VYPR

Ubuntu Linux

by Canonical

CVEs (1,886)

  • CVE-2016-2821HigJun 13, 2016
    risk 0.49cvss 7.5epss 0.03

    Use-after-free vulnerability in the mozilla::dom::Element class in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2, when contenteditable mode is enabled, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by…

  • CVE-2016-1691HigJun 5, 2016
    risk 0.49cvss 7.5epss 0.01

    Skia, as used in Google Chrome before 51.0.2704.63, mishandles coincidence runs, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted curves, related to SkOpCoincidence.cpp and…

  • CVE-2016-1683HigJun 5, 2016
    risk 0.49cvss 7.5epss 0.02

    numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles namespace nodes, which allows remote attackers to cause a denial of service (out-of-bounds heap memory access) or possibly have unspecified other impact via a crafted document.

  • CVE-2016-3075HigJun 1, 2016
    risk 0.49cvss 7.5epss 0.07

    Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Library (aka glibc) before 2.24 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a long name.

  • CVE-2016-4580HigMay 23, 2016
    risk 0.49cvss 7.5epss 0.04

    The x25_negotiate_facilities function in net/x25/x25_facilities.c in the Linux kernel before 4.5.5 does not properly initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory via an X.25 Call Request.

  • CVE-2016-4558HigMay 23, 2016
    risk 0.49cvss 7.0epss 0.01

    The BPF subsystem in the Linux kernel before 4.5.5 mishandles reference counts, which allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted application on (1) a system with more than 32 Gb of memory, related to…

  • CVE-2016-4485HigMay 23, 2016
    risk 0.49cvss 7.5epss 0.05

    The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory by reading a message.

  • CVE-2015-8867HigMay 22, 2016
    risk 0.49cvss 7.5epss 0.04

    The openssl_random_pseudo_bytes function in ext/openssl/openssl.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 incorrectly relies on the deprecated RAND_pseudo_bytes function, which makes it easier for remote attackers to defeat cryptographic protection…

  • CVE-2016-3705HigMay 17, 2016
    risk 0.49cvss 7.5epss 0.05

    The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a crafted…

  • CVE-2016-3627HigMay 17, 2016
    risk 0.49cvss 7.5epss 0.07

    The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document.

  • CVE-2016-4476HigMay 9, 2016
    risk 0.49cvss 7.5epss 0.03

    hostapd 0.6.7 through 2.5 and wpa_supplicant 0.6.7 through 2.5 do not reject \n and \r characters in passphrase parameters, which allows remote attackers to cause a denial of service (daemon outage) via a crafted WPS operation.

  • CVE-2015-8806HigApr 13, 2016
    risk 0.49cvss 7.5epss 0.05

    dict.c in libxml2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via an unexpected character immediately after the "<!DOCTYPE html" substring in a crafted HTML document.

  • CVE-2015-3146HigApr 13, 2016
    risk 0.49cvss 7.5epss 0.04

    The (1) SSH_MSG_NEWKEYS and (2) SSH_MSG_KEXDH_REPLY packet handlers in package_cb.c in libssh before 0.6.5 do not properly validate state, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted SSH packet.

  • CVE-2016-2381HigApr 8, 2016
    risk 0.49cvss 7.5epss 0.09

    Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.

  • CVE-2016-1285MedMar 9, 2016
    risk 0.49cvss 6.8epss 0.59

    named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fetch reply messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed packet to the rndc (aka…

  • CVE-2016-0773HigFeb 17, 2016
    risk 0.49cvss 7.5epss 0.07

    PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 allows remote attackers to cause a denial of service (infinite loop or buffer overflow and crash) via a large Unicode character range in a regular expression.

  • CVE-2015-8467HigDec 29, 2015
    risk 0.49cvss 7.5epss 0.03

    The samldb_check_user_account_control_acl function in dsdb/samdb/ldb_modules/samldb.c in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not properly check for administrative privileges during creation of machine accounts, which allows remote…

  • CVE-2015-7540HigDec 29, 2015
    risk 0.49cvss 7.5epss 0.07

    The LDAP server in the AD domain controller in Samba 4.x before 4.1.22 does not check return values to ensure successful ASN.1 memory allocation, which allows remote attackers to cause a denial of service (memory consumption and daemon crash) via crafted packets.

  • CVE-2015-6855HigNov 6, 2015
    risk 0.49cvss 7.5epss 0.04

    hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command to an empty…

  • CVE-2015-7236HigOct 1, 2015
    risk 0.49cvss 7.5epss 0.06

    Use-after-free vulnerability in xprt_set_caller in rpcb_svc_com.c in rpcbind 0.2.1 and earlier allows remote attackers to cause a denial of service (daemon crash) via crafted packets, involving a PMAP_CALLIT code.

Page 18 of 95