VYPR

Vendor CVEs

Canonical

All CVEs

2,026 total · sorted by risk
  • CVE-2015-1324HigAug 25, 2017
    risk 0.51cvss 7.8epss 0.00

    Apport before 2.17.2-0ubuntu1.1 as packaged in Ubuntu 15.04, before 2.14.70ubuntu8.5 as packaged in Ubuntu 14.10, before 2.14.1-0ubuntu3.11 as packaged in Ubuntu 14.04 LTS, and before 2.0.1-0ubuntu17.9 as packaged in Ubuntu 12.04 LTS allow local users to write to arbitrary files…

  • CVE-2017-7980HigJul 25, 2017
    risk 0.51cvss 7.8epss 0.01

    Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2.8 and earlier allows local guest OS users to execute arbitrary code or cause a denial of service (crash) via vectors related to a VNC client updating its display after a VGA operation.

  • CVE-2017-11473HigJul 20, 2017
    risk 0.51cvss 7.8epss 0.00

    Buffer overflow in the mp_override_legacy_irq() function in arch/x86/kernel/acpi/boot.c in the Linux kernel through 3.2 allows local users to gain privileges via a crafted ACPI table.

  • CVE-2017-11111HigJul 8, 2017
    risk 0.51cvss 7.8epss 0.02

    In Netwide Assembler (NASM) 2.14rc0, preproc.c allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.

  • CVE-2017-10686HigJun 29, 2017
    risk 0.51cvss 7.8epss 0.03

    In Netwide Assembler (NASM) 2.14rc0, there are multiple heap use after free vulnerabilities in the tool nasm. The related heap is allocated in the token() function and freed in the detoken() function (called by pp_getline()) - it is used again at multiple positions later that…

  • CVE-2017-9985HigJun 28, 2017
    risk 0.51cvss 7.8epss 0.00

    The snd_msndmidi_input_read function in sound/isa/msnd/msnd_midi.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service (over-boundary access) or possibly have unspecified other impact by changing the value of a message queue head pointer between…

  • CVE-2017-7889HigApr 17, 2017
    risk 0.51cvss 7.8epss 0.00

    The mm subsystem in the Linux kernel through 3.2 does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism, which allows local users to read or write to kernel memory locations in the first megabyte (and bypass slab-allocation access restrictions) via an…

  • CVE-2017-7358HigApr 5, 2017
    risk 0.51cvss 7.3epss 0.03

    In LightDM through 1.22.0, a directory traversal issue in debian/guest-account.sh allows local attackers to own arbitrary directory path locations and escalate privileges to root when the guest user logs out.

  • CVE-2017-6964HigMar 28, 2017
    risk 0.51cvss 7.8epss 0.00

    dmcrypt-get-device, as shipped in the eject package of Debian and Ubuntu, does not check the return value of the (1) setuid or (2) setgid function, which might cause dmcrypt-get-device to execute code, which was intended to run as an unprivileged user, as root. This affects…

  • CVE-2016-9775HigMar 23, 2017
    risk 0.51cvss 7.8epss 0.01

    The postrm script in the tomcat6 package before 6.0.45+dfsg-1~deb7u3 on Debian wheezy, before 6.0.45+dfsg-1~deb8u1 on Debian jessie, before 6.0.35-1ubuntu3.9 on Ubuntu 12.04 LTS and on Ubuntu 14.04 LTS; the tomcat7 package before 7.0.28-4+deb7u7 on Debian wheezy, before…

  • CVE-2016-9774HigMar 23, 2017
    risk 0.51cvss 7.8epss 0.01

    The postinst script in the tomcat6 package before 6.0.45+dfsg-1~deb7u4 on Debian wheezy, before 6.0.35-1ubuntu3.9 on Ubuntu 12.04 LTS and on Ubuntu 14.04 LTS; the tomcat7 package before 7.0.28-4+deb7u8 on Debian wheezy, before 7.0.56-3+deb8u6 on Debian jessie, before…

  • CVE-2017-5669HigFeb 24, 2017
    risk 0.51cvss 7.8epss 0.00

    The do_shmat function in ipc/shm.c in the Linux kernel through 4.9.12 does not restrict the address calculated by a certain rounding operation, which allows local users to map page zero, and consequently bypass a protection mechanism that exists for the mmap system call, by…

  • CVE-2016-7913HigNov 16, 2016
    risk 0.51cvss 7.8epss 0.02

    The xc2028_set_config function in drivers/media/tuners/tuner-xc2028.c in the Linux kernel before 4.6 allows local users to gain privileges or cause a denial of service (use-after-free) via vectors involving omission of the firmware name from a certain data structure.

