VYPR

Vendor CVEs

Debian

All CVEs

3,338 total · sorted by risk
  • CVE-2015-0564Jan 10, 2015
    risk 0.00cvss epss 0.03

    Buffer underflow in the ssl_decrypt_record function in epan/dissectors/packet-ssl-utils.c in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allows remote attackers to cause a denial of service (application crash) via a crafted packet that is improperly handled during…

  • CVE-2014-9585Jan 9, 2015
    risk 0.00cvss epss 0.01

    The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD.

  • CVE-2014-9584Jan 9, 2015
    risk 0.00cvss epss 0.00

    The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted iso9660…

  • CVE-2014-9529Jan 9, 2015
    risk 0.00cvss epss 0.00

    Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service (memory corruption or panic) or possibly have unspecified other impact via keyctl commands that trigger access to a key…

  • CVE-2014-9272Jan 9, 2015
    risk 0.00cvss epss 0.02

    The string_insert_href function in MantisBT 1.2.0a1 through 1.2.x before 1.2.18 does not properly validate the URL protocol, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the javascript:// protocol.

  • CVE-2014-9269Jan 9, 2015
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in helper_api.php in MantisBT 1.1.0a1 through 1.2.x before 1.2.18, when Extended project browser is enabled, allows remote attackers to inject arbitrary web script or HTML via the project cookie.

  • CVE-2012-6684Jan 8, 2015
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the RedCloth library 4.2.9 for Ruby and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript: URI.

  • CVE-2014-9221Jan 7, 2015
    risk 0.00cvss epss 0.04

    strongSwan 4.5.x through 5.2.x before 5.2.1 allows remote attackers to cause a denial of service (invalid pointer dereference) via a crafted IKEv2 Key Exchange (KE) message with Diffie-Hellman (DH) group 1025.

  • CVE-2014-7209Jan 6, 2015
    risk 0.00cvss epss 0.03

    run-mailcap in the Debian mime-support package before 3.52-1+deb7u1 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename.

  • CVE-2014-8132Dec 29, 2014
    risk 0.00cvss epss 0.05

    Double free vulnerability in the ssh_packet_kexinit function in kex.c in libssh 0.5.x and 0.6.x before 0.6.4 allows remote attackers to cause a denial of service via a crafted kexinit packet.

  • CVE-2014-5353Dec 16, 2014
    risk 0.00cvss epss 0.05

    The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (daemon crash) via a successful LDAP query with…

  • CVE-2014-9323Dec 16, 2014
    risk 0.00cvss epss 0.03

    The xdr_status_vector function in Firebird before 2.1.7 and 2.5.x before 2.5.3 SU1 allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and crash) via an op_response action with a non-empty status.

  • CVE-2014-9057Dec 16, 2014
    risk 0.00cvss epss 0.02

    SQL injection vulnerability in the XML-RPC interface in Movable Type before 5.18, 5.2.x before 5.2.11, and 6.x before 6.0.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2014-6053Dec 15, 2014
    risk 0.00cvss epss 0.08

    The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier does not properly handle attempts to send a large amount of ClientCutText data, which allows remote attackers to cause a denial of service (memory consumption or daemon…

  • CVE-2014-6052Dec 15, 2014
    risk 0.00cvss epss 0.07

    The HandleRFBServerMessage function in libvncclient/rfbproto.c in LibVNCServer 0.9.9 and earlier does not check certain malloc return values, which allows remote VNC servers to cause a denial of service (application crash) or possibly execute arbitrary code by specifying a large…

  • CVE-2014-8102Dec 10, 2014
    risk 0.00cvss epss 0.04

    The SProcXFixesSelectSelectionInput function in the XFixes extension in X.Org X Window System (aka X11 or X) X11R6.8.0 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or…

  • CVE-2014-8098Dec 10, 2014
    risk 0.00cvss epss 0.05

    The GLX extension in XFree86 4.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a…

  • CVE-2014-8096Dec 10, 2014
    risk 0.00cvss epss 0.05

    The SProcXCMiscGetXIDList function in the XC-MISC extension in X.Org X Window System (aka X11 or X) X11R6.0 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly…

