VYPR

Enterprise Linux Desktop

by Red Hat

CVEs (999)

  • CVE-2005-0750Mar 27, 2005
    risk 0.03cvss epss 0.01

    The bluez_sock_create function in the Bluetooth stack for Linux kernel 2.4.6 through 2.4.30-rc1 and 2.6 through 2.6.11.5 allows local users to gain privileges via (1) socket or (2) socketpair call with a negative protocol value.

  • CVE-2005-0736Mar 9, 2005
    risk 0.03cvss epss 0.02

    Integer overflow in sys_epoll_wait in eventpoll.c for Linux kernel 2.6 to 2.6.11 allows local users to overwrite kernel memory via a large number of events.

  • CVE-2005-0156Feb 7, 2005
    risk 0.03cvss epss 0.01

    Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree.

  • CVE-2004-1073Jan 10, 2005
    risk 0.03cvss epss 0.01

    The open_exec function in the execve functionality (exec.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, allows local users to read non-readable ELF binaries by using the interpreter (PT_INTERP) functionality.

  • CVE-2015-4026Jun 9, 2015
    risk 0.02cvss epss 0.20

    The pcntl_exec implementation in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character, which might allow remote attackers to bypass intended extension restrictions and execute files with unexpected names via a…

  • CVE-2015-4025Jun 9, 2015
    risk 0.02cvss epss 0.20

    PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character in certain situations, which allows remote attackers to bypass intended extension restrictions and access files or directories with unexpected names via a…

  • CVE-2015-4022Jun 9, 2015
    risk 0.02cvss epss 0.21

    Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow.

  • CVE-2015-4021Jun 9, 2015
    risk 0.02cvss epss 0.21

    The phar_parse_tarfile function in ext/phar/tar.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 does not verify that the first character of a filename is different from the \0 character, which allows remote attackers to cause a denial of service (integer…

  • CVE-2014-2497Mar 21, 2014
    risk 0.02cvss epss 0.22

    The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file.

  • CVE-2013-1896Jul 10, 2013
    risk 0.02cvss epss 0.29

    mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn…

  • CVE-2013-1862Jun 10, 2013
    risk 0.02cvss epss 0.25

    mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a…

  • CVE-2008-0456Jan 25, 2008
    risk 0.02cvss epss 0.19

    CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and…

  • CVE-2006-5752Jun 27, 2007
    risk 0.02cvss epss 0.28

    Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors…

  • CVE-2016-0505Jan 21, 2016
    risk 0.01cvss epss 0.08

    Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Options.

  • CVE-2015-8327Dec 17, 2015
    risk 0.01cvss epss 0.10

    Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.2.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via ` (backtick) characters in a print job.

  • CVE-2015-8241Dec 15, 2015
    risk 0.01cvss epss 0.07

    The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.

  • CVE-2015-7499Dec 15, 2015
    risk 0.01cvss epss 0.06

    Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors.

  • CVE-2015-3196Dec 6, 2015
    risk 0.01cvss epss 0.13

    ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service (race condition and double…

  • CVE-2015-7981Nov 24, 2015
    risk 0.01cvss epss 0.06

    The png_convert_to_rfc1123 function in png.c in libpng 1.0.x before 1.0.64, 1.2.x before 1.2.54, and 1.4.x before 1.4.17 allows remote attackers to obtain sensitive process memory information via crafted tIME chunk data in an image file, which triggers an out-of-bounds read.

  • CVE-2015-8126Nov 13, 2015
    risk 0.01cvss epss 0.10

    Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application…

Page 28 of 50