  • CVE-2015-8931HigSep 20, 2016
    risk 0.51cvss 7.8epss 0.02

    Multiple integer overflows in the (1) get_time_t_max and (2) get_time_t_min functions in archive_read_support_format_mtree.c in libarchive before 3.2.0 allow remote attackers to have unspecified impact via a crafted mtree file, which triggers undefined behavior.

  • CVE-2016-5384HigAug 13, 2016
    risk 0.51cvss 7.8epss 0.00

    fontconfig before 2.12.1 does not validate offsets, which allows local users to trigger arbitrary free calls and consequently conduct double free attacks and execute arbitrary code via a crafted cache file.

  • CVE-2016-6185HigAug 2, 2016
    risk 0.51cvss 7.8epss 0.01

    The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory.

  • CVE-2016-4324HigJul 8, 2016
    risk 0.51cvss 7.8epss 0.03

    Use-after-free vulnerability in LibreOffice before 5.1.4 allows remote attackers to execute arbitrary code via a crafted RTF file, related to stylesheet and superscript tokens.

  • CVE-2016-5829HigJun 27, 2016
    risk 0.51cvss 7.8epss 0.00

    Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel through 4.6.3 allow local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES…

  • CVE-2016-5828HigJun 27, 2016
    risk 0.51cvss 7.8epss 0.00

    The start_thread function in arch/powerpc/kernel/process.c in the Linux kernel through 4.6.3 on powerpc platforms mishandles transactional state, which allows local users to cause a denial of service (invalid process state or TM Bad Thing exception, and system crash) or possibly…

  • CVE-2016-5338HigJun 14, 2016
    risk 0.51cvss 7.8epss 0.01

    The (1) esp_reg_read and (2) esp_reg_write functions in hw/scsi/esp.c in QEMU allow local guest OS administrators to cause a denial of service (QEMU process crash) or execute arbitrary code on the QEMU host via vectors related to the information transfer buffer.

  • CVE-2015-5260HigJun 7, 2016
    risk 0.51cvss 7.8epss 0.01

    Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via QXL commands related to the surface_id parameter.

  • CVE-2016-5126HigJun 1, 2016
    risk 0.51cvss 7.8epss 0.01

    Heap-based buffer overflow in the iscsi_aio_ioctl function in block/iscsi.c in QEMU allows local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call.

  • CVE-2016-4951HigMay 23, 2016
    risk 0.51cvss 7.8epss 0.01

    The tipc_nl_publ_dump function in net/tipc/socket.c in the Linux kernel through 4.6 does not verify socket existence, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a dumpit…

  • CVE-2016-4913HigMay 23, 2016
    risk 0.51cvss 7.8epss 0.01

    The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles NM (aka alternate name) entries containing \0 characters, which allows local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via…

  • CVE-2016-4805HigMay 23, 2016
    risk 0.51cvss 7.8epss 0.00

    Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel before 4.5.2 allows local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to…

  • CVE-2016-4794HigMay 23, 2016
    risk 0.51cvss 7.8epss 0.01

    Use-after-free vulnerability in mm/percpu.c in the Linux kernel through 4.6 allows local users to cause a denial of service (BUG) or possibly have unspecified other impact via crafted use of the mmap and bpf system calls.

  • CVE-2016-4565HigMay 23, 2016
    risk 0.51cvss 7.8epss 0.00

    The InfiniBand (aka IB) stack in the Linux kernel before 4.5.3 incorrectly relies on the write system call, which allows local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface.

  • CVE-2016-4556HigMay 10, 2016
    risk 0.51cvss 7.5epss 0.23

    Double free vulnerability in Esi.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via a crafted Edge Side Includes (ESI) response.

  • CVE-2015-8868HigMay 6, 2016
    risk 0.51cvss 7.8epss 0.05

    Heap-based buffer overflow in the ExponentialFunction::ExponentialFunction function in Poppler before 0.40.0 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via an invalid blend mode in the ExtGState…

  • CVE-2014-9765HigApr 19, 2016
    risk 0.51cvss 8.8epss 0.04

    Buffer overflow in the main_get_appheader function in xdelta3-main.h in xdelta3 before 3.0.9 allows remote attackers to execute arbitrary code via a crafted input file.

  • CVE-2016-3981HigApr 13, 2016
    risk 0.51cvss 7.8epss 0.04

    Heap-based buffer overflow in the bmp_read_rows function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (out-of-bounds read or write access and crash) or possibly execute arbitrary code via a crafted image file.

  • CVE-2016-3157HigApr 12, 2016
    risk 0.51cvss 7.8epss 0.01

    The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel does not properly context-switch IOPL on 64-bit PV Xen guests, which allows local guest OS users to gain privileges, cause a denial of service (guest OS crash), or obtain sensitive information by…

  • CVE-2016-2510HigApr 7, 2016
    risk 0.51cvss 8.1epss 0.70

    BeanShell (bsh) before 2.0b6, when included on the classpath by an application that uses Java serialization or XStream, allows remote attackers to execute arbitrary code via crafted serialized data, related to XThis.Handler.