  • CVE-2014-8095Dec 10, 2014
    risk 0.00cvss epss 0.04

    The XInput extension in X.Org X Window System (aka X11 or X) X11R4 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or…

  • CVE-2014-8094Dec 10, 2014
    risk 0.00cvss epss 0.04

    Integer overflow in the ProcDRI2GetBuffers function in the DRI2 extension in X.Org Server (aka xserver and xorg-server) 1.7.0 through 1.16.x before 1.16.3 allows remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted…

  • CVE-2014-9274Dec 9, 2014
    risk 0.00cvss epss 0.06

    UnRTF allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code as demonstrated by a file containing the string "{\cb-999999999".

  • CVE-2014-9273Dec 8, 2014
    risk 0.00cvss epss 0.01

    lib/handle.c in Hivex before 1.3.11 allows local users to execute arbitrary code and gain privileges via a small hive files, which triggers an out-of-bounds read or write.

  • CVE-2014-3616Dec 8, 2014
    risk 0.00cvss epss 0.06

    nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct "virtual host confusion" attacks.

  • CVE-2014-8990Dec 5, 2014
    risk 0.00cvss epss 0.05

    default-rsyncssh.lua in Lsyncd 2.1.5 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a filename.

  • CVE-2012-6656Dec 5, 2014
    risk 0.00cvss epss 0.03

    iconvdata/ibm930.c in GNU C Library (aka glibc) before 2.16 allows context-dependent attackers to cause a denial of service (out-of-bounds read) via a multibyte character value of "0xffff" to the iconv function when converting IBM930 encoded data to UTF-8.

  • CVE-2014-9157Dec 3, 2014
    risk 0.00cvss epss 0.06

    Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vectors, which are not properly handled in an error string.

  • CVE-2014-8104Dec 3, 2014
    risk 0.00cvss epss 0.03

    OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via a small control channel packet.

  • CVE-2014-9087Dec 1, 2014
    risk 0.00cvss epss 0.05

    Integer underflow in the ksba_oid_to_str function in Libksba before 1.3.2, as used in GnuPG, allows remote attackers to cause a denial of service (crash) via a crafted OID in a (1) S/MIME message or (2) ECC based OpenPGP data, which triggers a buffer overflow.

  • CVE-2014-8867Dec 1, 2014
    risk 0.00cvss epss 0.00

    The acceleration support for the "REP MOVS" instruction in Xen 4.4.x, 3.2.x, and earlier lacks properly bounds checking for memory mapped I/O (MMIO) emulated in the hypervisor, which allows local HVM guests to cause a denial of service (host crash) via unspecified vectors.

  • CVE-2014-8866Dec 1, 2014
    risk 0.00cvss epss 0.00

    The compatibility mode hypercall argument translation in Xen 3.3.x through 4.4.x, when running on a 64-bit hypervisor, allows local 32-bit HVM guests to cause a denial of service (host crash) via vectors involving altering the high halves of registers while in 64-bit mode.

  • CVE-2014-9089Nov 28, 2014
    risk 0.00cvss epss 0.02

    Multiple SQL injection vulnerabilities in view_all_bug_page.php in MantisBT before 1.2.18 allow remote attackers to execute arbitrary SQL commands via the (1) sort or (2) dir parameter to view_all_set.php.

  • CVE-2014-9093Nov 26, 2014
    risk 0.00cvss epss 0.04

    LibreOffice before 4.3.5 allows remote attackers to cause a denial of service (invalid write operation and crash) and possibly execute arbitrary code via a crafted RTF file.

  • CVE-2014-9039Nov 25, 2014
    risk 0.00cvss epss 0.02

    wp-login.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to reset passwords by leveraging access to an e-mail account that received a password-reset message.

  • CVE-2014-9037Nov 25, 2014
    risk 0.00cvss epss 0.03

    WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to obtain access to an account idle since 2008 by leveraging an improper PHP dynamic type comparison for an MD5 hash.

