Search CVE reports
1061 – 1070 of 37797 results
YAML::Syck versions through 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter. The heap overflow occurs when class names exceed the initial...
1 affected package
libyaml-syck-perl
| Package | 22.04 LTS |
|---|---|
| libyaml-syck-perl | Needs evaluation |
Not in release
A DTrace component, dtprobed, allows arbitrary file creation through crafted USDT provider names.
1 affected package
dtrace
| Package | 22.04 LTS |
|---|---|
| dtrace | Not in release |
Out-of-bounds read in FFmpeg 8.0 and 8.0.1 RV60 video decoder (libavcodec/rv60dec.c). The quantization parameter (qp) validation at line 2267 only checks the lower bound (qp < 0) but is missing upper bound validation. The qp value...
2 affected packages
ffmpeg, libav
| Package | 22.04 LTS |
|---|---|
| ffmpeg | Needs evaluation |
| libav | Not in release |
When an Expat parser with a registered ElementDeclHandler parses an inline document type definition containing a deeply nested content model a C stack overflow occurs.
13 affected packages
pypy3, python2.7, python3.4, python3.5, python3.6...
| Package | 22.04 LTS |
|---|---|
| pypy3 | Needs evaluation |
| python2.7 | Needs evaluation |
| python3.4 | Not in release |
| python3.5 | Not in release |
| python3.6 | Not in release |
| python3.7 | Not in release |
| python3.8 | Not in release |
| python3.9 | Not in release |
| python3.10 | Needs evaluation |
| python3.11 | Needs evaluation |
| python3.12 | Not in release |
| python3.13 | Not in release |
| python3.14 | Not in release |
The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update(), |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation....
12 affected packages
python2.7, python3.4, python3.5, python3.6, python3.7...
| Package | 22.04 LTS |
|---|---|
| python2.7 | Needs evaluation |
| python3.4 | Not in release |
| python3.5 | Not in release |
| python3.6 | Not in release |
| python3.7 | Not in release |
| python3.8 | Not in release |
| python3.9 | Not in release |
| python3.10 | Needs evaluation |
| python3.11 | Needs evaluation |
| python3.12 | Not in release |
| python3.13 | Not in release |
| python3.14 | Not in release |
Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a library-level vulnerability was identified in the Authlib Python library concerning the validation of OpenID Connect (OIDC) ID...
1 affected package
python-authlib
| Package | 22.04 LTS |
|---|---|
| python-authlib | Needs evaluation |
Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a cryptographic padding oracle vulnerability was identified in the Authlib Python library concerning the implementation of the JSON...
1 affected package
python-authlib
| Package | 22.04 LTS |
|---|---|
| python-authlib | Needs evaluation |
Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a JWK Header Injection vulnerability in authlib's JWS implementation allows an unauthenticated attacker to forge arbitrary JWT...
1 affected package
python-authlib
| Package | 22.04 LTS |
|---|---|
| python-authlib | Needs evaluation |
An issue in GoBGP gobgpd v.4.2.0 allows a remote attacker to cause a denial of service via the NEXT_HOP path attribute
1 affected package
gobgp
| Package | 22.04 LTS |
|---|---|
| gobgp | Needs evaluation |
A vulnerability was found in GPAC up to 2.5-DEV-rev2167-gcc9d617c0-master. This vulnerability affects the function swf_def_bits_jpeg of the file src/scene_manager/swf_parse.c of the component MP4Box. The manipulation of the...
1 affected package
gpac
| Package | 22.04 LTS |
|---|---|
| gpac | Needs evaluation |