Search CVE reports
291 – 300 of 42503 results
Not in release
dhcpcd through 10.3.2, fixed in commit 2f00c7b, contains a one-byte stack out-of-bounds write vulnerability in dhcp6_makemessage() in src/dhcp6.c that allows unauthenticated same-link attackers to write beyond a fixed local buffer...
1 affected package
dhcpcd
| Package | 22.04 LTS |
|---|---|
| dhcpcd | Not in release |
Not in release
dhcpcd through 10.3.2, fixed in commit 2f00c7b, contains a one-byte stack out-of-bounds write vulnerability in dhcp6_makemessage() in src/dhcp6.c that allows unauthenticated same-link attackers to write beyond a fixed local buffer...
1 affected package
dhcpcd
| Package | 22.04 LTS |
|---|---|
| dhcpcd | Not in release |
Not in release
dhcpcd through 10.3.2, fixed in commit 5733d3c, contains a heap use-after-free vulnerability that allows unauthenticated same-link attackers to crash the daemon by sending a crafted DHCPv6 RENEW reply with RFC6603...
1 affected package
dhcpcd
| Package | 22.04 LTS |
|---|---|
| dhcpcd | Not in release |
yt-dlp is a command-line audio/video downloader. Prior to 2026.06.09, if aria2c is used as an external downloader for a fragmented manifest format (such as an HLS/DASH stream), yt-dlp passes insufficiently sanitized input to...
1 affected package
yt-dlp
| Package | 22.04 LTS |
|---|---|
| yt-dlp | Needs evaluation |
yt-dlp is a command-line audio/video downloader. Prior to 2026.06.09, a vulnerability exists in yt-dlp that allows a remote attacker to write arbitrary OS-shortcut files (such as .desktop, .url, .webloc) to the user's filesystem,...
1 affected package
yt-dlp
| Package | 22.04 LTS |
|---|---|
| yt-dlp | Needs evaluation |
yt-dlp is a command-line audio/video downloader. From 2023.09.24 until 2026.06.09, if curl is used as an external downloader for yt-dlp, cookies may be leaked to an unintended host upon HTTP redirect or when the host for download...
1 affected package
yt-dlp
| Package | 22.04 LTS |
|---|---|
| yt-dlp | Needs evaluation |
tarfile.extractall() with the 'data' or 'tar' filter could be bypassed by a crafted archive where a hardlink references a symlink stored at a deeper name than the hardlink itself. The extraction fallback validated the symlink at...
13 affected packages
pypy3, python2.7, python3.4, python3.5, python3.6...
| Package | 22.04 LTS |
|---|---|
| pypy3 | Needs evaluation |
| python2.7 | Needs evaluation |
| python3.4 | Not in release |
| python3.5 | Not in release |
| python3.6 | Not in release |
| python3.7 | Not in release |
| python3.8 | Not in release |
| python3.9 | Not in release |
| python3.10 | Needs evaluation |
| python3.11 | Needs evaluation |
| python3.12 | Not in release |
| python3.13 | Not in release |
| python3.14 | Not in release |
An issue in the time_t_to_dt component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
1 affected package
virtuoso-opensource
| Package | 22.04 LTS |
|---|---|
| virtuoso-opensource | Needs evaluation |
An issue in the t_set_push component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
1 affected package
virtuoso-opensource
| Package | 22.04 LTS |
|---|---|
| virtuoso-opensource | Needs evaluation |
An issue in the sslr_qst_get component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
1 affected package
virtuoso-opensource
| Package | 22.04 LTS |
|---|---|
| virtuoso-opensource | Needs evaluation |