VYPR

Vendor CVEs

Canonical

All CVEs

2,026 total · sorted by risk
  • CVE-2014-8132Dec 29, 2014
    risk 0.00cvss epss 0.05

    Double free vulnerability in the ssh_packet_kexinit function in kex.c in libssh 0.5.x and 0.6.x before 0.6.4 allows remote attackers to cause a denial of service via a crafted kexinit packet.

  • CVE-2014-8136Dec 19, 2014
    risk 0.00cvss epss 0.00

    The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a denial of service via unspecified vectors.

  • CVE-2014-8117Dec 17, 2014
    risk 0.00cvss epss 0.06

    softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors.

  • CVE-2014-8116Dec 17, 2014
    risk 0.00cvss epss 0.04

    The ELF parser (readelf.c) in file before 5.21 allows remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities.

  • CVE-2014-5353Dec 16, 2014
    risk 0.00cvss epss 0.05

    The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (daemon crash) via a successful LDAP query with…

  • CVE-2014-9323Dec 16, 2014
    risk 0.00cvss epss 0.03

    The xdr_status_vector function in Firebird before 2.1.7 and 2.5.x before 2.5.3 SU1 allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and crash) via an op_response action with a non-empty status.

  • CVE-2014-6053Dec 15, 2014
    risk 0.00cvss epss 0.08

    The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier does not properly handle attempts to send a large amount of ClientCutText data, which allows remote attackers to cause a denial of service (memory consumption or daemon…

  • CVE-2014-6052Dec 15, 2014
    risk 0.00cvss epss 0.07

    The HandleRFBServerMessage function in libvncclient/rfbproto.c in LibVNCServer 0.9.9 and earlier does not check certain malloc return values, which allows remote VNC servers to cause a denial of service (application crash) or possibly execute arbitrary code by specifying a large…

  • CVE-2014-8737Dec 9, 2014
    risk 0.00cvss epss 0.01

    Multiple directory traversal vulnerabilities in GNU binutils 2.24 and earlier allow local users to delete arbitrary files via a .. (dot dot) or full path name in an archive to (1) strip or (2) objcopy or create arbitrary files via (3) a .. (dot dot) or full path name in an…

  • CVE-2014-8504Dec 9, 2014
    risk 0.00cvss epss 0.06

    Stack-based buffer overflow in the srec_scan function in bfd/srec.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a crafted file.

  • CVE-2014-8503Dec 9, 2014
    risk 0.00cvss epss 0.06

    Stack-based buffer overflow in the ihex_scan function in bfd/ihex.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a crafted ihex file.

  • CVE-2014-8502Dec 9, 2014
    risk 0.00cvss epss 0.05

    Heap-based buffer overflow in the pe_print_edata function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a truncated export table in a PE file.

  • CVE-2014-8501Dec 9, 2014
    risk 0.00cvss epss 0.05

    The _bfd_XXi_swap_aouthdr_in function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) and possibly have other unspecified impact via a crafted NumberOfRvaAndSizes field in the AOUT header in a PE…

  • CVE-2014-8484Dec 9, 2014
    risk 0.00cvss epss 0.05

    The srec_scan function in bfd/srec.c in libdbfd in GNU binutils before 2.25 allows remote attackers to cause a denial of service (out-of-bounds read) via a small S-record.

  • CVE-2012-6656Dec 5, 2014
    risk 0.00cvss epss 0.03

    iconvdata/ibm930.c in GNU C Library (aka glibc) before 2.16 allows context-dependent attackers to cause a denial of service (out-of-bounds read) via a multibyte character value of "0xffff" to the iconv function when converting IBM930 encoded data to UTF-8.

  • CVE-2014-8104Dec 3, 2014
    risk 0.00cvss epss 0.03

    OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via a small control channel packet.

  • CVE-2014-9087Dec 1, 2014
    risk 0.00cvss epss 0.05

    Integer underflow in the ksba_oid_to_str function in Libksba before 1.3.2, as used in GnuPG, allows remote attackers to cause a denial of service (crash) via a crafted OID in a (1) S/MIME message or (2) ECC based OpenPGP data, which triggers a buffer overflow.

