VYPR

Ubuntu Linux

by Canonical

CVEs (1,886)

  • CVE-2017-6056HigFeb 17, 2017
    risk 0.49cvss 7.5epss 0.07

    It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not…

  • CVE-2016-2147HigFeb 9, 2017
    risk 0.49cvss 7.5epss 0.08

    Integer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to cause a denial of service (crash) via a malformed RFC1035-encoded domain name, which triggers an out-of-bounds heap write.

  • CVE-2016-6352HigOct 3, 2016
    risk 0.49cvss 7.5epss 0.04

    The OneLine32 function in io-ico.c in gdk-pixbuf before 2.35.3 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via crafted dimensions in an ICO file.

  • CVE-2016-7162HigSep 26, 2016
    risk 0.49cvss 7.5epss 0.03

    The _g_file_remove_directory function in file-utils.c in File Roller 3.5.4 through 3.20.2 allows remote attackers to delete arbitrary files via a symlink attack on a folder in an archive.

  • CVE-2015-8930HigSep 20, 2016
    risk 0.49cvss 7.5epss 0.04

    bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (infinite loop) via an ISO with a directory that is a member of itself.

  • CVE-2015-8919HigSep 20, 2016
    risk 0.49cvss 7.5epss 0.05

    The lha_read_file_extended_header function in archive_read_support_format_lha.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds heap) via a crafted (1) lzh or (2) lha file.

  • CVE-2015-8917HigSep 20, 2016
    risk 0.49cvss 7.5epss 0.04

    bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an invalid character in the name of a cab file.

  • CVE-2016-6262HigSep 7, 2016
    risk 0.49cvss 7.5epss 0.07

    idn in libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read, a different vulnerability than CVE-2015-8948.

  • CVE-2016-6261HigSep 7, 2016
    risk 0.49cvss 7.5epss 0.04

    The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via 64 bytes of input.

  • CVE-2016-6128HigAug 7, 2016
    risk 0.49cvss 7.5epss 0.07

    The gdImageCropThreshold function in gd_crop.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 7.0.9, allows remote attackers to cause a denial of service (application crash) via an invalid color index.

  • CVE-2016-6232HigAug 2, 2016
    risk 0.49cvss 7.5epss 0.04

    Directory traversal vulnerability in KArchive before 5.24, as used in KDE Frameworks, allows remote attackers to write to arbitrary files via a ../ (dot dot slash) in a filename in an archive file, related to KNewsstuff downloads.

  • CVE-2016-4998HigJul 3, 2016
    risk 0.49cvss 7.1epss 0.02

    The IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel before 4.6 allows local users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from kernel heap memory by leveraging in-container root access…

  • CVE-2015-8899HigJun 30, 2016
    risk 0.49cvss 7.5epss 0.02

    Dnsmasq before 2.76 allows remote servers to cause a denial of service (crash) via a reply with an empty DNS address that has an (1) A or (2) AAAA record defined locally.

  • CVE-2016-5300HigJun 16, 2016
    risk 0.49cvss 7.5epss 0.07

    The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for…

  • CVE-2016-4579HigJun 13, 2016
    risk 0.49cvss 7.5epss 0.03

    Libksba before 1.3.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via unspecified vectors, related to the "returned length of the object from _ksba_ber_parse_tl."

  • CVE-2016-4574HigJun 13, 2016
    risk 0.49cvss 7.5epss 0.03

    Off-by-one error in the append_utf8_value function in the DN decoder (dn.c) in Libksba before 1.3.4 allows remote attackers to cause a denial of service (out-of-bounds read) via invalid utf-8 encoded data. NOTE: this vulnerability exists because of an incomplete fix for…

  • CVE-2016-4356HigJun 13, 2016
    risk 0.49cvss 7.5epss 0.03

    The append_utf8_value function in the DN decoder (dn.c) in Libksba before 1.3.3 allows remote attackers to cause a denial of service (out-of-bounds read) by clearing the high bit of the byte after invalid utf-8 encoded data.

  • CVE-2016-4355HigJun 13, 2016
    risk 0.49cvss 7.5epss 0.02

    Multiple integer overflows in ber-decoder.c in Libksba before 1.3.3 allow remote attackers to cause a denial of service (crash) via crafted BER data, which leads to a buffer overflow.

  • CVE-2016-4354HigJun 13, 2016
    risk 0.49cvss 7.5epss 0.02

    ber-decoder.c in Libksba before 1.3.3 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (crash) via crafted BER data, which leads to a buffer overflow.

  • CVE-2016-4353HigJun 13, 2016
    risk 0.49cvss 7.5epss 0.02

    ber-decoder.c in Libksba before 1.3.3 does not properly handle decoder stack overflows, which allows remote attackers to cause a denial of service (abort) via crafted BER data.

Page 17 of 95