Search CVE reports
11 – 20 of 41451 results
Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, when ast_coredumper writes its gdb init and output files to a directory that...
1 affected package
asterisk
| Package | 18.04 LTS |
|---|---|
| asterisk | Needs evaluation |
Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, the ast_xml_open() function in xml.c parses XML documents using libxml with unsafe...
1 affected package
asterisk
| Package | 18.04 LTS |
|---|---|
| asterisk | Needs evaluation |
Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, user supplied/control values for Cookies and any GET variable query Parameter are...
1 affected package
asterisk
| Package | 18.04 LTS |
|---|---|
| asterisk | Needs evaluation |
A vulnerability was detected in libuvc up to 0.0.7. Affected is the function uvc_scan_streaming of the file src/device.c of the component UVC Descriptor Handler. The manipulation results in null pointer dereference. The attack...
1 affected package
libuvc
| Package | 18.04 LTS |
|---|---|
| libuvc | Needs evaluation |
A flaw has been found in mruby up to 3.4.0. This affects the function mrb_vm_exec of the file src/vm.c of the component JMPNOT-to-JMPIF Optimization. Executing a manipulation can lead to use after free. The attack needs to be...
1 affected package
mruby
| Package | 18.04 LTS |
|---|---|
| mruby | Needs evaluation |
Webpack is a module bundler. From version 5.49.0 to before 5.104.1, when experiments.buildHttp is enabled, webpack’s HTTP(S) resolver (HttpUriPlugin) can be bypassed to fetch resources from hosts outside allowedUris by using...
1 affected package
node-webpack
| Package | 18.04 LTS |
|---|---|
| node-webpack | Needs evaluation |
Webpack is a module bundler. From version 5.49.0 to before 5.104.0, when experiments.buildHttp is enabled, webpack’s HTTP(S) resolver (HttpUriPlugin) enforces allowedUris only for the initial URL, but does not re-validate...
1 affected package
node-webpack
| Package | 18.04 LTS |
|---|---|
| node-webpack | Needs evaluation |
The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.
7 affected packages
golang-golang-x-net, google-guest-agent, containerd, golang-golang-x-net-dev, adsys...
| Package | 18.04 LTS |
|---|---|
| golang-golang-x-net | — |
| google-guest-agent | Needs evaluation |
| containerd | Needs evaluation |
| golang-golang-x-net-dev | Needs evaluation |
| adsys | — |
| juju-core | — |
| lxd | Needs evaluation |
The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.
7 affected packages
golang-golang-x-net, google-guest-agent, containerd, golang-golang-x-net-dev, adsys...
| Package | 18.04 LTS |
|---|---|
| golang-golang-x-net | — |
| google-guest-agent | Needs evaluation |
| containerd | Needs evaluation |
| golang-golang-x-net-dev | Needs evaluation |
| adsys | — |
| juju-core | — |
| lxd | Needs evaluation |
CODE::BLOCKS 16.01 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler with crafted Unicode characters. Attackers can create a malicious M3U playlist...
1 affected package
codeblocks
| Package | 18.04 LTS |
|---|---|
| codeblocks | Needs evaluation |