  • CVE-2014-9093Nov 26, 2014
    risk 0.00cvss epss 0.04

    LibreOffice before 4.3.5 allows remote attackers to cause a denial of service (invalid write operation and crash) and possibly execute arbitrary code via a crafted RTF file.

  • CVE-2014-1421Nov 25, 2014
    risk 0.00cvss epss 0.01

    mountall 1.54, as used in Ubuntu 14.10, does not properly handle the umask when using the mount utility, which allows local users to bypass intended access restrictions via unspecified vectors.

  • CVE-2014-7817Nov 24, 2014
    risk 0.00cvss epss 0.01

    The wordexp function in GNU C Library (aka glibc) 2.21 does not enforce the WRDE_NOCMD flag, which allows context-dependent attackers to execute arbitrary commands, as demonstrated by input containing "$((`...`))".

  • CVE-2014-1424Nov 24, 2014
    risk 0.00cvss epss 0.02

    apparmor_parser in the apparmor package before 2.8.95~2430-0ubuntu5.1 in Ubuntu 14.04 allows attackers to bypass AppArmor policies via unspecified vectors, related to a "miscompilation flaw."

  • CVE-2014-7824Nov 18, 2014
    risk 0.00cvss epss 0.01

    D-Bus 1.3.0 through 1.6.x before 1.6.26, 1.8.x before 1.8.10, and 1.9.x before 1.9.2 allows local users to cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors. NOTE: this vulnerability exists because of…

  • CVE-2014-5388Nov 15, 2014
    risk 0.00cvss epss 0.00

    Off-by-one error in the pci_read function in the ACPI PCI hotplug interface (hw/acpi/pcihp.c) in QEMU allows local guest users to obtain sensitive information and have other unspecified impact related to a crafted PCI device that triggers memory corruption.

  • CVE-2014-4975Nov 15, 2014
    risk 0.00cvss epss 0.04

    Off-by-one error in the encodes function in pack.c in Ruby 1.9.3 and earlier, and 2.x through 2.1.2, when using certain format string specifiers, allows context-dependent attackers to cause a denial of service (segmentation fault) via vectors that trigger a stack-based buffer…

  • CVE-2014-3707Nov 15, 2014
    risk 0.00cvss epss 0.05

    The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPT_COPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds read that allows remote web servers to read sensitive memory…

  • CVE-2014-7815Nov 14, 2014
    risk 0.00cvss epss 0.04

    The set_pixel_format function in ui/vnc.c in QEMU allows remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value.

  • CVE-2014-3689Nov 14, 2014
    risk 0.00cvss epss 0.00

    The vmware-vga driver (hw/display/vmware_vga.c) in QEMU allows local guest users to write to qemu memory locations and gain privileges via unspecified parameters related to rectangle handling.

  • CVE-2014-8564Nov 13, 2014
    risk 0.00cvss epss 0.03

    The _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in GnuTLS 3.x before 3.1.28, 3.2.x before 3.2.20, and 3.3.x before 3.3.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) Elliptic Curve Cryptography (ECC) certificate or (2)…

  • CVE-2014-3693Nov 7, 2014
    risk 0.00cvss epss 0.05

    Use-after-free vulnerability in the socket manager of Impress Remote in LibreOffice 4.x before 4.2.7 and 4.3.x before 4.3.3 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to TCP port 1599.

  • CVE-2014-3640Nov 7, 2014
    risk 0.00cvss epss 0.00

    The sosendto function in slirp/udp.c in QEMU before 2.1.2 allows local users to cause a denial of service (NULL pointer dereference) by sending a udp packet with a value of 0 in the source port and address, which triggers access of an uninitialized socket.

  • CVE-2014-8483Nov 6, 2014
    risk 0.00cvss epss 0.04

    The blowfishECB function in core/cipher.cpp in Quassel IRC 0.10.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a malformed string.

  • CVE-2014-8548Nov 5, 2014
    risk 0.00cvss epss 0.02

    Off-by-one error in libavcodec/smc.c in FFmpeg before 2.4.2 allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted Quicktime Graphics (aka SMC) video data.

  • CVE-2014-8547Nov 5, 2014
    risk 0.00cvss epss 0.03

    libavcodec/gifdec.c in FFmpeg before 2.4.2 does not properly compute image heights, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted GIF data.

