Search CVE reports
81 – 90 of 47206 results
Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, user supplied/control values for Cookies and any GET variable query Parameter are...
1 affected package
asterisk
| Package | 16.04 LTS |
|---|---|
| asterisk | Needs evaluation |
A flaw has been found in mruby up to 3.4.0. This affects the function mrb_vm_exec of the file src/vm.c of the component JMPNOT-to-JMPIF Optimization. Executing a manipulation can lead to use after free. The attack needs to be...
1 affected package
mruby
| Package | 16.04 LTS |
|---|---|
| mruby | Needs evaluation |
During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed....
16 affected packages
golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...
| Package | 16.04 LTS |
|---|---|
| golang | — |
| golang-1.6 | Needs evaluation |
| golang-1.8 | — |
| golang-1.9 | — |
| golang-1.10 | Needs evaluation |
| golang-1.13 | Needs evaluation |
| golang-1.14 | — |
| golang-1.16 | — |
| golang-1.17 | — |
| golang-1.18 | Needs evaluation |
| golang-1.20 | — |
| golang-1.21 | — |
| golang-1.22 | — |
| golang-1.23 | — |
| golang-1.24 | — |
| golang-1.25 | — |
The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.
7 affected packages
golang-golang-x-net, google-guest-agent, containerd, golang-golang-x-net-dev, adsys...
| Package | 16.04 LTS |
|---|---|
| golang-golang-x-net | — |
| google-guest-agent | Not affected |
| containerd | Not affected |
| golang-golang-x-net-dev | Needs evaluation |
| adsys | — |
| juju-core | Needs evaluation |
| lxd | Needs evaluation |
The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.
7 affected packages
golang-golang-x-net, google-guest-agent, containerd, golang-golang-x-net-dev, adsys...
| Package | 16.04 LTS |
|---|---|
| golang-golang-x-net | — |
| google-guest-agent | Not affected |
| containerd | Not affected |
| golang-golang-x-net-dev | Needs evaluation |
| adsys | — |
| juju-core | Needs evaluation |
| lxd | Needs evaluation |
Dnsmasq-utils 2.79-1 contains a buffer overflow vulnerability in the dhcp_release utility that allows attackers to cause a denial of service by supplying excessive input. Attackers can trigger a core dump and terminate the...
1 affected package
dnsmasq
| Package | 16.04 LTS |
|---|---|
| dnsmasq | Needs evaluation |
CODE::BLOCKS 16.01 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler with crafted Unicode characters. Attackers can create a malicious M3U playlist...
1 affected package
codeblocks
| Package | 16.04 LTS |
|---|---|
| codeblocks | Needs evaluation |
web2py versions 2.27.1-stable+timestamp.2023.11.16.08.03.57 and prior contain an open redirect vulnerability. If this vulnerability is exploited, the user may be redirected to an arbitrary website when accessing a specially...
1 affected package
web2py
| Package | 16.04 LTS |
|---|---|
| web2py | Needs evaluation |
[Unknown description]
1 affected package
grafana
| Package | 16.04 LTS |
|---|---|
| grafana | Needs evaluation |
GLPI is a free asset and IT management software package. In versions starting from 0.71 to before 10.0.23 and before 11.0.5, when remote authentication is used, based on SSO variables, a user can steal a GLPI session previously...
1 affected package
glpi
| Package | 16.04 LTS |
|---|---|
| glpi | Needs evaluation |