Search CVE reports
121 – 130 of 48501 results
Some fixes available 1 of 3
Issue summary: When a delta CRL that contains a Delta CRL Indicator extension is processed a NULL pointer dereference might happen if the required CRL Number extension is missing. Impact summary: A NULL pointer dereference can...
5 affected packages
openssl, openssl-fips, openssl1.0, nodejs, edk2
| Package | 16.04 LTS |
|---|---|
| openssl | Fixed |
| openssl-fips | — |
| openssl1.0 | — |
| nodejs | Needs evaluation |
| edk2 | Needs evaluation |
Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-free on the client side. Impact...
5 affected packages
openssl, openssl-fips, openssl1.0, nodejs, edk2
| Package | 16.04 LTS |
|---|---|
| openssl | Not affected |
| openssl-fips | — |
| openssl1.0 | — |
| nodejs | Needs evaluation |
| edk2 | Needs evaluation |
Issue summary: Applications using AES-CFB128 encryption or decryption on systems with AVX-512 and VAES support can trigger an out-of-bounds read of up to 15 bytes when processing partial cipher blocks. Impact summary: This...
5 affected packages
openssl, openssl-fips, openssl1.0, nodejs, edk2
| Package | 16.04 LTS |
|---|---|
| openssl | Not affected |
| openssl-fips | — |
| openssl1.0 | — |
| nodejs | Not affected |
| edk2 | Not affected |
SDL_image is a library to load images of various formats as SDL surfaces. In do_layer_surface() in src/IMG_xcf.c, pixel index values from decoded XCF tile data are used directly as colormap indices without validating them against...
3 affected packages
libsdl2-image, libsdl3-image, sdl-image1.2
| Package | 16.04 LTS |
|---|---|
| libsdl2-image | Needs evaluation |
| libsdl3-image | — |
| sdl-image1.2 | Needs evaluation |
OCS Inventory NG Server version 2.12.3 and prior contain a stored cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript by submitting malicious User-Agent HTTP headers to the...
1 affected package
ocsinventory-server
| Package | 16.04 LTS |
|---|---|
| ocsinventory-server | Needs evaluation |
Discount is an implementation of John Gruber's Markdown markup language in C. From 1.3.1.1 to before 2.2.7.4, a signed length truncation bug causes an out-of-bounds read in the default Markdown parse path. Inputs larger...
1 affected package
discount
| Package | 16.04 LTS |
|---|---|
| discount | Needs evaluation |
Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.0, distribution can restore read access in repo a after an explicit delete when storage.cache.blobdescriptor: redis...
1 affected package
docker-registry
| Package | 16.04 LTS |
|---|---|
| docker-registry | Needs evaluation |
Index out-of-range when encountering a branch page with zero elements in go.etcd.io/bbolt
2 affected packages
golang-github-boltdb-bolt, golang-github-coreos-bbolt
| Package | 16.04 LTS |
|---|---|
| golang-github-boltdb-bolt | Needs evaluation |
| golang-github-coreos-bbolt | — |
Vim is an open source, command line text editor. Prior to 9.2.0280, a path traversal bypass in Vim's zip.vim plugin allows overwriting of arbitrary files when opening specially crafted zip archives, circumventing the previous fix...
1 affected package
vim
| Package | 16.04 LTS |
|---|---|
| vim | Needs evaluation |
Hugo is a static site generator. From 0.60.0 to before 0.159.2, links and image links in the default markdown to HTML renderer are not properly escaped. Hugo users who trust their Markdown content or have custom render hooks for...
1 affected package
hugo
| Package | 16.04 LTS |
|---|---|
| hugo | Needs evaluation |