Search CVE reports
431 – 440 of 47154 results
pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.2, a Denial-of-Service issue has been found that leads to memory exhaustion from malformed RELATIVE-OID with excessive continuation octets. This vulnerability is fixed in 0.6.2.
1 affected package
pyasn1
| Package | 16.04 LTS |
|---|---|
| pyasn1 | Needs evaluation |
Best Practical Request Tracker (RT) before 4.4.9, 5.0.9, and 6.0.2 allows CSV Injection via ticket values when TSV export is used.
2 affected packages
request-tracker4, request-tracker5
| Package | 16.04 LTS |
|---|---|
| request-tracker4 | Needs evaluation |
| request-tracker5 | — |
mmstu.c in VideoLAN VLC media player before 3.0.22 allows an out-of-bounds read and denial of service via a crafted 0x01 response from an MMS server.
1 affected package
vlc
| Package | 16.04 LTS |
|---|---|
| vlc | Needs evaluation |
In the portal in LemonLDAP::NG before 2.21.0, cross-site scripting (XSS) allows remote attackers to inject arbitrary web script or HTML (into the login page) via the tab parameter, for Choice authentication.
1 affected package
lemonldap-ng
| Package | 16.04 LTS |
|---|---|
| lemonldap-ng | Needs evaluation |
A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this...
1 affected package
glib2.0
| Package | 16.04 LTS |
|---|---|
| glib2.0 | Needs evaluation |
Versions of the package net.sourceforge.plantuml:plantuml before 1.2026.0 are vulnerable to Stored XSS due to insufficient sanitization of interactive attributes in GraphViz diagrams. As a result, a crafted PlantUML diagram can...
1 affected package
plantuml
| Package | 16.04 LTS |
|---|---|
| plantuml | Needs evaluation |
[crypto/tls: Config.Clone copies automatically generated session ticket keys, session resumption does not account for the expiration of full certificate chain]
16 affected packages
golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...
| Package | 16.04 LTS |
|---|---|
| golang | — |
| golang-1.6 | Needs evaluation |
| golang-1.8 | — |
| golang-1.9 | — |
| golang-1.10 | Needs evaluation |
| golang-1.13 | Needs evaluation |
| golang-1.14 | — |
| golang-1.16 | — |
| golang-1.17 | — |
| golang-1.18 | Needs evaluation |
| golang-1.20 | — |
| golang-1.21 | — |
| golang-1.22 | — |
| golang-1.23 | — |
| golang-1.24 | — |
| golang-1.25 | — |
Write what were condition within AMD CPUs may allow an admin-privileged attacker to modify the configuration of the CPU pipeline potentially resulting in the corruption of the stack pointer inside an SEV-SNP guest.
1 affected package
amd64-microcode
| Package | 16.04 LTS |
|---|---|
| amd64-microcode | Vulnerable |
Dolibarr ERP-CRM 14.0.2 contains a stored cross-site scripting vulnerability in the ticket creation module that allows low-privilege users to inject malicious scripts. Attackers can craft a specially designed ticket message with...
1 affected package
dolibarr
| Package | 16.04 LTS |
|---|---|
| dolibarr | Needs evaluation |
Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack...
2 affected packages
eglibc, glibc
| Package | 16.04 LTS |
|---|---|
| eglibc | — |
| glibc | Fixed |