VYPR

Vendor CVEs

Debian

All CVEs

3,362 total · sorted by risk
  • CVE-2017-8353MedApr 30, 2017
    risk 0.42cvss 6.5epss 0.02

    In ImageMagick 7.0.5-5, the ReadPICTImage function in pict.c allows attackers to cause a denial of service (memory leak) via a crafted file.

  • CVE-2017-8352MedApr 30, 2017
    risk 0.42cvss 6.5epss 0.02

    In ImageMagick 7.0.5-5, the ReadXWDImage function in xwd.c allows attackers to cause a denial of service (memory leak) via a crafted file.

  • CVE-2017-8351MedApr 30, 2017
    risk 0.42cvss 6.5epss 0.02

    In ImageMagick 7.0.5-5, the ReadPCDImage function in pcd.c allows attackers to cause a denial of service (memory leak) via a crafted file.

  • CVE-2017-8350MedApr 30, 2017
    risk 0.42cvss 6.5epss 0.02

    In ImageMagick 7.0.5-5, the ReadJNGImage function in png.c allows attackers to cause a denial of service (memory leak) via a crafted file.

  • CVE-2017-8349MedApr 30, 2017
    risk 0.42cvss 6.5epss 0.02

    In ImageMagick 7.0.5-5, the ReadSFWImage function in sfw.c allows attackers to cause a denial of service (memory leak) via a crafted file.

  • CVE-2017-8348MedApr 30, 2017
    risk 0.42cvss 6.5epss 0.02

    In ImageMagick 7.0.5-5, the ReadMATImage function in mat.c allows attackers to cause a denial of service (memory leak) via a crafted file.

  • CVE-2017-8347MedApr 30, 2017
    risk 0.42cvss 6.5epss 0.02

    In ImageMagick 7.0.5-5, the ReadEXRImage function in exr.c allows attackers to cause a denial of service (memory leak) via a crafted file.

  • CVE-2017-8346MedApr 30, 2017
    risk 0.42cvss 6.5epss 0.02

    In ImageMagick 7.0.5-5, the ReadDCMImage function in dcm.c allows attackers to cause a denial of service (memory leak) via a crafted file.

  • CVE-2017-8345MedApr 30, 2017
    risk 0.42cvss 6.5epss 0.02

    In ImageMagick 7.0.5-5, the ReadMNGImage function in png.c allows attackers to cause a denial of service (memory leak) via a crafted file.

  • CVE-2017-8344MedApr 30, 2017
    risk 0.42cvss 6.5epss 0.02

    In ImageMagick 7.0.5-5, the ReadPCXImage function in pcx.c allows attackers to cause a denial of service (memory leak) via a crafted file.

  • CVE-2017-8343MedApr 30, 2017
    risk 0.42cvss 6.5epss 0.02

    In ImageMagick 7.0.5-5, the ReadAAIImage function in aai.c allows attackers to cause a denial of service (memory leak) via a crafted file.

  • CVE-2017-3453MedApr 24, 2017
    risk 0.42cvss 6.5epss 0.03

    Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network…

  • CVE-2017-7943MedApr 18, 2017
    risk 0.42cvss 6.5epss 0.03

    The ReadSVGImage function in svg.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file.

  • CVE-2017-7941MedApr 18, 2017
    risk 0.42cvss 6.5epss 0.03

    The ReadSGIImage function in sgi.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file.

  • CVE-2015-8345MedApr 13, 2017
    risk 0.42cvss 6.5epss 0.00

    The eepro100 emulator in QEMU qemu-kvm blank allows local guest users to cause a denial of service (application crash and infinite loop) via vectors involving the command block list.

  • CVE-2012-6697HigApr 13, 2017
    risk 0.42cvss 7.5epss 0.02

    InspIRCd before 2.0.7 allows remote attackers to cause a denial of service (infinite loop).

  • CVE-2017-7700MedApr 12, 2017
    risk 0.42cvss 6.5epss 0.02

    In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the NetScaler file parser could go into an infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by ensuring a nonzero record size.

