VYPR

Vendor CVEs

Debian

All CVEs

3,338 total · sorted by risk
  • CVE-2014-3660Nov 4, 2014
    risk 0.00cvss epss 0.04

    parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML document containing a large number of nested…

  • CVE-2014-0490Nov 3, 2014
    risk 0.00cvss epss 0.04

    The apt-get download command in APT before 1.0.9 does not properly validate signatures for packages, which allows remote attackers to execute arbitrary code via a crafted package.

  • CVE-2014-0489Nov 3, 2014
    risk 0.00cvss epss 0.04

    APT before 1.0.9, when the Acquire::GzipIndexes option is enabled, does not validate checksums, which allows remote attackers to execute arbitrary code via a crafted package.

  • CVE-2014-0488Nov 3, 2014
    risk 0.00cvss epss 0.02

    APT before 1.0.9 does not "invalidate repository data" when moving from an unauthenticated to authenticated state, which allows remote attackers to have unspecified impact via crafted repository data.

  • CVE-2014-0487Nov 3, 2014
    risk 0.00cvss epss 0.02

    APT before 1.0.9 does not verify downloaded files if they have been modified as indicated using the If-Modified-Since header, which has unspecified impact and attack vectors.

  • CVE-2014-3615Nov 1, 2014
    risk 0.00cvss epss 0.00

    The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a high resolution.

  • CVE-2014-3694Oct 29, 2014
    risk 0.00cvss epss 0.02

    The (1) bundled GnuTLS SSL/TLS plugin and the (2) bundled OpenSSL SSL/TLS plugin in libpurple in Pidgin before 2.10.10 do not properly consider the Basic Constraints extension during verification of X.509 certificates from SSL servers, which allows man-in-the-middle attackers to…

  • CVE-2014-5026Oct 20, 2014
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote authenticated users with console access to inject arbitrary web script or HTML via a (1) Graph Tree Title in a delete or (2) edit action; (3) CDEF Name, (4) Data Input Method Name, or (5) Host…

  • CVE-2014-5025Oct 20, 2014
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in data_sources.php in Cacti 0.8.8b allows remote authenticated users with console access to inject arbitrary web script or HTML via the name_cache parameter in a ds_edit action.

  • CVE-2014-3564Oct 20, 2014
    risk 0.00cvss epss 0.04

    Multiple heap-based buffer overflows in the status_handler function in (1) engine-gpgsm.c and (2) engine-uiserver.c in GPGME before 1.5.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to "different line…

  • CVE-2014-3686Oct 16, 2014
    risk 0.00cvss epss 0.05

    wpa_supplicant and hostapd 0.7.2 through 2.2, when running with certain configurations and using wpa_cli or hostapd_cli with action scripts, allows remote attackers to execute arbitrary commands via a crafted frame.

  • CVE-2014-7206Oct 15, 2014
    risk 0.00cvss epss 0.00

    The changelog command in Apt before 1.0.9.2 allows local users to write to arbitrary files via a symlink attack on the changelog file.

  • CVE-2014-1829Oct 15, 2014
    risk 0.00cvss epss 0.02

    Requests (aka python-requests) before 2.3.0 allows remote servers to obtain a netrc password by reading the Authorization header in a redirected request.

  • CVE-2014-5270Oct 10, 2014
    risk 0.00cvss epss 0.01

    Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext randomization, which makes it easier for physically proximate attackers to conduct key-extraction attacks by leveraging the ability to collect voltage…

  • CVE-2014-7204Oct 7, 2014
    risk 0.00cvss epss 0.04

    jscript.c in Exuberant Ctags 5.8 allows remote attackers to cause a denial of service (infinite loop and CPU and disk consumption) via a crafted JavaScript file.