  • CVE-2014-8544Nov 5, 2014
    risk 0.00cvss epss 0.03

    libavcodec/tiff.c in FFmpeg before 2.4.2 does not properly validate bits-per-pixel fields, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted TIFF data.

  • CVE-2014-8543Nov 5, 2014
    risk 0.00cvss epss 0.03

    libavcodec/mmvideo.c in FFmpeg before 2.4.2 does not consider all lines of HHV Intra blocks during validation of image height, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted MM video data.

  • CVE-2014-8542Nov 5, 2014
    risk 0.00cvss epss 0.02

    libavcodec/utils.c in FFmpeg before 2.4.2 omits a certain codec ID during enforcement of alignment, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted JV data.

  • CVE-2014-8541Nov 5, 2014
    risk 0.00cvss epss 0.02

    libavcodec/mjpegdec.c in FFmpeg before 2.4.2 considers only dimension differences, and not bits-per-pixel differences, when determining whether an image size has changed, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have…

  • CVE-2014-3710Nov 5, 2014
    risk 0.00cvss epss 0.14

    The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted…

  • CVE-2014-3660Nov 4, 2014
    risk 0.00cvss epss 0.04

    parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML document containing a large number of nested…

  • CVE-2014-8080Nov 3, 2014
    risk 0.00cvss epss 0.05

    The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document, aka an XML Entity Expansion (XEE) attack.

  • CVE-2014-3615Nov 1, 2014
    risk 0.00cvss epss 0.00

    The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a high resolution.

  • CVE-2014-3694Oct 29, 2014
    risk 0.00cvss epss 0.02

    The (1) bundled GnuTLS SSL/TLS plugin and the (2) bundled OpenSSL SSL/TLS plugin in libpurple in Pidgin before 2.10.10 do not properly consider the Basic Constraints extension during verification of X.509 certificates from SSL servers, which allows man-in-the-middle attackers to…

  • CVE-2014-3564Oct 20, 2014
    risk 0.00cvss epss 0.04

    Multiple heap-based buffer overflows in the status_handler function in (1) engine-gpgsm.c and (2) engine-uiserver.c in GPGME before 1.5.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to "different line…

  • CVE-2014-3686Oct 16, 2014
    risk 0.00cvss epss 0.05

    wpa_supplicant and hostapd 0.7.2 through 2.2, when running with certain configurations and using wpa_cli or hostapd_cli with action scripts, allows remote attackers to execute arbitrary commands via a crafted frame.

  • CVE-2014-1829Oct 15, 2014
    risk 0.00cvss epss 0.02

    Requests (aka python-requests) before 2.3.0 allows remote servers to obtain a netrc password by reading the Authorization header in a redirected request.

  • CVE-2014-7230Oct 8, 2014
    risk 0.00cvss epss 0.00

    The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows local users to obtain passwords from commands that cause a ProcessExecutionError by reading the log.

  • CVE-2014-7204Oct 7, 2014
    risk 0.00cvss epss 0.04

    jscript.c in Exuberant Ctags 5.8 allows remote attackers to cause a denial of service (infinite loop and CPU and disk consumption) via a crafted JavaScript file.

  • CVE-2014-3565Oct 7, 2014
    risk 0.00cvss epss 0.05

    snmplib/mib.c in net-snmp 5.7.0 and earlier, when the -OQ option is used, allows remote attackers to cause a denial of service (snmptrapd crash) via a crafted SNMP trap message, which triggers a conversion to the variable type designated in the MIB file, as demonstrated by a…

  • CVE-2014-6054Oct 6, 2014
    risk 0.00cvss epss 0.06

    The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier allows remote attackers to cause a denial of service (divide-by-zero error and server crash) via a zero value in the scaling factor in a (1) PalmVNCSetScaleFactor or (2)…

  • CVE-2014-3633Oct 6, 2014
    risk 0.00cvss epss 0.03

    The qemuDomainGetBlockIoTune function in qemu/qemu_driver.c in libvirt before 1.2.9, when a disk has been hot-plugged or removed from the live image, allows remote attackers to cause a denial of service (crash) or read sensitive heap information via a crafted blkiotune query,…

Page 29 of 41