Search CVE reports
181 – 190 of 29050 results
Some fixes available 1 of 2
Vulnerability in the MySQL Server, MySQL Cluster product of Oracle MySQL (component: Server: Connection Handling). Supported versions that are affected are MySQL Server: 8.4.0-8.4.9, 9.0.0-9.7.0; MySQL Cluster: 8.0.11-8.0.46,...
11 affected packages
mysql-5.5, mysql-5.7, mysql-8.0, mysql-8.4, mariadb...
| Package | 26.04 LTS |
|---|---|
| mysql-5.5 | Not in release |
| mysql-5.7 | Not in release |
| mysql-8.0 | Not in release |
| mysql-8.4 | Fixed |
| mariadb | Needs evaluation |
| mariadb-10.0 | Not in release |
| mariadb-10.1 | Not in release |
| mariadb-10.3 | Not in release |
| mariadb-10.6 | Not in release |
| percona-xtradb-cluster-5.6 | Not in release |
| percona-server-5.6 | Not in release |
[Denial of Service via large SamplesPerPixel tag]
5 affected packages
tiff, qtwebengine-opensource-src, texmaker, gdal, neuron
| Package | 26.04 LTS |
|---|---|
| tiff | Needs evaluation |
| qtwebengine-opensource-src | Needs evaluation |
| texmaker | Not affected |
| gdal | Not affected |
| neuron | Not affected |
joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption (JOSE) standards. In versions 1.3.4 through 1.6.5, joserfc accepts oversized RFC7797 b64=false JWS payloads without applying...
1 affected package
joserfc
| Package | 26.04 LTS |
|---|---|
| joserfc | Needs evaluation |
markdown-it is a Markdown parser. Versions 14.1.1 and below contain a denial-of-service vulnerability when typographer: true is enabled, due to quadratic (O(n^2)) processing in the smartquotes rule. The issue stems from repeatedly...
1 affected package
node-markdown-it
| Package | 26.04 LTS |
|---|---|
| node-markdown-it | Needs evaluation |
PHP Standard Library (PSL) is set of APIs covering async, collections, networking, I/O, cryptography, terminal UI, etc. In versions 6.1.0, 6.1.1 and 6.2.0, the Psl\H2\ServerConnection does not validate that the total bytes...
8 affected packages
php5, php7.0, php7.2, php7.4, php8.1...
| Package | 26.04 LTS |
|---|---|
| php5 | Not in release |
| php7.0 | Not in release |
| php7.2 | Not in release |
| php7.4 | Not in release |
| php8.1 | Not in release |
| php8.3 | Not in release |
| php8.4 | Not in release |
| php8.5 | Needs evaluation |
Not in release
Shaarli is a personal bookmarking service. Versions 0.16.1 and prior contain a DOM-based Cross-Site Scripting (XSS) vulnerability in the Thumbnail Synchronizer feature. When an administrator runs the thumbnail update process,...
1 affected package
shaarli
| Package | 26.04 LTS |
|---|---|
| shaarli | Not in release |
Tinyproxy through 1.11.3, fixed in commit 09312a1, fails to properly validate the Host header during stathost detection, allowing unauthenticated attackers to access the stats page by injecting a matching Host header or bypass...
1 affected package
tinyproxy
| Package | 26.04 LTS |
|---|---|
| tinyproxy | Needs evaluation |
libssh2 through 1.11.1, fixed in commit 7acf3df contains an out-of-bounds write vulnerability in ssh2_transport_read() that fails to enforce upper bounds on packet_length field. Remote attackers can send crafted SSH packets with...
1 affected package
libssh2
| Package | 26.04 LTS |
|---|---|
| libssh2 | Needs evaluation |
libssh2 through 1.11.1, fixed in commit 1762685, contains a pre-authentication denial of service vulnerability in the SSH_MSG_EXT_INFO handler in src/packet.c that allows a malicious SSH server to cause a client CPU exhaustion...
1 affected package
libssh2
| Package | 26.04 LTS |
|---|---|
| libssh2 | Needs evaluation |
Tinyproxy through 1.11.3, fixed in commit 364cdb6, fails to reject requests containing multiple Content-Length headers with differing values, forwarding all duplicate headers to the backend while using the first value to determine...
1 affected package
tinyproxy
| Package | 26.04 LTS |
|---|---|
| tinyproxy | Needs evaluation |