VYPR

Vendor CVEs

Canonical

All CVEs

2,026 total · sorted by risk
  • CVE-2016-0665MedApr 21, 2016
    risk 0.36cvss 5.5epss 0.01

    Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier allows local users to affect availability via vectors related to Security: Encryption.

  • CVE-2015-7802MedApr 20, 2016
    risk 0.36cvss 5.5epss 0.02

    gifread.c in gif2png, as used in OptiPNG before 0.7.6, allows remote attackers to cause a denial of service (uninitialized memory read) via a crafted GIF file.

  • CVE-2016-3941MedApr 18, 2016
    risk 0.36cvss 5.5epss 0.01

    Buffer overflow in the AStreamPeekStream function in input/stream.c in VideoLAN VLC media player before 2.2.0 allows remote attackers to cause a denial of service (crash) via a crafted wav file, related to "seek across EOF."

  • CVE-2016-3961MedApr 15, 2016
    risk 0.36cvss 5.5epss 0.01

    Xen and the Linux kernel through 4.5.x do not properly suppress hugetlbfs support in x86 PV guests, which allows local PV guest OS users to cause a denial of service (guest OS crash) by attempting to access a hugetlbfs mapped area.

  • CVE-2015-5299MedDec 29, 2015
    risk 0.36cvss 5.3epss 0.14

    The shadow_copy2_get_shadow_copy_data function in modules/vfs_shadow_copy2.c in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not verify that the DIRECTORY_LIST access right has been granted, which allows remote attackers to access snapshots by…

  • CVE-2015-5296MedDec 29, 2015
    risk 0.36cvss 5.4epss 0.07

    Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 supports connections that are encrypted but unsigned, which allows man-in-the-middle attackers to conduct encrypted-to-unencrypted downgrade attacks by modifying the client-server data stream, related to…

  • CVE-2012-5656MedJan 18, 2013
    risk 0.36cvss 5.5epss 0.01

    The rasterization process in Inkscape before 0.48.4 allows local users to read arbitrary files via an external entity in a SVG file, aka an XML external entity (XXE) injection attack.

  • CVE-2012-1186MedJun 5, 2012
    risk 0.36cvss 5.5epss 0.02

    Integer overflow in the SyncImageProfiles function in profile.c in ImageMagick 6.7.5-8 and earlier allows remote attackers to cause a denial of service (infinite loop) via crafted IOP tag offsets in the IFD in an image. NOTE: this vulnerability exists because of an incomplete…

  • CVE-2012-0248MedJun 5, 2012
    risk 0.36cvss 5.5epss 0.02

    ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted image whose IFD contains IOP tags that all reference the beginning of the IDF.

  • CVE-2010-4655MedJul 18, 2011
    risk 0.36cvss 5.5epss 0.00

    net/core/ethtool.c in the Linux kernel before 2.6.36 does not initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability for an ethtool ioctl call.

  • CVE-2010-3079MedSep 30, 2010
    risk 0.36cvss 5.5epss 0.00

    kernel/trace/ftrace.c in the Linux kernel before 2.6.35.5, when debugfs is enabled, does not properly handle interaction between mutex possession and llseek operations, which allows local users to cause a denial of service (NULL pointer dereference and outage of all function…

  • CVE-2010-2538MedSep 30, 2010
    risk 0.36cvss 5.5epss 0.00

    Integer overflow in the btrfs_ioctl_clone function in fs/btrfs/ioctl.c in the Linux kernel before 2.6.35 might allow local users to obtain sensitive information via a BTRFS_IOC_CLONE_RANGE ioctl call.

  • CVE-2010-3078MedSep 21, 2010
    risk 0.36cvss 5.5epss 0.00

    The xfs_ioc_fsgetxattr function in fs/xfs/linux-2.6/xfs_ioctl.c in the Linux kernel before 2.6.36-rc4 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an ioctl call.

