dereference flaw triggered by a crafted RAR archive. NOTE: this may be the same as one of the several test cases in the CVE-2017-11189 references.

  • CVE-2017-13672MedSep 1, 2017
    risk 0.36cvss 5.5epss 0.01

    QEMU (aka Quick Emulator), when built with the VGA display emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors involving display update.

  • CVE-2017-13760MedAug 29, 2017
    risk 0.36cvss 5.5epss 0.01

    In The Sleuth Kit (TSK) 4.4.2, fls hangs on a corrupt exfat image in tsk_img_read() in tsk/img/img_io.c in libtskimg.a.

  • CVE-2017-13756MedAug 29, 2017
    risk 0.36cvss 5.5epss 0.01

    In The Sleuth Kit (TSK) 4.4.2, opening a crafted disk image triggers infinite recursion in dos_load_ext_table() in tsk/vs/dos.c in libtskvs.a, as demonstrated by mmls.

  • CVE-2017-13755MedAug 29, 2017
    risk 0.36cvss 5.5epss 0.01

    In The Sleuth Kit (TSK) 4.4.2, opening a crafted ISO 9660 image triggers an out-of-bounds read in iso9660_proc_dir() in tsk/fs/iso9660_dent.c in libtskfs.a, as demonstrated by fls.

  • CVE-2017-3735MedAug 28, 2017
    risk 0.36cvss 5.3epss 0.18

    While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and…

  • CVE-2017-10806MedAug 2, 2017
    risk 0.36cvss 5.5epss 0.00

    Stack-based buffer overflow in hw/usb/redirect.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (QEMU process crash) via vectors related to logging debug messages.

  • CVE-2017-11733MedJul 29, 2017
    risk 0.36cvss 5.5epss 0.01

    A null pointer dereference vulnerability was found in the function stackswap (called from decompileSTACKSWAP) in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file.

  • CVE-2017-11732MedJul 29, 2017
    risk 0.36cvss 5.5epss 0.01

    A heap-based buffer overflow vulnerability was found in the function dcputs (called from decompileIMPLEMENTS) in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file.

  • CVE-2017-11434MedJul 25, 2017
    risk 0.36cvss 5.5epss 0.00

    The dhcp_decode function in slirp/bootp.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) via a crafted DHCP options string.

  • CVE-2017-9929MedJun 26, 2017
    risk 0.36cvss 5.5epss 0.01

    In lrzip 0.631, a stack buffer overflow was found in the function get_fileinfo in lrzip.c:1074, which allows attackers to cause a denial of service via a crafted file.

  • CVE-2017-9928MedJun 26, 2017
    risk 0.36cvss 5.5epss 0.01

    In lrzip 0.631, a stack buffer overflow was found in the function get_fileinfo in lrzip.c:979, which allows attackers to cause a denial of service via a crafted file.

  • CVE-2017-9868MedJun 25, 2017
    risk 0.36cvss 5.5epss 0.00

    In Mosquitto through 1.4.12, mosquitto.db (aka the persistence file) is world readable, which allows local users to obtain sensitive MQTT topic information.

  • CVE-2017-9865MedJun 25, 2017
    risk 0.36cvss 5.5epss 0.02

    The function GfxImageColorMap::getGray in GfxState.cc in Poppler 0.54.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted PDF document, related to missing color-map validation in ImageOutputDev.cc.

Page 77 of 151