VYPR

Fedora

by Fedoraproject

CVEs (790)

  • CVE-2014-4978MedDec 29, 2017
    risk 0.29cvss 5.5epss 0.00

    The rs_filter_graph function in librawstudio/rs-filter.c in rawstudio might allow local users to truncate arbitrary files via a symlink attack on (1) /tmp/rs-filter-graph.png or (2) /tmp/rs-filter-graph.

  • CVE-2014-9637MedAug 25, 2017
    risk 0.29cvss 5.5epss 0.02

    GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service (memory consumption and segmentation fault) via a crafted diff file.

  • CVE-2015-5221MedJul 25, 2017
    risk 0.29cvss 5.5epss 0.02

    Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.

  • CVE-2015-4645MedMar 17, 2017
    risk 0.29cvss 5.5epss 0.03

    Integer overflow in the read_fragment_table_4 function in unsquash-4.c in Squashfs and sasquatch allows remote attackers to cause a denial of service (application crash) via a crafted input, which triggers a stack-based buffer overflow.

  • CVE-2015-3192MedJul 12, 2016
    risk 0.29cvss 5.5epss 0.03

    Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service (memory consumption and out-of-memory errors) via a crafted XML file.

  • CVE-2012-1146MedMay 17, 2012
    risk 0.29cvss 5.5epss 0.01

    The mem_cgroup_usage_unregister_event function in mm/memcontrol.c in the Linux kernel before 3.2.10 does not properly handle multiple events that are attached to the same eventfd, which allows local users to cause a denial of service (NULL pointer dereference and system crash)…

  • CVE-2019-16910MedSep 26, 2019
    risk 0.28cvss 5.3epss 0.02

    Arm Mbed TLS before 2.19.0 and Arm Mbed Crypto before 2.0.0, when deterministic ECDSA is enabled, use an RNG with insufficient entropy for blinding, which might allow an attacker to recover a private key via side-channel attacks if a victim signs the same message many times.…

  • CVE-2019-13117MedJul 1, 2019
    risk 0.28cvss 5.3epss 0.06

    In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character.

  • CVE-2016-2045MedFeb 20, 2016
    risk 0.28cvss 5.4epss 0.02

    Cross-site scripting (XSS) vulnerability in the SQL editor in phpMyAdmin 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a SQL query that triggers JSON data in a response.

  • CVE-2016-2044MedFeb 20, 2016
    risk 0.28cvss 5.3epss 0.02

    libraries/sql-parser/autoload.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message.

  • CVE-2016-2043MedFeb 20, 2016
    risk 0.28cvss 5.4epss 0.01

    Cross-site scripting (XSS) vulnerability in the goToFinish1NF function in js/normalization.js in phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a table name to the normalization page.

  • CVE-2016-2042MedFeb 20, 2016
    risk 0.28cvss 5.3epss 0.02

    phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request to (1) libraries/phpseclib/Crypt/AES.php or (2) libraries/phpseclib/Crypt/Rijndael.php, which reveals the full path in an error message.

  • CVE-2016-2040MedFeb 20, 2016
    risk 0.28cvss 5.4epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allow remote authenticated users to inject arbitrary web script or HTML via a (1) table name, (2) SET value, (3) search query, or (4) hostname…

  • CVE-2016-2039MedFeb 20, 2016
    risk 0.28cvss 5.3epss 0.02

    libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by predicting a value.

  • CVE-2016-2038MedFeb 20, 2016
    risk 0.28cvss 5.3epss 0.03

    phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message.

  • CVE-2016-1494MedJan 13, 2016
    risk 0.28cvss 5.3epss 0.07

    The verify function in the RSA package for Python (Python-RSA) before 3.3 allows attackers to spoof signatures with a small public exponent via crafted signature padding, aka a BERserk attack.

  • CVE-2021-22925MedAug 5, 2021
    risk 0.27cvss 5.3epss 0.05

    curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending `NEW_ENV` variables, libcurlcould be made to pass on uninitialized…

  • CVE-2015-1839MedApr 13, 2017
    risk 0.27cvss 5.3epss 0.00

    modules/chef.py in SaltStack before 2014.7.4 does not properly handle files in /tmp.

  • CVE-2015-1838MedApr 13, 2017
    risk 0.27cvss 5.3epss 0.00

    modules/serverdensity_device.py in SaltStack before 2014.7.4 does not properly handle files in /tmp.

  • CVE-2016-3159LowApr 13, 2016
    risk 0.25cvss 3.8epss 0.00

    The fpu_fxrstor function in arch/x86/i387.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending…

Page 20 of 40