  • CVE-2010-2942MedSep 21, 2010
    risk 0.36cvss 5.5epss 0.00

    The actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc2 does not properly initialize certain structure members when performing dump operations, which allows local users to obtain potentially sensitive information from kernel memory…

  • CVE-2010-2066MedSep 8, 2010
    risk 0.36cvss 5.5epss 0.00

    The mext_check_arguments function in fs/ext4/move_extent.c in the Linux kernel before 2.6.35 allows local users to overwrite an append-only file via a MOVE_EXT ioctl call that specifies this file as a donor.

  • CVE-2009-3238MedSep 18, 2009
    risk 0.36cvss 5.5epss 0.02

    The get_random_int function in drivers/char/random.c in the Linux kernel before 2.6.30 produces insufficiently random numbers, which allows attackers to predict the return value, and possibly defeat protection mechanisms based on randomization, via vectors that leverage the…

  • CVE-2007-6716MedSep 4, 2008
    risk 0.36cvss 5.5epss 0.01

    fs/direct-io.c in the dio subsystem in the Linux kernel before 2.6.23 does not properly zero out the dio struct, which allows local users to cause a denial of service (OOPS), as demonstrated by a certain fio test.

  • CVE-2008-3275MedAug 12, 2008
    risk 0.36cvss 5.5epss 0.01

    The (1) real_lookup and (2) __lookup_hash functions in fs/namei.c in the vfs implementation in the Linux kernel before 2.6.25.15 do not prevent creation of a child dentry for a deleted (aka S_DEAD) directory, which allows local users to cause a denial of service ("overflow" of…

  • CVE-2026-5774MedApr 10, 2026
    risk 0.35cvss 6.4epss 0.00

    Improper synchronization of the userTokens map in the API server in Canonical Juju 4.0.5, 3.6.20, and 2.9.56 may allow an authenticated user to possibly cause a denial of service on the server or possibly reuse a single-use discharge token.

  • CVE-2025-68153MedApr 3, 2026
    risk 0.35cvss 6.5epss 0.00

    Juju is an open source application orchestration engine that enables any application operation on any infrastructure at any scale through special operators called ‘charms’. From versions 2.9 to before 2.9.56 and 3.6 to before 3.6.19, any authenticated user, machine or…

  • CVE-2017-13088MedOct 17, 2017
    risk 0.35cvss 5.3epss 0.02

    Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Integrity Group Temporal Key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points…

  • CVE-2017-13087MedOct 17, 2017
    risk 0.35cvss 5.3epss 0.02

    Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Group Temporal Key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients.

  • CVE-2017-13081MedOct 17, 2017
    risk 0.35cvss 5.3epss 0.02

    Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients.

  • CVE-2017-13080MedOct 17, 2017
    risk 0.35cvss 5.3epss 0.02

    Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients.

  • CVE-2017-13079MedOct 17, 2017
    risk 0.35cvss 5.3epss 0.02

    Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake, allowing an attacker within radio range to spoof frames from access points to clients.

  • CVE-2017-13078MedOct 17, 2017
    risk 0.35cvss 5.3epss 0.02

    Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the four-way handshake, allowing an attacker within radio range to replay frames from access points to clients.

  • CVE-2016-2375MedJan 6, 2017
    risk 0.35cvss 5.3epss 0.03

    An exploitable out-of-bounds read exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT contact information sent from the server can result in memory disclosure.

  • CVE-2016-6313MedDec 13, 2016
    risk 0.35cvss 5.3epss 0.04

    The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by leveraging knowledge of the previous 4640 bits.

  • CVE-2016-3615MedJul 21, 2016
    risk 0.35cvss 5.3epss 0.06

    Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.

  • CVE-2016-3614MedJul 21, 2016
    risk 0.35cvss 5.3epss 0.02

    Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Security: Encryption.

  • CVE-2016-5104MedJun 13, 2016
    risk 0.35cvss 5.3epss 0.03

    The socket_create function in common/socket.c in libimobiledevice and libusbmuxd allows remote attackers to bypass intended access restrictions and communicate with services on iOS devices by connecting to an IPv4 TCP socket.