  • CVE-2016-0797HigMar 3, 2016
    risk 0.51cvss 7.5epss 0.27

    Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the…

  • CVE-2016-0714HigFeb 25, 2016
    risk 0.51cvss 8.8epss 0.13

    The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary…

  • CVE-2016-0795HigFeb 18, 2016
    risk 0.51cvss 7.8epss 0.03

    LibreOffice before 5.0.5 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted LwpTocSuperLayout record in a LotusWordPro (lwp) document.

  • CVE-2016-0794HigFeb 18, 2016
    risk 0.51cvss 7.8epss 0.03

    The lwp filter in LibreOffice before 5.0.4 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted LotusWordPro (lwp) document.

  • CVE-2015-3193HigDec 6, 2015
    risk 0.51cvss 7.5epss 0.25

    The Montgomery squaring implementation in crypto/bn/asm/x86_64-mont5.pl in OpenSSL 1.0.2 before 1.0.2e on the x86_64 platform, as used by the BN_mod_exp function, mishandles carry propagation and produces incorrect output, which makes it easier for remote attackers to obtain…

  • CVE-2010-4656HigJul 18, 2011
    risk 0.51cvss 7.8epss 0.00

    The iowarrior_write function in drivers/usb/misc/iowarrior.c in the Linux kernel before 2.6.37 does not properly allocate memory, which might allow local users to trigger a heap-based buffer overflow, and consequently cause a denial of service or gain privileges, via a long…

  • CVE-2010-2960HigSep 8, 2010
    risk 0.51cvss 7.8epss 0.01

    The keyctl_session_to_parent function in security/keys/keyctl.c in the Linux kernel 2.6.35.4 and earlier expects that a certain parent session keyring exists, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have…

  • CVE-2010-2798HigSep 8, 2010
    risk 0.51cvss 7.8epss 0.00

    The gfs2_dirent_find_space function in fs/gfs2/dir.c in the Linux kernel before 2.6.35 uses an incorrect size value in calculations associated with sentinel directory entries, which allows local users to cause a denial of service (NULL pointer dereference and panic) and possibly…

  • CVE-2010-2524HigSep 8, 2010
    risk 0.51cvss 7.8epss 0.00

    The DNS resolution functionality in the CIFS implementation in the Linux kernel before 2.6.35, when CONFIG_CIFS_DFS_UPCALL is enabled, relies on a user's keyring for the dns_resolver upcall in the cifs.upcall userspace helper, which allows local users to spoof the results of DNS…

  • CVE-2009-3620HigOct 22, 2009
    risk 0.51cvss 7.8epss 0.00

    The ATI Rage 128 (aka r128) driver in the Linux kernel before 2.6.31-git11 does not properly verify Concurrent Command Engine (CCE) state initialization, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly gain privileges…

  • CVE-2008-2931HigJul 9, 2008
    risk 0.51cvss 7.8epss 0.00

    The do_change_type function in fs/namespace.c in the Linux kernel before 2.6.22 does not verify that the caller has the CAP_SYS_ADMIN capability, which allows local users to gain privileges or cause a denial of service by modifying the properties of a mountpoint.

  • CVE-2008-2812HigJul 9, 2008
    risk 0.51cvss 7.8epss 0.00

    The Linux kernel before 2.6.25.10 does not properly perform tty operations, which allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving NULL pointer dereference of function pointers in (1) hamradio/6pack.c, (2)…

  • CVE-2007-4988HigSep 24, 2007
    risk 0.51cvss 7.8epss 0.03

    Sign extension error in the ReadDIBImage function in ImageMagick before 6.3.5-9 allows context-dependent attackers to execute arbitrary code via a crafted width value in an image file, which triggers an integer overflow and a heap-based buffer overflow.

  • CVE-2022-39177HigSep 2, 2022
    risk 0.50cvss 8.8epss 0.01

    BlueZ before 5.59 allows physically proximate attackers to cause a denial of service because malformed and invalid capabilities can be processed in profiles/audio/avdtp.c.

  • CVE-2022-39176HigSep 2, 2022
    risk 0.50cvss 8.8epss 0.01

    BlueZ before 5.59 allows physically proximate attackers to obtain sensitive information because profiles/audio/avrcp.c does not validate params_len.

  • CVE-2017-15275HigNov 27, 2017
    risk 0.50cvss 7.5epss 0.21

    Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failure of the server to clear allocated heap memory.

  • CVE-2015-8567HigApr 13, 2017
    risk 0.50cvss 7.7epss 0.06

    Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption).

Page 6 of 41