  • CVE-2014-4510Oct 6, 2014
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in job.cc in apt-cacher-ng 0.7.26 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

  • CVE-2014-6054Oct 6, 2014
    risk 0.00cvss epss 0.06

    The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier allows remote attackers to cause a denial of service (divide-by-zero error and server crash) via a zero value in the scaling factor in a (1) PalmVNCSetScaleFactor or (2)…

  • CVE-2014-7155Oct 2, 2014
    risk 0.00cvss epss 0.01

    The x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen 4.4.x and earlier does not properly check supervisor mode permissions, which allows local HVM users to cause a denial of service (guest crash) or gain guest kernel mode privileges via vectors involving an (1)…

  • CVE-2014-7154Oct 2, 2014
    risk 0.00cvss epss 0.01

    Race condition in HVMOP_track_dirty_vram in Xen 4.0.0 through 4.4.x does not ensure possession of the guarding lock for dirty video RAM tracking, which allows certain local guest domains to cause a denial of service via unspecified vectors.

  • CVE-2014-6055Sep 30, 2014
    risk 0.00cvss epss 0.08

    Multiple stack-based buffer overflows in the File Transfer feature in rfbserver.c in LibVNCServer 0.9.9 and earlier allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a (1) long file or (2) directory name or the (3)…

  • CVE-2014-6051Sep 30, 2014
    risk 0.00cvss epss 0.08

    Integer overflow in the MallocFrameBuffer function in vncviewer.c in LibVNCServer 0.9.9 and earlier allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via an advertisement for a large screen size, which triggers a heap-based buffer…

  • CVE-2014-6273Sep 30, 2014
    risk 0.00cvss epss 0.02

    Buffer overflow in the HTTP transport code in apt-get in APT 1.0.1 and earlier allows man-in-the-middle attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted URL.

  • CVE-2014-0484Sep 22, 2014
    risk 0.00cvss epss 0.00

    The Debian acpi-support package before 0.140-5+deb7u3 allows local users to gain privileges via vectors related to the "user's environment."

  • CVE-2014-3169Aug 27, 2014
    risk 0.00cvss epss 0.03

    Use-after-free vulnerability in core/dom/ContainerNode.cpp in the DOM implementation in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging script execution that occurs…

  • CVE-2014-3168Aug 27, 2014
    risk 0.00cvss epss 0.02

    Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper caching associated with animation.

  • CVE-2014-0481Aug 26, 2014
    risk 0.00cvss epss 0.02

    The default configuration for the file upload handling system in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 uses a sequential file name generation process when a file with a conflicting name is uploaded, which allows remote…

  • CVE-2014-3589Aug 25, 2014
    risk 0.00cvss epss 0.04

    PIL/IcnsImagePlugin.py in Python Imaging Library (PIL) and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted block size.

  • CVE-2014-5033Aug 19, 2014
    risk 0.00cvss epss 0.00

    KDE kdelibs before 4.14 and kauth before 5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2)…

  • CVE-2014-5266Aug 18, 2014
    risk 0.00cvss epss 0.24

    The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, does not limit the number of elements in an XML document, which allows remote attackers to cause a denial of service (CPU consumption) via a large document, a…

  • CVE-2014-5265Aug 18, 2014
    risk 0.00cvss epss 0.03

    The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, permits entity declarations without considering recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU…

  • CVE-2014-5240Aug 18, 2014
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in wp-includes/pluggable.php in WordPress before 3.9.2, when Multisite is enabled, allows remote authenticated administrators to inject arbitrary web script or HTML, and obtain Super Admin privileges, via a crafted avatar URL.

  • CVE-2014-5204Aug 18, 2014
    risk 0.00cvss epss 0.02

    wp-includes/pluggable.php in WordPress before 3.9.2 rejects invalid CSRF nonces with a different timing depending on which characters in the nonce are incorrect, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force attack.