  • CVE-2016-1692MedJun 5, 2016
    risk 0.35cvss 5.3epss 0.01

    WebKit/Source/core/css/StyleSheetContents.cpp in Blink, as used in Google Chrome before 51.0.2704.63, permits cross-origin loading of CSS stylesheets by a ServiceWorker even when the stylesheet download has an incorrect MIME type, which allows remote attackers to bypass the Same…

  • CVE-2013-7449MedApr 21, 2016
    risk 0.35cvss 6.5epss 0.01

    The ssl_do_connect function in common/server.c in HexChat before 2.10.2, XChat, and XChat-GNOME does not verify that the server hostname matches a domain name in the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid…

  • CVE-2016-0763MedFeb 25, 2016
    risk 0.35cvss 6.3epss 0.11

    The setGlobalContext method in org/apache/naming/factory/ResourceLinkFactory.java in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M3 does not consider whether ResourceLinkFactory.setGlobalContext callers are authorized, which allows remote…

  • CVE-2016-0747MedFeb 15, 2016
    risk 0.35cvss 5.3epss 0.08

    The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service (worker process resource consumption) via vectors related to arbitrary name resolution.

  • CVE-2015-7513MedFeb 8, 2016
    risk 0.35cvss 6.5epss 0.01

    arch/x86/kvm/x86.c in the Linux kernel before 4.4 does not reset the PIT counter values during state restoration, which allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via a zero value, related to the kvm_vm_ioctl_set_pit and…

  • CVE-2015-4000LowMay 21, 2015
    risk 0.35cvss 3.7epss 1.00

    The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by…

  • CVE-2013-0375MedJan 17, 2013
    risk 0.35cvss 5.4epss 0.02

    Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.1.28 and earlier, allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Server Replication.

  • CVE-2009-1961MedJun 8, 2009
    risk 0.34cvss 4.7epss 0.01

    The inode double locking code in fs/ocfs2/file.c in the Linux kernel 2.6.30 before 2.6.30-rc3, 2.6.27 before 2.6.27.24, 2.6.29 before 2.6.29.4, and possibly other versions down to 2.6.19 allows local users to cause a denial of service (prevention of file creation and removal)…

  • CVE-2016-2391MedJun 16, 2016
    risk 0.33cvss 5.0epss 0.00

    The ohci_bus_start function in the USB OHCI emulation support (hw/usb/hcd-ohci.c) in QEMU allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors related to multiple eof_timers.

  • CVE-2015-8872MedJun 3, 2016
    risk 0.33cvss 6.2epss 0.00

    The set_fat function in fat.c in dosfstools before 4.0 might allow attackers to corrupt a FAT12 filesystem or cause a denial of service (invalid memory read and crash) by writing an odd number of clusters to the third to last entry on a FAT12 filesystem, which triggers an…

  • CVE-2016-3140MedMay 2, 2016
    risk 0.33cvss 4.6epss 0.02

    The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.

  • CVE-2016-3136MedMay 2, 2016
    risk 0.33cvss 4.6epss 0.02

    The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device without two interrupt-in endpoint…

  • CVE-2016-0702MedMar 3, 2016
    risk 0.33cvss 5.1epss 0.02

    The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a…

  • CVE-2015-8767MedFeb 8, 2016
    risk 0.33cvss 6.2epss 0.00

    net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call.

  • CVE-2016-0762MedAug 10, 2017
    risk 0.32cvss 5.9epss 0.08

    The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid…

  • CVE-2016-5440MedJul 21, 2016
    risk 0.32cvss 4.9epss 0.04

    Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.

  • CVE-2016-5439MedJul 21, 2016
    risk 0.32cvss 4.9epss 0.03

    Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Privileges.

  • CVE-2016-1839MedMay 20, 2016
    risk 0.32cvss 5.5epss 0.07

    The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.

  • CVE-2016-1838MedMay 20, 2016
    risk 0.32cvss 5.5epss 0.07

    The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML…

Page 14 of 41