VYPR

Vendor CVEs

Canonical

All CVEs

2,026 total · sorted by risk
  • CVE-2017-17810MedDec 21, 2017
    risk 0.36cvss 5.5epss 0.01

    In Netwide Assembler (NASM) 2.14rc0, there is a "SEGV on unknown address" that will cause a remote denial of service attack, because asm/preproc.c mishandles macro calls that have the wrong number of arguments.

  • CVE-2017-17788MedDec 20, 2017
    risk 0.36cvss 5.5epss 0.01

    In GIMP 2.8.22, there is a stack-based buffer over-read in xcf_load_stream in app/xcf/xcf.c when there is no '\0' character after the version string.

  • CVE-2017-17669MedDec 13, 2017
    risk 0.36cvss 5.5epss 0.02

    There is a heap-based buffer over-read in the Exiv2::Internal::PngChunk::keyTXTChunk function of pngchunk_int.cpp in Exiv2 0.26. A crafted PNG file will lead to a remote denial of service attack.

  • CVE-2017-16611MedDec 1, 2017
    risk 0.36cvss 5.5epss 0.00

    In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open (but not read) files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be triggered by opening files.

  • CVE-2017-17087MedDec 1, 2017
    risk 0.36cvss 5.5epss 0.00

    fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp file to the editor's primary group (which may be different from the group ownership of the original file), which allows local users to obtain sensitive information by leveraging an applicable group membership,…

  • CVE-2017-15873MedOct 24, 2017
    risk 0.36cvss 5.5epss 0.01

    The get_next_block function in archival/libarchive/decompress_bunzip2.c in BusyBox 1.27.2 has an Integer Overflow that may lead to a write access violation.

  • CVE-2017-15298MedOct 14, 2017
    risk 0.36cvss 5.5epss 0.02

    Git through 2.14.2 mishandles layers of tree objects, which allows remote attackers to cause a denial of service (memory consumption) via a crafted repository, aka a Git bomb. This can also have an impact of disk consumption; however, an affected process typically would not…

  • CVE-2017-14864MedSep 29, 2017
    risk 0.36cvss 5.5epss 0.01

    An Invalid memory address dereference was discovered in Exiv2::getULong in types.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.

  • CVE-2017-14862MedSep 29, 2017
    risk 0.36cvss 5.5epss 0.01

    An Invalid memory address dereference was discovered in Exiv2::DataValue::read in value.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.

  • CVE-2017-14859MedSep 29, 2017
    risk 0.36cvss 5.5epss 0.01

    An Invalid memory address dereference was discovered in Exiv2::StringValueBase::read in value.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.

  • CVE-2017-14228MedSep 9, 2017
    risk 0.36cvss 5.5epss 0.01

    In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in the function paste_tokens() in preproc.c, aka a NULL pointer dereference. It will lead to remote denial of service.

  • CVE-2015-8621MedAug 7, 2017
    risk 0.36cvss 5.5epss 0.00

    t-coffee before 11.00.8cbe486-2 allows local users to write to ~/.t_coffee globally.

  • CVE-2015-1323MedJul 21, 2017
    risk 0.36cvss 5.5epss 0.00

    The simulate dbus method in aptdaemon before 1.1.1+bzr982-0ubuntu3.1 as packaged in Ubuntu 15.04, before 1.1.1+bzr980-0ubuntu1.1 as packaged in Ubuntu 14.10, before 1.1.1-1ubuntu5.2 as packaged in Ubuntu 14.04 LTS, before 0.43+bzr805-0ubuntu10 as packaged in Ubuntu 12.04 LTS…

  • CVE-2017-9473MedJun 7, 2017
    risk 0.36cvss 5.5epss 0.01

    In ytnef 1.9.2, the TNEFFillMapi function in lib/ytnef.c allows remote attackers to cause a denial of service (memory consumption) via a crafted file.

  • CVE-2017-9471MedJun 7, 2017
    risk 0.36cvss 5.5epss 0.01

    In ytnef 1.9.2, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.

  • CVE-2017-9210MedMay 23, 2017
    risk 0.36cvss 5.5epss 0.01

    libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to unparse functions, aka qpdf-infiniteloop3.

  • CVE-2017-9209MedMay 23, 2017
    risk 0.36cvss 5.5epss 0.01

    libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to QPDFObjectHandle::parseInternal, aka qpdf-infiniteloop2.

  • CVE-2017-9208MedMay 23, 2017
    risk 0.36cvss 5.5epss 0.01

    libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to releaseResolved functions, aka qpdf-infiniteloop1.

  • CVE-2017-7613MedApr 9, 2017
    risk 0.36cvss 5.5epss 0.02

    elflint.c in elfutils 0.168 does not validate the number of sections and the number of segments, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.

  • CVE-2017-7612MedApr 9, 2017
    risk 0.36cvss 5.5epss 0.02

    The check_sysv_hash function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.

  • CVE-2017-7611MedApr 9, 2017
    risk 0.36cvss 5.5epss 0.02

    The check_symtab_shndx function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.

  • CVE-2017-7610MedApr 9, 2017
    risk 0.36cvss 5.5epss 0.02

    The check_group function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.

  • CVE-2017-7608MedApr 9, 2017
    risk 0.36cvss 5.5epss 0.02

    The ebl_object_note_type_name function in eblobjnotetypename.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.