  • CVE-2014-9036Nov 25, 2014
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted Cascading Style Sheets (CSS) token sequence in a post.

  • CVE-2014-9035Nov 25, 2014
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in Press This in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2014-9030Nov 24, 2014
    risk 0.00cvss epss 0.02

    The do_mmu_update function in arch/x86/mm.c in Xen 3.2.x through 4.4.x does not properly manage page references, which allows remote domains to cause a denial of service by leveraging control over an HVM guest and a crafted MMU_MACHPHYS_UPDATE.

  • CVE-2014-9015Nov 24, 2014
    risk 0.00cvss epss 0.02

    Drupal 6.x before 6.34 and 7.x before 7.34 allows remote attackers to hijack sessions via a crafted request, as demonstrated by a crafted request to a server that supports both HTTP and HTTPS sessions.

  • CVE-2014-7817Nov 24, 2014
    risk 0.00cvss epss 0.01

    The wordexp function in GNU C Library (aka glibc) 2.21 does not enforce the WRDE_NOCMD flag, which allows context-dependent attackers to execute arbitrary commands, as demonstrated by input containing "$((`...`))".

  • CVE-2014-8595Nov 19, 2014
    risk 0.00cvss epss 0.00

    arch/x86/x86_emulate/x86_emulate.c in Xen 3.2.1 through 4.4.x does not properly check privileges, which allows local HVM guest users to gain privileges or cause a denial of service (crash) via a crafted (1) CALL, (2) JMP, (3) RETF, (4) LCALL, (5) LJMP, or (6) LRET far branch…

  • CVE-2014-8594Nov 19, 2014
    risk 0.00cvss epss 0.02

    The do_mmu_update function in arch/x86/mm.c in Xen 4.x through 4.4.x does not properly restrict updates to only PV page tables, which allows remote PV guests to cause a denial of service (NULL pointer dereference) by leveraging hardware emulation services for HVM guests using…

  • CVE-2014-7824Nov 18, 2014
    risk 0.00cvss epss 0.01

    D-Bus 1.3.0 through 1.6.x before 1.6.26, 1.8.x before 1.8.10, and 1.9.x before 1.9.2 allows local users to cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors. NOTE: this vulnerability exists because of…

  • CVE-2014-4975Nov 15, 2014
    risk 0.00cvss epss 0.04

    Off-by-one error in the encodes function in pack.c in Ruby 1.9.3 and earlier, and 2.x through 2.1.2, when using certain format string specifiers, allows context-dependent attackers to cause a denial of service (segmentation fault) via vectors that trigger a stack-based buffer…

  • CVE-2014-3707Nov 15, 2014
    risk 0.00cvss epss 0.05

    The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPT_COPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds read that allows remote web servers to read sensitive memory…

  • CVE-2014-7815Nov 14, 2014
    risk 0.00cvss epss 0.04

    The set_pixel_format function in ui/vnc.c in QEMU allows remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value.

  • CVE-2014-3689Nov 14, 2014
    risk 0.00cvss epss 0.00

    The vmware-vga driver (hw/display/vmware_vga.c) in QEMU allows local guest users to write to qemu memory locations and gain privileges via unspecified parameters related to rectangle handling.

  • CVE-2014-3640Nov 7, 2014
    risk 0.00cvss epss 0.00

    The sosendto function in slirp/udp.c in QEMU before 2.1.2 allows local users to cause a denial of service (NULL pointer dereference) by sending a udp packet with a value of 0 in the source port and address, which triggers access of an uninitialized socket.

  • CVE-2014-8483Nov 6, 2014
    risk 0.00cvss epss 0.04

    The blowfishECB function in core/cipher.cpp in Quassel IRC 0.10.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a malformed string.

  • CVE-2014-8542Nov 5, 2014
    risk 0.00cvss epss 0.02

    libavcodec/utils.c in FFmpeg before 2.4.2 omits a certain codec ID during enforcement of alignment, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted JV data.

  • CVE-2014-3710Nov 5, 2014
    risk 0.00cvss epss 0.14

    The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted…

Page 51 of 67