Search CVE reports
2181 – 2190 of 26183 results
LibVNCServer versions 0.9.15 and prior (fixed in commit 009008e) contain a heap out-of-bounds read vulnerability in the UltraZip encoding handler that allows a malicious VNC server to cause information disclosure or application...
6 affected packages
libvncserver, vino, x11vnc, veyon, italc, tightvnc
| Package | 26.04 LTS |
|---|---|
| libvncserver | Needs evaluation |
| vino | Not in release |
| x11vnc | Needs evaluation |
| veyon | Needs evaluation |
| italc | Not in release |
| tightvnc | Needs evaluation |
A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile function by providing a specially crafted TIFF file. This flaw can lead to an...
5 affected packages
tiff, qtwebengine-opensource-src, texmaker, gdal, neuron
| Package | 26.04 LTS |
|---|---|
| tiff | Needs evaluation |
| qtwebengine-opensource-src | Needs evaluation |
| texmaker | Not affected |
| gdal | Not affected |
| neuron | Not affected |
ipmi-oem in FreeIPMI before 1.16.17 has exploitable buffer overflows on response messages. The Intelligent Platform Management Interface (IPMI) specification defines a set of interfaces for platform management. It is implemented...
1 affected package
freeipmi
| Package | 26.04 LTS |
|---|---|
| freeipmi | Needs evaluation |
NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module module, which might allow an attacker to trigger a buffer over-read or over-write to the NGINX worker memory resulting in its termination or possibly...
1 affected package
nginx
| Package | 26.04 LTS |
|---|---|
| nginx | Not affected |
NGINX Plus and NGINX Open Source have a vulnerability in the ngx_stream_ssl_module module due to the improper handling of revoked certificates when configured with the ssl_verify_client on and ssl_ocsp on directives, allowing the...
1 affected package
nginx
| Package | 26.04 LTS |
|---|---|
| nginx | Not affected |
NGINX Plus and NGINX Open Source have a vulnerability in the ngx_mail_smtp_module module due to the improper handling of CRLF sequences in DNS responses. This allows an attacker-controlled DNS server to inject arbitrary headers...
1 affected package
nginx
| Package | 26.04 LTS |
|---|---|
| nginx | Not affected |
The 32-bit implementation of NGINX Open Source has a vulnerability in the ngx_http_mp4_module module, which might allow an attacker to over-read or over-write NGINX worker memory resulting in its termination, using a specially...
1 affected package
nginx
| Package | 26.04 LTS |
|---|---|
| nginx | Not affected |
NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_dav_module module that might allow an attacker to trigger a buffer overflow to the NGINX worker process; this vulnerability may result in termination of the...
1 affected package
nginx
| Package | 26.04 LTS |
|---|---|
| nginx | Not affected |
When the ngx_mail_auth_http_module module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate. This issue may occur when (1) CRAM-MD5 or APOP authentication is enabled, and...
1 affected package
nginx
| Package | 26.04 LTS |
|---|---|
| nginx | Not affected |
Memory safety bugs present in Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This...
9 affected packages
firefox, thunderbird, mozjs38, mozjs52, mozjs68...
| Package | 26.04 LTS |
|---|---|
| firefox | Not affected |
| thunderbird | Not affected |
| mozjs38 | Not in release |
| mozjs52 | Not in release |
| mozjs68 | Not in release |
| mozjs78 | Not in release |
| mozjs91 | Not in release |
| mozjs102 | Not in release |
| mozjs115 | Not in release |