Search CVE reports
2831 – 2840 of 26567 results
libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content.
23 affected packages
expat, apache2, apr-util, cmake, ghostscript...
| Package | 26.04 LTS |
|---|---|
| expat | Needs evaluation |
| apache2 | Not affected |
| apr-util | Not affected |
| cmake | Not affected |
| ghostscript | Not affected |
| texlive-bin | Not affected |
| xmlrpc-c | Needs evaluation |
| vnc4 | Not in release |
| wbxml2 | Needs evaluation |
| swish-e | Needs evaluation |
| insighttoolkit4 | Not in release |
| cadaver | Needs evaluation |
| gdcm | Not affected |
| ayttm | Not in release |
| cableswig | Not in release |
| coin3 | Not affected |
| matanza | Ignored |
| tdom | Needs evaluation |
| vtk | Not in release |
| smart | Not in release |
| firefox | Not affected |
| thunderbird | Not affected |
| libxmltok | Not in release |
libexif through 0.6.25 has a flaw in decoding MakerNotes. If the exif_mnote_data_get_value function gets passed in a 0 size, the passed in-buffer would be overwritten due to an integer underflow.
1 affected package
libexif
| Package | 26.04 LTS |
|---|---|
| libexif | Needs evaluation |
telnet in GNU inetutils through 2.7 allows servers to read arbitrary environment variables from clients via NEW_ENVIRON SEND USERVAR.
1 affected package
inetutils
| Package | 26.04 LTS |
|---|---|
| inetutils | Needs evaluation |
SimpleEval is a library for adding evaluatable expressions into python projects. Prior to 1.0.5, objects (including modules) can leak dangerous modules through to direct access inside the sandbox. If the objects you've passed in...
1 affected package
simpleeval
| Package | 26.04 LTS |
|---|---|
| simpleeval | Needs evaluation |
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-next.3, 21.2.4, 20.3.18, and 19.2.20, a Cross-Site Scripting (XSS) vulnerability...
1 affected package
angular.js
| Package | 26.04 LTS |
|---|---|
| angular.js | Needs evaluation |
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.37.2, when a cpp-httplib client is configured with a proxy and set_follow_location(true), any HTTPS redirect it follows will have TLS...
1 affected package
cpp-httplib
| Package | 26.04 LTS |
|---|---|
| cpp-httplib | Needs evaluation |
Yamux is a stream multiplexer over reliable, ordered connections such as TCP/IP. Prior to 0.13.10, the Rust implementation of Yamux can panic when processing a crafted inbound Data frame that sets SYN and uses a body length...
1 affected package
rust-yamux
| Package | 26.04 LTS |
|---|---|
| rust-yamux | Needs evaluation |
GStreamer H.266 Codec Parser Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is...
1 affected package
gst-plugins-bad1.0
| Package | 26.04 LTS |
|---|---|
| gst-plugins-bad1.0 | Not affected |
GStreamer rtpqdm2depay Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is...
1 affected package
gst-plugins-good1.0
| Package | 26.04 LTS |
|---|---|
| gst-plugins-good1.0 | Not affected |
GStreamer H.266 Codec Parser Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is...
1 affected package
gst-plugins-bad1.0
| Package | 26.04 LTS |
|---|---|
| gst-plugins-bad1.0 | Not affected |