  • CVE-2015-8613MedApr 11, 2017
    risk 0.42cvss 6.5epss 0.00

    Stack-based buffer overflow in the megasas_ctrl_get_info function in QEMU, when built with SCSI MegaRAID SAS HBA emulation support, allows local guest users to cause a denial of service (QEMU instance crash) via a crafted SCSI controller CTRL_GET_INFO command.

  • CVE-2015-8568MedApr 11, 2017
    risk 0.42cvss 6.5epss 0.00

    Memory leak in QEMU, when built with a VMWARE VMXNET3 paravirtual NIC emulator support, allows local guest users to cause a denial of service (host memory consumption) by trying to activate the vmxnet3 device repeatedly.

  • CVE-2015-8504MedApr 11, 2017
    risk 0.42cvss 6.5epss 0.03

    Qemu, when built with VNC display driver support, allows remote attackers to cause a denial of service (arithmetic exception and application crash) via crafted SetPixelFormat messages from a client.

  • CVE-2016-10149HigMar 24, 2017
    risk 0.42cvss 7.5epss 0.04

    XML External Entity (XXE) vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAML XML request or response.

  • CVE-2017-5856MedMar 16, 2017
    risk 0.42cvss 6.5epss 0.00

    Memory leak in the megasas_handle_dcmd function in hw/scsi/megasas.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption) via MegaRAID Firmware Interface (MFI) commands with the sglist size set to a value over…

  • CVE-2017-5667MedMar 16, 2017
    risk 0.42cvss 6.5epss 0.00

    The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds heap access and crash) or execute arbitrary code on the QEMU host via vectors involving the data…

  • CVE-2017-5579MedMar 15, 2017
    risk 0.42cvss 6.5epss 0.00

    Memory leak in the serial_exit_core function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations.

  • CVE-2017-5526MedMar 15, 2017
    risk 0.42cvss 6.5epss 0.00

    Memory leak in hw/audio/es1370.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations.

  • CVE-2017-5525MedMar 15, 2017
    risk 0.42cvss 6.5epss 0.00

    Memory leak in hw/audio/ac97.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations.

  • CVE-2016-10197HigMar 15, 2017
    risk 0.42cvss 7.5epss 0.05

    The search_make_new function in evdns.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (out-of-bounds read) via an empty hostname.

  • CVE-2016-10196HigMar 15, 2017
    risk 0.42cvss 7.5epss 0.05

    Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (segmentation fault) via vectors involving a long string in brackets in the ip_as_string argument.

  • CVE-2016-7798HigJan 30, 2017
    risk 0.42cvss 7.5epss 0.03

    The openssl gem for Ruby uses the same initialization vector (IV) in GCM Mode (aes-*-gcm) when the IV is set before the key, which makes it easier for context-dependent attackers to bypass the encryption protection mechanism.

  • CVE-2017-3258MedJan 27, 2017
    risk 0.42cvss 6.5epss 0.03

    Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access…

  • CVE-2017-3257MedJan 27, 2017
    risk 0.42cvss 6.5epss 0.03

    Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.34 and earlier5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols…

  • CVE-2016-10159HigJan 24, 2017
    risk 0.42cvss 7.5epss 0.08

    Integer overflow in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory consumption or application crash) via a truncated manifest entry in a PHAR archive.

  • CVE-2016-9916MedDec 29, 2016
    risk 0.42cvss 6.5epss 0.00

    Memory leak in hw/9pfs/9p-proxy.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) by leveraging a missing cleanup operation in the proxy backend.

  • CVE-2016-9915MedDec 29, 2016
    risk 0.42cvss 6.5epss 0.00

    Memory leak in hw/9pfs/9p-handle.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) by leveraging a missing cleanup operation in the handle backend.

  • CVE-2016-9914MedDec 29, 2016
    risk 0.42cvss 6.5epss 0.00

    Memory leak in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) by leveraging a missing cleanup operation in FileOperations.

