VYPR

linux

by Debian

Source repositories

CVEs (3,015)

  • CVE-2019-13117MedJul 1, 2019
    risk 0.28cvss 5.3epss 0.06

    In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character.

  • CVE-2017-17094MedDec 2, 2017
    risk 0.28cvss 5.4epss 0.02

    wp-includes/feed.php in WordPress before 4.9.1 does not properly restrict enclosures in RSS and Atom fields, which might allow attackers to conduct XSS attacks via a crafted URL.

  • CVE-2017-17093MedDec 2, 2017
    risk 0.28cvss 5.4epss 0.02

    wp-includes/general-template.php in WordPress before 4.9.1 does not properly restrict the lang attribute of an HTML element, which might allow attackers to conduct XSS attacks via the language setting of a site.

  • CVE-2017-17092MedDec 2, 2017
    risk 0.28cvss 5.4epss 0.04

    wp-includes/functions.php in WordPress before 4.9.1 does not require the unfiltered_html capability for upload of .js files, which might allow remote attackers to conduct XSS attacks via a crafted file.

  • CVE-2017-16804MedNov 13, 2017
    risk 0.28cvss 4.3epss 0.02

    In Redmine before 3.2.7 and 3.3.x before 3.3.4, the reminders function in app/models/mailer.rb does not check whether an issue is visible, which allows remote authenticated users to obtain sensitive information by reading e-mail reminder messages.

  • CVE-2017-5119MedOct 27, 2017
    risk 0.28cvss 4.3epss 0.02

    Use of an uninitialized value in Skia in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

  • CVE-2017-5118MedOct 27, 2017
    risk 0.28cvss 4.3epss 0.01

    Blink in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, failed to correctly propagate CSP restrictions to javascript scheme pages, which allowed a remote attacker to bypass content security policy via a crafted HTML page.

  • CVE-2017-5109MedOct 27, 2017
    risk 0.28cvss 4.3epss 0.01

    Inappropriate implementation of unload handler handling in permission prompts in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to display UI on a non attacker controlled tab via a crafted HTML page.

  • CVE-2017-5103MedOct 27, 2017
    risk 0.28cvss 4.3epss 0.02

    Use of an uninitialized value in Skia in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

  • CVE-2017-5102MedOct 27, 2017
    risk 0.28cvss 4.3epss 0.02

    Use of an uninitialized value in Skia in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

  • CVE-2016-6794MedAug 10, 2017
    risk 0.28cvss 5.3epss 0.07

    When a SecurityManager is configured, a web application's ability to read system properties should be controlled by the SecurityManager. In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70, 6.0.0 to 6.0.45 the system property replacement…

  • CVE-2017-3651MedAug 8, 2017
    risk 0.28cvss 4.3epss 0.02

    Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileged attacker with network…

  • CVE-2017-10081MedAug 8, 2017
    risk 0.28cvss 4.3epss 0.02

    Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network…

  • CVE-2017-5046MedApr 24, 2017
    risk 0.28cvss 4.3epss 0.01

    V8 in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android had insufficient policy enforcement, which allowed a remote attacker to spoof the location object via a crafted HTML page, related to Blink information disclosure.

  • CVE-2017-5033MedApr 24, 2017
    risk 0.28cvss 4.3epss 0.01

    Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android failed to correctly propagate CSP restrictions to local scheme pages, which allowed a remote attacker to bypass content security policy via a crafted HTML page, related to the…

  • CVE-2017-3464MedApr 24, 2017
    risk 0.28cvss 4.3epss 0.02

    Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access…

  • CVE-2017-6817MedMar 12, 2017
    risk 0.28cvss 5.4epss 0.02

    In WordPress before 4.7.3 (wp-includes/embed.php), there is authenticated Cross-Site Scripting (XSS) in YouTube URL Embeds.

  • CVE-2017-6814MedMar 12, 2017
    risk 0.28cvss 5.4epss 0.03

    In WordPress before 4.7.3, there is authenticated Cross-Site Scripting (XSS) via Media File Metadata. This is demonstrated by both (1) mishandling of the playlist shortcode in the wp_playlist_shortcode function in wp-includes/media.php and (2) mishandling of meta information in…

  • CVE-2017-5610MedJan 30, 2017
    risk 0.28cvss 5.3epss 0.05

    wp-admin/includes/class-wp-press-this.php in Press This in WordPress before 4.7.2 does not properly restrict visibility of a taxonomy-assignment user interface, which allows remote attackers to bypass intended access restrictions by reading terms.

  • CVE-2016-4428MedJul 12, 2016
    risk 0.28cvss 5.4epss 0.02

    Cross-site scripting (XSS) vulnerability in OpenStack Dashboard (Horizon) 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injecting an AngularJS template in a dashboard form.

Page 90 of 151