VYPR

Enterprise Linux Server

by Red Hat

CVEs (1,622)

  • CVE-2017-10109MedAug 8, 2017
    risk 0.35cvss 5.3epss 0.03

    Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows…

  • CVE-2017-10108MedAug 8, 2017
    risk 0.35cvss 5.3epss 0.03

    Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows…

  • CVE-2017-10053MedAug 8, 2017
    risk 0.35cvss 5.3epss 0.03

    Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated…

  • CVE-2015-8896MedMar 15, 2017
    risk 0.35cvss 6.5epss 0.03

    Integer truncation issue in coders/pict.c in ImageMagick before 7.0.5-0 allows remote attackers to cause a denial of service (application crash) via a crafted .pict file.

  • CVE-2016-1694MedJun 5, 2016
    risk 0.35cvss 5.3epss 0.01

    browser/browsing_data/browsing_data_remover.cc in Google Chrome before 51.0.2704.63 deletes HPKP pins during cache clearing, which makes it easier for remote attackers to spoof web sites via a valid certificate from an arbitrary recognized Certification Authority.

  • CVE-2016-1693MedJun 5, 2016
    risk 0.35cvss 5.3epss 0.01

    browser/safe_browsing/srt_field_trial_win.cc in Google Chrome before 51.0.2704.63 does not use the HTTPS service on dl.google.com to obtain the Software Removal Tool, which allows remote attackers to spoof the chrome_cleanup_tool.exe (aka CCT) file via a man-in-the-middle attack…

  • CVE-2016-1692MedJun 5, 2016
    risk 0.35cvss 5.3epss 0.01

    WebKit/Source/core/css/StyleSheetContents.cpp in Blink, as used in Google Chrome before 51.0.2704.63, permits cross-origin loading of CSS stylesheets by a ServiceWorker even when the stylesheet download has an incorrect MIME type, which allows remote attackers to bypass the Same…

  • CVE-2015-3412MedMay 16, 2016
    risk 0.35cvss 5.3epss 0.04

    PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read arbitrary files via crafted input to an application that calls the stream_resolve_include_path function in…

  • CVE-2013-0375MedJan 17, 2013
    risk 0.35cvss 5.4epss 0.02

    Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.1.28 and earlier, allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Server Replication.

  • CVE-2011-3363MedMay 24, 2012
    risk 0.35cvss 6.5epss 0.01

    The setup_cifs_sb function in fs/cifs/connect.c in the Linux kernel before 2.6.39 does not properly handle DFS referrals, which allows remote CIFS servers to cause a denial of service (system crash) by placing a referral at the root of a share.

  • CVE-2025-32989MedJul 10, 2025
    risk 0.34cvss 5.3epss 0.01

    A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT…

  • CVE-2023-4693MedOct 25, 2023
    risk 0.34cvss 5.3epss 0.01

    An out-of-bounds read flaw was found on grub2's NTFS filesystem driver. This issue may allow a physically present attacker to present a specially crafted NTFS file system image to read arbitrary memory locations. A successful attack allows sensitive data cached in memory or EFI…

  • CVE-2023-4155MedSep 13, 2023
    risk 0.34cvss 5.3epss 0.00

    A flaw was found in KVM AMD Secure Encrypted Virtualization (SEV) in the Linux kernel. A KVM guest using SEV-ES or SEV-SNP with multiple vCPUs can trigger a double fetch race condition vulnerability and invoke the `VMGEXIT` handler recursively. If an attacker manages to call the…

  • CVE-2017-3636MedAug 8, 2017
    risk 0.34cvss 5.3epss 0.00

    Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.56 and earlier and 5.6.36 and earlier. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where…

  • CVE-2026-6845MedApr 22, 2026
    risk 0.33cvss 5.0epss 0.00

    A flaw was found in binutils, specifically within the `readelf` utility. This vulnerability allows a local attacker to cause a Denial of Service (DoS) by tricking a user into processing a specially crafted Executable and Linkable Format (ELF) file. The exploitation of this flaw…

  • CVE-2026-40917MedApr 15, 2026
    risk 0.33cvss 5.0epss 0.00

    A flaw was found in GIMP. This vulnerability, a heap buffer over-read in the `icns_slurp()` function, occurs when processing specially crafted ICNS image files. An attacker could provide a malicious ICNS file, potentially leading to application crashes or information disclosure…

  • CVE-2026-40916MedApr 15, 2026
    risk 0.33cvss 5.0epss 0.00

    A flaw was found in GIMP. A stack buffer overflow vulnerability in the TIM image loader's 4BPP decoding path allows a local user to cause a Denial of Service (DoS). By opening a specially crafted TIM image file, the application crashes due to an unconditional overflow when…

  • CVE-2026-5704MedApr 6, 2026
    risk 0.33cvss 5.0epss 0.00

    A flaw was found in tar. A remote attacker could exploit this vulnerability by crafting a malicious archive, leading to hidden file injection with fully attacker-controlled content. This bypasses pre-extraction inspection mechanisms, potentially allowing an attacker to introduce…

  • CVE-2026-1940MedMar 23, 2026
    risk 0.33cvss 5.1epss 0.00

    An incomplete fix for CVE-2024-47778 allows an out-of-bounds read in gst_wavparse_adtl_chunk() function. The patch added a size validation check lsize + 8 > size, but it does not account for the GST_ROUND_UP_2(lsize) used in the actual offset calculation. When lsize is an odd…

  • CVE-2023-40551MedJan 29, 2024
    risk 0.33cvss 5.1epss 0.00

    A flaw was found in the MZ binary format in Shim. An out-of-bounds read may occur, leading to a crash or possible exposure of sensitive data during the system's boot phase.

Page 38 of 82