  • CVE-2016-9388MedMar 23, 2017
    risk 0.36cvss 5.5epss 0.02

    The ras_getcmap function in ras_dec.c in JasPer before 1.900.14 allows remote attackers to cause a denial of service (assertion failure) via a crafted image file.

  • CVE-2014-9845MedMar 20, 2017
    risk 0.36cvss 5.5epss 0.02

    The ReadDIBImage function in coders/dib.c in ImageMagick allows remote attackers to cause a denial of service (crash) via a corrupted dib file.

  • CVE-2014-9844MedMar 20, 2017
    risk 0.36cvss 5.5epss 0.02

    The ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image file.

  • CVE-2014-9853MedMar 17, 2017
    risk 0.36cvss 5.5epss 0.02

    Memory leak in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (memory consumption) via a crafted rle file.

  • CVE-2016-5824MedJan 27, 2017
    risk 0.36cvss 5.5epss 0.02

    libical 1.0 allows remote attackers to cause a denial of service (use-after-free) via a crafted ics file.

  • CVE-2016-9318MedNov 16, 2016
    risk 0.36cvss 5.5epss 0.03

    libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE)…

  • CVE-2016-7795MedOct 13, 2016
    risk 0.36cvss 5.5epss 0.01

    The manager_invoke_notify_message function in systemd 231 and earlier allows local users to cause a denial of service (assertion failure and PID 1 hang) via a zero-length message received over a notify socket.

  • CVE-2016-1372MedOct 3, 2016
    risk 0.36cvss 5.5epss 0.02

    ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause a denial of service (application crash) via a crafted 7z file.

  • CVE-2016-1371MedOct 3, 2016
    risk 0.36cvss 5.5epss 0.02

    ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause a denial of service (application crash) via a crafted mew packer executable.

  • CVE-2015-8934MedSep 20, 2016
    risk 0.36cvss 5.5epss 0.02

    The copy_from_lzss_window function in archive_read_support_format_rar.c in libarchive 3.2.0 and earlier allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted rar file.

  • CVE-2015-8933MedSep 20, 2016
    risk 0.36cvss 5.5epss 0.02

    Integer overflow in the archive_read_format_tar_skip function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file.

  • CVE-2015-8932MedSep 20, 2016
    risk 0.36cvss 5.5epss 0.02

    The compress_bidder_init function in archive_read_support_filter_compress.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file, which triggers an invalid left shift.

  • CVE-2015-8928MedSep 20, 2016
    risk 0.36cvss 5.5epss 0.02

    The process_add_entry function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file.

  • CVE-2015-8926MedSep 20, 2016
    risk 0.36cvss 5.5epss 0.02

    The archive_read_format_rar_read_data function in archive_read_support_format_rar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted rar archive.

  • CVE-2015-8925MedSep 20, 2016
    risk 0.36cvss 5.5epss 0.02

    The readline function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read) via a crafted mtree file, related to newline parsing.

  • CVE-2015-8924MedSep 20, 2016
    risk 0.36cvss 5.5epss 0.05

    The archive_read_format_tar_read_header function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tar file.

  • CVE-2015-8922MedSep 20, 2016
    risk 0.36cvss 5.5epss 0.02

    The read_CodersInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted 7z file, related to the _7z_folder struct.

  • CVE-2015-8920MedSep 20, 2016
    risk 0.36cvss 5.5epss 0.02

    The _ar_read_header function in archive_read_support_format_ar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds stack read) via a crafted ar file.

  • CVE-2016-5403MedAug 2, 2016
    risk 0.36cvss 5.5epss 0.01

    The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion.

  • CVE-2016-2178MedJun 20, 2016
    risk 0.36cvss 5.5epss 0.01

    The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack.

  • CVE-2016-5337MedJun 14, 2016
    risk 0.36cvss 5.5epss 0.00

    The megasas_ctrl_get_info function in hw/scsi/megasas.c in QEMU allows local guest OS administrators to obtain sensitive host memory information via vectors related to reading device control information.

  • CVE-2016-1582MedJun 9, 2016
    risk 0.36cvss 5.5epss 0.00

    LXD before 2.0.2 does not properly set permissions when switching an unprivileged container into privileged mode, which allows local users to access arbitrary world readable paths in the container directory via unspecified vectors.

  • CVE-2016-1581MedJun 9, 2016
    risk 0.36cvss 5.5epss 0.00

    LXD before 2.0.2 uses world-readable permissions for /var/lib/lxd/zfs.img when setting up a loop based ZFS pool, which allows local users to copy and read data from arbitrary containers via unspecified vectors.

  • CVE-2016-4581MedMay 23, 2016
    risk 0.36cvss 5.5epss 0.01

    fs/pnode.c in the Linux kernel before 4.5.4 does not properly traverse a mount propagation tree in a certain case involving a slave mount, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted series of mount system calls.

  • CVE-2016-4569MedMay 23, 2016
    risk 0.36cvss 5.5epss 0.01

    The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface.

  • CVE-2016-3712MedMay 11, 2016
    risk 0.36cvss 5.5epss 0.01

    Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode.

  • CVE-2016-3156MedApr 27, 2016
    risk 0.36cvss 5.5epss 0.01

    The IPv4 implementation in the Linux kernel before 4.5.2 mishandles destruction of device objects, which allows guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses.

Page 13 of 41