  • CVE-2014-4344Aug 14, 2014
    risk 0.00cvss epss 0.07

    The acc_ctx_cont function in the SPNEGO acceptor in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty continuation…

  • CVE-2014-4343Aug 14, 2014
    risk 0.00cvss epss 0.06

    Double free vulnerability in the init_ctx_reselect function in the SPNEGO initiator in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.10.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (memory corruption) or possibly execute…

  • CVE-2014-3167Aug 13, 2014
    risk 0.00cvss epss 0.01

    Multiple unspecified vulnerabilities in Google Chrome before 36.0.1985.143 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

  • CVE-2014-3166Aug 13, 2014
    risk 0.00cvss epss 0.01

    The Public Key Pinning (PKP) implementation in Google Chrome before 36.0.1985.143 on Windows, OS X, and Linux, and before 36.0.1985.135 on Android, does not correctly consider the properties of SPDY connections, which allows remote attackers to obtain sensitive information by…

  • CVE-2014-3165Aug 13, 2014
    risk 0.00cvss epss 0.02

    Use-after-free vulnerability in modules/websockets/WorkerThreadableWebSocketChannel.cpp in the Web Sockets implementation in Blink, as used in Google Chrome before 36.0.1985.143, allows remote attackers to cause a denial of service or possibly have unspecified other impact via…

  • CVE-2014-0479Aug 6, 2014
    risk 0.00cvss epss 0.03

    reportbug before 6.4.4+deb7u1 and 6.5.x before 6.5.0+nmu1 allows remote attackers to execute arbitrary commands via vectors related to compare_versions and reportbug/checkversions.py.

  • CVE-2014-3534Aug 1, 2014
    risk 0.00cvss epss 0.00

    arch/s390/kernel/ptrace.c in the Linux kernel before 3.15.8 on the s390 platform does not properly restrict address-space control operations in PTRACE_POKEUSR_AREA requests, which allows local users to obtain read and write access to kernel memory locations, and consequently…

  • CVE-2014-1557Jul 23, 2014
    risk 0.00cvss epss 0.05

    The ConvolveHorizontally function in Skia, as used in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, does not properly handle the discarding of image data during function execution, which allows remote attackers to execute arbitrary code…

  • CVE-2014-4911Jul 22, 2014
    risk 0.00cvss epss 0.02

    The ssl_decrypt_buf function in library/ssl_tls.c in PolarSSL before 1.2.11 and 1.3.x before 1.3.8 allows remote attackers to cause a denial of service (crash) via vectors related to the GCM ciphersuites, as demonstrated using the Codenomicon Defensics toolkit.

  • CVE-2014-4342Jul 20, 2014
    risk 0.00cvss epss 0.07

    MIT Kerberos 5 (aka krb5) 1.7.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read or NULL pointer dereference, and application crash) by injecting invalid tokens into a GSSAPI application session.

  • CVE-2014-4341Jul 20, 2014
    risk 0.00cvss epss 0.07

    MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) by injecting invalid tokens into a GSSAPI application session.

  • CVE-2014-3162Jul 20, 2014
    risk 0.00cvss epss 0.01

    Multiple unspecified vulnerabilities in Google Chrome before 36.0.1985.125 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

  • CVE-2014-3160Jul 20, 2014
    risk 0.00cvss epss 0.01

    The ResourceFetcher::canRequest function in core/fetch/ResourceFetcher.cpp in Blink, as used in Google Chrome before 36.0.1985.125, does not properly restrict subresource requests associated with SVG files, which allows remote attackers to bypass the Same Origin Policy via a…

  • CVE-2014-4943Jul 19, 2014
    risk 0.00cvss epss 0.02

    The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket.

  • CVE-2014-3533Jul 19, 2014
    risk 0.00cvss epss 0.00

    dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service (disconnect) via a certain sequence of crafted messages that cause the dbus-daemon to forward a message containing an invalid file descriptor.

  • CVE-2014-3532Jul 19, 2014
    risk 0.00cvss epss 0.00

    dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux 2.6.37-rc4 or later, allows local users to cause a denial of service (system-bus disconnect of other services or applications) by sending a message containing a file descriptor, then exceeding the maximum…

  • CVE-2014-4260Jul 17, 2014
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier, and 5.6.17 and earlier, allows remote authenticated users to affect integrity and availability via vectors related to SRCHAR.

  • CVE-2014-4258Jul 17, 2014
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRINFOSC.

Page 52 of 67