VYPR

Ubuntu Linux

by Canonical

CVEs (1,886)

  • CVE-2015-5345MedFeb 25, 2016
    risk 0.29cvss 5.3epss 0.18

    The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that…

  • CVE-2015-5174MedFeb 25, 2016
    risk 0.29cvss 4.3epss 0.13

    Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a…

  • CVE-2014-8559MedNov 10, 2014
    risk 0.29cvss 5.5epss 0.01

    The d_walk function in fs/dcache.c in the Linux kernel through 3.17.2 does not properly maintain the semantics of rename_lock, which allows local users to cause a denial of service (deadlock and system hang) via a crafted application.

  • CVE-2014-3690MedNov 10, 2014
    risk 0.29cvss 5.5epss 0.01

    arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.17.2 on Intel processors does not ensure that the value in the CR4 control register remains the same after a VM entry, which allows host OS users to kill arbitrary processes or cause a denial of service (system…

  • CVE-2014-3647MedNov 10, 2014
    risk 0.29cvss 5.5epss 0.01

    arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 does not properly perform RIP changes, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application.

  • CVE-2014-3646MedNov 10, 2014
    risk 0.29cvss 5.5epss 0.00

    arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel through 3.17.2 does not have an exit handler for the INVVPID instruction, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application.

  • CVE-2014-3610MedNov 10, 2014
    risk 0.29cvss 5.5epss 0.01

    The WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3.17.2 does not properly handle the writing of a non-canonical address to a model-specific register, which allows guest OS users to cause a denial of service (host OS crash) by leveraging guest…

  • CVE-2014-7975MedOct 13, 2014
    risk 0.29cvss 5.5epss 0.00

    The do_umount function in fs/namespace.c in the Linux kernel through 3.17 does not require the CAP_SYS_ADMIN capability for do_remount_sb calls that change the root filesystem to read-only, which allows local users to cause a denial of service (loss of writability) by making…

  • CVE-2014-7970MedOct 13, 2014
    risk 0.29cvss 5.5epss 0.01

    The pivot_root implementation in fs/namespace.c in the Linux kernel through 3.17 does not properly interact with certain locations of a chroot directory, which allows local users to cause a denial of service (mount-tree loop) via . (dot) values in both arguments to the…

  • CVE-2012-0879MedMay 17, 2012
    risk 0.29cvss 5.5epss 0.00

    The I/O implementation for block devices in the Linux kernel before 2.6.33 does not properly handle the CLONE_IO feature, which allows local users to cause a denial of service (I/O instability) by starting multiple processes that share an I/O context.

  • CVE-2019-13117MedJul 1, 2019
    risk 0.28cvss 5.3epss 0.06

    In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character.

  • CVE-2016-6794MedAug 10, 2017
    risk 0.28cvss 5.3epss 0.07

    When a SecurityManager is configured, a web application's ability to read system properties should be controlled by the SecurityManager. In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70, 6.0.0 to 6.0.45 the system property replacement…

  • CVE-2016-2832MedJun 13, 2016
    risk 0.28cvss 4.3epss 0.01

    Mozilla Firefox before 47.0 allows remote attackers to discover the list of disabled plugins via a fingerprinting attack involving Cascading Style Sheets (CSS) pseudo-classes.

  • CVE-2016-0706MedFeb 25, 2016
    risk 0.28cvss 4.3epss 0.06

    Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote authenticated users to bypass…

  • CVE-2016-0668MedApr 21, 2016
    risk 0.27cvss 4.1epss 0.01

    Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier and MariaDB 10.0.x before 10.0.24 and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to InnoDB.

  • CVE-2017-9117MedMay 21, 2017
    risk 0.26cvss 4.0epss 0.02

    In LibTIFF 4.0.6 and possibly other versions, the program processes BMP images without verifying that biWidth and biHeight in the bitmap-information header match the actual input, as demonstrated by a heap-based buffer over-read in bmp2tiff. NOTE: mentioning bmp2tiff does not…

  • CVE-2016-2188MedMay 2, 2016
    risk 0.26cvss 4.6epss 0.02

    The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.

  • CVE-2015-8839MedMay 2, 2016
    risk 0.26cvss 5.1epss 0.00

    Multiple race conditions in the ext4 filesystem implementation in the Linux kernel before 4.5 allow local users to cause a denial of service (disk corruption) by writing to a page that is associated with a different user's file after unsynchronized hole punching and page-fault…

  • CVE-2016-2184MedApr 27, 2016
    risk 0.26cvss 4.6epss 0.02

    The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference or double free, and system crash) via a crafted endpoints value…

  • CVE-2016-4486LowMay 23, 2016
    risk 0.25cvss 3.3epss 0.02

    The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message.

Page 36 of 95