Search CVE reports
1681 – 1690 of 42871 results
tcpflow is a TCP/IP packet demultiplexer. In versions up to and including 1.61, wifipcap parses 802.11 management frame elements and performs a length check on the wrong field when handling the TIM element. A crafted frame with a...
1 affected package
tcpflow
| Package | 18.04 LTS |
|---|---|
| tcpflow | Needs evaluation |
alsa-lib versions 1.2.2 up to and including 1.2.15.2, prior to commit 5f7fe33, contain a heap-based buffer overflow in the topology mixer control decoder. The tplg_decode_control_mixer1() function reads the num_channels field from...
1 affected package
alsa-lib
| Package | 18.04 LTS |
|---|---|
| alsa-lib | Not affected |
Icinga 2 is an open source monitoring system. Starting in version 2.3.0 and prior to versions 2.13.14, 2.14.8, and 2.15.2, the Icinga 2 MSI did not set appropriate permissions for the `%ProgramData%\icinga2\var` folder on Windows....
1 affected package
icinga2
| Package | 18.04 LTS |
|---|---|
| icinga2 | Needs evaluation |
A HTML injection vulnerability exists in the file upload functionality of Cacti <= 1.2.29. When a file with an invalid format is uploaded, the application reflects the submitted filename back into an error popup without proper...
1 affected package
cacti
| Package | 18.04 LTS |
|---|---|
| cacti | Needs evaluation |
Gnome Fonts Viewer 3.34.0 contains a heap corruption vulnerability that allows attackers to trigger an out-of-bounds write by crafting a malicious TTF font file. Attackers can generate a specially crafted TTF file with...
1 affected package
gnome-font-viewer
| Package | 18.04 LTS |
|---|---|
| gnome-font-viewer | Vulnerable |
Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial (hg) installed, downloading modules from non-standard sources (e.g., custom domains) can cause unexpected...
16 affected packages
golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...
| Package | 18.04 LTS |
|---|---|
| golang | — |
| golang-1.6 | — |
| golang-1.8 | Needs evaluation |
| golang-1.9 | Needs evaluation |
| golang-1.10 | Needs evaluation |
| golang-1.13 | Needs evaluation |
| golang-1.14 | — |
| golang-1.16 | Needs evaluation |
| golang-1.17 | — |
| golang-1.18 | Needs evaluation |
| golang-1.20 | — |
| golang-1.21 | — |
| golang-1.22 | — |
| golang-1.23 | — |
| golang-1.24 | — |
| golang-1.25 | — |
Building a malicious file with cmd/go can cause can cause a write to an attacker-controlled file with partial control of the file content. The "#cgo pkg-config:" directive in a Go source file provides command-line arguments to...
16 affected packages
golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...
| Package | 18.04 LTS |
|---|---|
| golang | — |
| golang-1.6 | — |
| golang-1.8 | Needs evaluation |
| golang-1.9 | Needs evaluation |
| golang-1.10 | Needs evaluation |
| golang-1.13 | Needs evaluation |
| golang-1.14 | — |
| golang-1.16 | Needs evaluation |
| golang-1.17 | — |
| golang-1.18 | Needs evaluation |
| golang-1.20 | — |
| golang-1.21 | — |
| golang-1.22 | — |
| golang-1.23 | — |
| golang-1.24 | — |
| golang-1.25 | — |
During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the...
16 affected packages
golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...
| Package | 18.04 LTS |
|---|---|
| golang | — |
| golang-1.6 | — |
| golang-1.8 | Needs evaluation |
| golang-1.9 | Needs evaluation |
| golang-1.10 | Needs evaluation |
| golang-1.13 | Needs evaluation |
| golang-1.14 | — |
| golang-1.16 | Needs evaluation |
| golang-1.17 | — |
| golang-1.18 | Needs evaluation |
| golang-1.20 | — |
| golang-1.21 | — |
| golang-1.22 | — |
| golang-1.23 | — |
| golang-1.24 | — |
| golang-1.25 | — |
archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive.
16 affected packages
golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...
| Package | 18.04 LTS |
|---|---|
| golang | — |
| golang-1.6 | — |
| golang-1.8 | Needs evaluation |
| golang-1.9 | Needs evaluation |
| golang-1.10 | Needs evaluation |
| golang-1.13 | Needs evaluation |
| golang-1.14 | — |
| golang-1.16 | Needs evaluation |
| golang-1.17 | — |
| golang-1.18 | Needs evaluation |
| golang-1.20 | — |
| golang-1.21 | — |
| golang-1.22 | — |
| golang-1.23 | — |
| golang-1.24 | — |
| golang-1.25 | — |
The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the...
16 affected packages
golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...
| Package | 18.04 LTS |
|---|---|
| golang | — |
| golang-1.6 | — |
| golang-1.8 | Needs evaluation |
| golang-1.9 | Needs evaluation |
| golang-1.10 | Needs evaluation |
| golang-1.13 | Needs evaluation |
| golang-1.14 | — |
| golang-1.16 | Needs evaluation |
| golang-1.17 | — |
| golang-1.18 | Needs evaluation |
| golang-1.20 | — |
| golang-1.21 | — |
| golang-1.22 | — |
| golang-1.23 | — |
| golang-1.24 | — |
| golang-1.25 | — |