VYPR

Enterprise Linux Server

by Red Hat

CVEs (1,621)

  • CVE-2016-1837MedMay 20, 2016
    risk 0.29cvss 5.5epss 0.04

    Multiple use-after-free vulnerabilities in the (1) htmlPArsePubidLiteral and (2) htmlParseSystemiteral functions in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allow remote attackers to cause a denial…

  • CVE-2016-1836MedMay 20, 2016
    risk 0.29cvss 5.5epss 0.04

    Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service via a crafted XML document.

  • CVE-2016-1833MedMay 20, 2016
    risk 0.29cvss 5.5epss 0.03

    The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.

  • CVE-2014-3690MedNov 10, 2014
    risk 0.29cvss 5.5epss 0.01

    arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.17.2 on Intel processors does not ensure that the value in the CR4 control register remains the same after a VM entry, which allows host OS users to kill arbitrary processes or cause a denial of service (system…

  • CVE-2014-3647MedNov 10, 2014
    risk 0.29cvss 5.5epss 0.01

    arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 does not properly perform RIP changes, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application.

  • CVE-2014-3646MedNov 10, 2014
    risk 0.29cvss 5.5epss 0.00

    arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel through 3.17.2 does not have an exit handler for the INVVPID instruction, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application.

  • CVE-2011-4097MedMay 17, 2012
    risk 0.29cvss 5.5epss 0.00

    Integer overflow in the oom_badness function in mm/oom_kill.c in the Linux kernel before 3.1.8 on 64-bit platforms allows local users to cause a denial of service (memory consumption or process termination) by using a certain large amount of memory.

  • CVE-2011-3637MedMay 17, 2012
    risk 0.29cvss 5.5epss 0.00

    The m_stop function in fs/proc/task_mmu.c in the Linux kernel before 2.6.39 allows local users to cause a denial of service (OOPS) via vectors that trigger an m_start error.

  • CVE-2026-11785MedJun 9, 2026
    risk 0.28cvss 4.3epss 0.00

    A flaw was found in 389 Directory Server. A type confusion in the SSO token extended operation handler causes partial stack address information to be disclosed in LDAP responses to authenticated users.

  • CVE-2026-2272MedMar 26, 2026
    risk 0.28cvss 4.3epss 0.01

    A flaw was found in GIMP. An integer overflow vulnerability exists when processing ICO image files, specifically in the `ico_read_info` and `ico_read_icon` functions. This issue arises because a size calculation for image buffers can wrap around due to a 32-bit integer…

  • CVE-2023-5868MedDec 10, 2023
    risk 0.28cvss 4.3epss 0.03

    A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can…

  • CVE-2023-6121MedNov 16, 2023
    risk 0.28cvss 4.3epss 0.02

    An out-of-bounds read vulnerability was found in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a remote attacker to send a crafted TCP packet, triggering a heap-based buffer overflow that results in kmalloc data being printed and potentially leaked to the…

  • CVE-2017-5118MedOct 27, 2017
    risk 0.28cvss 4.3epss 0.01

    Blink in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, failed to correctly propagate CSP restrictions to javascript scheme pages, which allowed a remote attacker to bypass content security policy via a crafted HTML page.

  • CVE-2017-5109MedOct 27, 2017
    risk 0.28cvss 4.3epss 0.01

    Inappropriate implementation of unload handler handling in permission prompts in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to display UI on a non attacker controlled tab via a crafted HTML page.

  • CVE-2017-5103MedOct 27, 2017
    risk 0.28cvss 4.3epss 0.02

    Use of an uninitialized value in Skia in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

  • CVE-2017-5102MedOct 27, 2017
    risk 0.28cvss 4.3epss 0.02

    Use of an uninitialized value in Skia in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

  • CVE-2017-5083MedOct 27, 2017
    risk 0.28cvss 4.3epss 0.01

    Inappropriate implementation in Blink in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed a remote attacker to display UI on a non attacker controlled tab via a crafted HTML page.

  • CVE-2017-5079MedOct 27, 2017
    risk 0.28cvss 4.3epss 0.01

    Inappropriate implementation in Blink in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed a remote attacker to display UI on a non attacker controlled tab via a crafted HTML page.

  • CVE-2017-5075MedOct 27, 2017
    risk 0.28cvss 4.3epss 0.01

    Inappropriate implementation in CSP reporting in Blink in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to obtain the value of url fragments via a crafted HTML page.

  • CVE-2016-6794MedAug 10, 2017
    risk 0.28cvss 5.3epss 0.07

    When a SecurityManager is configured, a web application's ability to read system properties should be controlled by the SecurityManager. In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70, 6.0.0 to 6.0.45 the system property replacement…

Page 41 of 82