Search CVE reports
1081 – 1090 of 43343 results
Zabbix Agent 2 Docker plugin does not properly sanitize the 'docker.container_info' parameters when forwarding them to the Docker daemon. An attacker capable of invoking Agent 2 can read arbitrary files from running Docker...
1 affected package
zabbix
| Package | 18.04 LTS |
|---|---|
| zabbix | Needs evaluation |
A low privilege Zabbix user with API access can exploit a blind SQL injection vulnerability in include/classes/api/CApiService.php to execute arbitrary SQL selects via the sortfield parameter. Although query results are not...
1 affected package
zabbix
| Package | 18.04 LTS |
|---|---|
| zabbix | Needs evaluation |
Host and event action script input is validated with a regex (set by the administrator), but the validation runs in multiline mode. If ^ and $ anchors are used in user input validation, an injected newline lets authenticated users...
1 affected package
zabbix
| Package | 18.04 LTS |
|---|---|
| zabbix | Needs evaluation |
For performance reasons Zabbix Server/Proxy reuses JavaScript (Duktape) contexts (used in script items, JavaScript reprocessing, Webhooks). This can lead to confidentiality loss where a regular (non-super) Zabbix administrator...
1 affected package
zabbix
| Package | 18.04 LTS |
|---|---|
| zabbix | Needs evaluation |
LibVNCServer versions 0.9.15 and prior (fixed in commit dc78dee) contain null pointer dereference vulnerabilities in the HTTP proxy handlers within httpProcessInput() in httpd.c that allow remote attackers to cause a denial of...
6 affected packages
libvncserver, vino, x11vnc, veyon, italc, tightvnc
| Package | 18.04 LTS |
|---|---|
| libvncserver | Needs evaluation |
| vino | Needs evaluation |
| x11vnc | Needs evaluation |
| veyon | — |
| italc | Needs evaluation |
| tightvnc | Needs evaluation |
LibVNCServer versions 0.9.15 and prior (fixed in commit 009008e) contain a heap out-of-bounds read vulnerability in the UltraZip encoding handler that allows a malicious VNC server to cause information disclosure or application...
6 affected packages
libvncserver, vino, x11vnc, veyon, italc, tightvnc
| Package | 18.04 LTS |
|---|---|
| libvncserver | Needs evaluation |
| vino | Needs evaluation |
| x11vnc | Needs evaluation |
| veyon | — |
| italc | Needs evaluation |
| tightvnc | Needs evaluation |
A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile function by providing a specially crafted TIFF file. This flaw can lead to an...
5 affected packages
tiff, qtwebengine-opensource-src, texmaker, gdal, neuron
| Package | 18.04 LTS |
|---|---|
| tiff | Needs evaluation |
| qtwebengine-opensource-src | Needs evaluation |
| texmaker | Needs evaluation |
| gdal | Not affected |
| neuron | Needs evaluation |
ipmi-oem in FreeIPMI before 1.16.17 has exploitable buffer overflows on response messages. The Intelligent Platform Management Interface (IPMI) specification defines a set of interfaces for platform management. It is implemented...
1 affected package
freeipmi
| Package | 18.04 LTS |
|---|---|
| freeipmi | Needs evaluation |
NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module module, which might allow an attacker to trigger a buffer over-read or over-write to the NGINX worker memory resulting in its termination or possibly...
1 affected package
nginx
| Package | 18.04 LTS |
|---|---|
| nginx | Needs evaluation |
NGINX Plus and NGINX Open Source have a vulnerability in the ngx_stream_ssl_module module due to the improper handling of revoked certificates when configured with the ssl_verify_client on and ssl_ocsp on directives, allowing the...
1 affected package
nginx
| Package | 18.04 LTS |
|---|---|
| nginx | Not affected |