VYPR

Ubuntu Linux

by Canonical

CVEs (1,886)

  • CVE-2016-1678HigJun 5, 2016
    risk 0.57cvss 8.8epss 0.02

    objects.cc in Google V8 before 5.0.71.32, as used in Google Chrome before 51.0.2704.63, does not properly restrict lazy deoptimization, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted…

  • CVE-2016-1675HigJun 5, 2016
    risk 0.57cvss 8.8epss 0.02

    Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Same Origin Policy by leveraging the mishandling of Document reattachment during destruction, related to FrameLoader.cpp and LocalFrame.cpp.

  • CVE-2016-1673HigJun 5, 2016
    risk 0.57cvss 8.8epss 0.02

    Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Same Origin Policy via unspecified vectors.

  • CVE-2016-3710HigMay 11, 2016
    risk 0.57cvss 8.8epss 0.01

    The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue.

  • CVE-2016-3718MedKEVMay 5, 2016
    risk 0.57cvss 5.5epss 0.77

    The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.

  • CVE-2016-3715MedKEVMay 5, 2016
    risk 0.57cvss 5.5epss 0.75

    The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image.

  • CVE-2016-1655HigApr 18, 2016
    risk 0.57cvss 8.8epss 0.02

    Google Chrome before 50.0.2661.75 does not properly consider that frame removal may occur during callback execution, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted extension.

  • CVE-2016-1653HigApr 18, 2016
    risk 0.57cvss 8.8epss 0.03

    The LoadBuffer implementation in Google V8, as used in Google Chrome before 50.0.2661.75, mishandles data types, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers an out-of-bounds write…

  • CVE-2016-3679HigMar 29, 2016
    risk 0.57cvss 8.8epss 0.01

    Multiple unspecified vulnerabilities in Google V8 before 4.9.385.33, as used in Google Chrome before 49.0.2623.108, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

  • CVE-2016-1649HigMar 29, 2016
    risk 0.57cvss 8.8epss 0.03

    The Program::getUniformInternal function in Program.cpp in libANGLE, as used in Google Chrome before 49.0.2623.108, does not properly handle a certain data-type mismatch, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified…

  • CVE-2016-1647HigMar 29, 2016
    risk 0.57cvss 8.8epss 0.02

    Use-after-free vulnerability in the RenderWidgetHostImpl::Destroy function in content/browser/renderer_host/render_widget_host_impl.cc in the Navigation implementation in Google Chrome before 49.0.2623.108 allows remote attackers to cause a denial of service or possibly have…

  • CVE-2016-2330HigFeb 12, 2016
    risk 0.57cvss 8.8epss 0.03

    libavcodec/gif.c in FFmpeg before 2.8.6 does not properly calculate a buffer size, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted .tga file, related to the gif_image_write_image,…

  • CVE-2016-2326HigFeb 12, 2016
    risk 0.57cvss 8.8epss 0.03

    Integer overflow in the asf_write_packet function in libavformat/asfenc.c in FFmpeg before 2.8.5 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PTS (aka presentation timestamp) value in a .mov file.

  • CVE-2014-1497HigMar 19, 2014
    risk 0.57cvss 8.8epss 0.03

    The mozilla::WaveReader::DecodeAudioData function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process heap memory, cause a denial of service…

  • CVE-2011-2690HigJul 17, 2011
    risk 0.57cvss 8.8epss 0.03

    Buffer overflow in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4, when used by an application that calls the png_rgb_to_gray function but not the png_set_expand function, allows remote attackers to overwrite memory with an arbitrary…

  • CVE-2010-2943HigSep 30, 2010
    risk 0.57cvss 8.1epss 0.17

    The xfs implementation in the Linux kernel before 2.6.35 does not look up inode allocation btrees before reading inode buffers, which allows remote authenticated users to read unlinked files, or read or overwrite disk blocks that are currently assigned to an active file but were…

  • CVE-2010-1773HigSep 24, 2010
    risk 0.57cvss 8.8epss 0.02

    Off-by-one error in the toAlphabetic function in rendering/RenderListMarker.cpp in WebCore in WebKit before r59950, as used in Google Chrome before 5.0.375.70, allows remote attackers to obtain sensitive information, cause a denial of service (memory corruption and application…

  • CVE-2010-1772HigSep 24, 2010
    risk 0.57cvss 8.8epss 0.02

    Use-after-free vulnerability in page/Geolocation.cpp in WebCore in WebKit before r59859, as used in Google Chrome before 5.0.375.70, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site, related to failure to…

  • CVE-2008-2934HigJul 18, 2008
    risk 0.57cvss 8.8epss 0.04

    Mozilla Firefox 3 before 3.0.1 on Mac OS X allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file that triggers a free of an uninitialized pointer.

  • CVE-2008-0166HigMay 13, 2008
    risk 0.57cvss 7.5epss 0.71

    OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptographic keys.

Page 9 of 95