  • CVE-2016-9921MedDec 23, 2016
    risk 0.42cvss 6.5epss 0.00

    Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to a divide by zero issue. It could occur while copying VGA data when cirrus graphics mode was set to be VGA. A privileged user inside guest could use this flaw to crash the Qemu process…

  • CVE-2016-9911MedDec 23, 2016
    risk 0.42cvss 6.5epss 0.00

    Quick Emulator (Qemu) built with the USB EHCI Emulation support is vulnerable to a memory leakage issue. It could occur while processing packet data in 'ehci_init_transfer'. A guest user/process could use this issue to leak host memory, resulting in DoS for a host.

  • CVE-2016-9907MedDec 23, 2016
    risk 0.42cvss 6.5epss 0.00

    Quick Emulator (Qemu) built with the USB redirector usb-guest support is vulnerable to a memory leakage flaw. It could occur while destroying the USB redirector in 'usbredir_handle_destroy'. A guest user/process could use this issue to leak host memory, resulting in DoS for a…

  • CVE-2016-1246HigOct 5, 2016
    risk 0.42cvss 7.5epss 0.04

    Buffer overflow in the DBD::mysql module before 4.037 for Perl allows context-dependent attackers to cause a denial of service (crash) via vectors related to an error message.

  • CVE-2016-6306MedSep 26, 2016
    risk 0.42cvss 5.9epss 0.42

    The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c.

  • CVE-2016-5172MedSep 25, 2016
    risk 0.42cvss 6.5epss 0.02

    The parser in Google V8, as used in Google Chrome before 53.0.2785.113, mishandles scopes, which allows remote attackers to obtain sensitive information from arbitrary memory locations via crafted JavaScript code.

  • CVE-2016-6161MedAug 12, 2016
    risk 0.42cvss 6.5epss 0.03

    The output function in gd_gif_out.c in the GD Graphics Library (aka libgd) allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image.

  • CVE-2016-2822MedJun 13, 2016
    risk 0.42cvss 6.5epss 0.02

    Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to spoof the address bar via a SELECT element with a persistent menu.

  • CVE-2016-1702MedJun 5, 2016
    risk 0.42cvss 6.5epss 0.01

    The SkRegion::readFromMemory function in core/SkRegion.cpp in Skia, as used in Google Chrome before 51.0.2704.79, does not validate the interval count, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted serialized data.

  • CVE-2016-1699MedJun 5, 2016
    risk 0.42cvss 6.5epss 0.01

    WebKit/Source/devtools/front_end/devtools.js in the Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 51.0.2704.79, does not ensure that the remoteFrontendUrl parameter is associated with a chrome-devtools-frontend.appspot.com URL, which allows…

  • CVE-2016-1698MedJun 5, 2016
    risk 0.42cvss 6.5epss 0.01

    The createCustomType function in extensions/renderer/resources/binding.js in the extension bindings in Google Chrome before 51.0.2704.79 does not validate module types, which might allow attackers to load arbitrary modules or obtain sensitive information by leveraging a poisoned…

  • CVE-2016-1689MedJun 5, 2016
    risk 0.42cvss 6.5epss 0.01

    Heap-based buffer overflow in content/renderer/media/canvas_capture_handler.cc in Google Chrome before 51.0.2704.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site.

  • CVE-2016-1688MedJun 5, 2016
    risk 0.42cvss 6.5epss 0.02

    The regexp (aka regular expression) implementation in Google V8 before 5.0.71.40, as used in Google Chrome before 51.0.2704.63, mishandles external string sizes, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted JavaScript code.

  • CVE-2016-1687MedJun 5, 2016
    risk 0.42cvss 6.5epss 0.01

    The renderer implementation in Google Chrome before 51.0.2704.63 does not properly restrict public exposure of classes, which allows remote attackers to obtain sensitive information via vectors related to extensions.

  • CVE-2016-1686MedJun 5, 2016
    risk 0.42cvss 6.5epss 0.01

    The CPDF_DIBSource::CreateDecoder function in core/fpdfapi/fpdf_render/fpdf_render_loadimage.cpp in PDFium, as used in Google Chrome before 51.0.2704.63, mishandles decoder-initialization failure, which allows remote attackers to cause a denial of service (out-of-bounds read)…

Page 25 of 68