VYPR

linux

by Debian

Source repositories

CVEs (3,015)

  • CVE-2008-0226Jan 10, 2008
    risk 0.10cvss epss 0.92

    Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) "input_buffer& operator>>" in yassl_imp.cpp.

  • CVE-2006-3918Jul 28, 2006
    risk 0.10cvss epss 0.94

    http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which…

  • CVE-2015-1592Feb 19, 2015
    risk 0.09cvss epss 0.75

    Movable Type Pro, Open Source, and Advanced before 5.2.12 and Pro and Advanced 6.0.x before 6.0.7 does not properly use the Perl Storable::thaw function, which allows remote attackers to include and execute arbitrary local Perl files and possibly execute arbitrary code via…

  • CVE-2011-3389Sep 6, 2011
    risk 0.09cvss epss 0.73

    The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to…

  • CVE-2011-0762Mar 2, 2011
    risk 0.09cvss epss 0.73

    The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service (CPU consumption and process slot exhaustion) via crafted glob expressions in STAT commands in multiple FTP sessions, a different vulnerability…

  • CVE-2010-2063Jun 17, 2010
    risk 0.09cvss epss 0.79

    Buffer overflow in the SMB1 packet chaining implementation in the chain_reply function in process.c in smbd in Samba 3.0.x before 3.3.13 allows remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a crafted…

  • CVE-2009-4484Dec 30, 2009
    risk 0.09cvss epss 0.70

    Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9, as used in mysqld in MySQL 5.0.x before 5.0.90, MySQL 5.1.x before 5.1.43, MySQL 5.5.x through 5.5.0-m2, and other products, allow remote attackers to…

  • CVE-2008-1105May 29, 2008
    risk 0.09cvss epss 0.69

    Heap-based buffer overflow in the receive_smb_raw function in util/sock.c in Samba 3.0.0 through 3.0.29 allows remote attackers to execute arbitrary code via a crafted SMB response.

  • CVE-2007-5365Oct 11, 2007
    risk 0.09cvss epss 0.80

    Stack-based buffer overflow in the cons_options function in options.c in dhcpd in OpenBSD 4.0 through 4.2, and some other dhcpd implementations based on ISC dhcp-2, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a DHCP request…

  • CVE-2005-1921Jul 5, 2005
    risk 0.09cvss epss 0.79

    Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6) TikiWiki, (7)…

  • CVE-2001-0925Mar 12, 2001
    risk 0.09cvss epss 0.75

    The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2)…

  • CVE-2013-4074Jun 9, 2013
    risk 0.08cvss epss 0.61

    The dissect_capwap_data function in epan/dissectors/packet-capwap.c in the CAPWAP dissector in Wireshark 1.6.x before 1.6.16 and 1.8.x before 1.8.8 incorrectly uses a -1 data value to represent an error condition, which allows remote attackers to cause a denial of service…

  • CVE-2009-2629Sep 15, 2009
    risk 0.08cvss epss 0.67

    Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests.

  • CVE-2004-0964Feb 9, 2005
    risk 0.08cvss epss 0.63

    Buffer overflow in Zinf 2.2.1 on Windows, and other older versions for Linux, allows remote attackers or local users to execute arbitrary code via certain values in a .pls file.

  • CVE-2011-0997Apr 8, 2011
    risk 0.07cvss epss 0.84

    dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is…

  • CVE-2004-0594Jul 27, 2004
    risk 0.07cvss epss 0.55

    The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, under certain conditions such as when register_globals is enabled, allows remote attackers to execute arbitrary code by triggering a memory_limit abort during execution of the zend_hash_init function…

  • CVE-2001-0136Mar 12, 2001
    risk 0.07cvss epss 0.45

    Memory leak in ProFTPd 1.2.0rc2 allows remote attackers to cause a denial of service via a series of USER commands, and possibly SIZE commands if the server has been improperly installed.

  • CVE-1999-0046Feb 6, 1997
    risk 0.07cvss epss 0.53

    Buffer overflow of rlogin program using TERM environmental variable.

  • CVE-2014-8601Dec 10, 2014
    risk 0.06cvss epss 0.74

    PowerDNS Recursor before 3.6.2 does not limit delegation chaining, which allows remote attackers to cause a denial of service ("performance degradations") via a large or infinite number of referrals, as demonstrated by resolving domains hosted by ezdns.it.

  • CVE-2001-0554Aug 14, 2001
    risk 0.06cvss epss 0.38

    Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function.

Page 94 of 151