Search CVE reports
31 – 40 of 33799 results
An issue in the <code>pickle</code> protocol of Pyro v3.x allows attackers to execute arbitrary code via supplying a crafted pickled string message.
3 affected packages
pyro, pyro4, pyro5
| Package | 24.04 LTS |
|---|---|
| pyro | Not in release |
| pyro4 | Needs evaluation |
| pyro5 | Needs evaluation |
Use-after-free (UAF) was possible in the `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile` when a memory allocation fails with a `MemoryError` and the decompression instance is re-used. This scenario can be...
13 affected packages
pypy3, python2.7, python3.4, python3.5, python3.6...
| Package | 24.04 LTS |
|---|---|
| pypy3 | Needs evaluation |
| python2.7 | Not in release |
| python3.4 | Not in release |
| python3.5 | Not in release |
| python3.6 | Not in release |
| python3.7 | Not in release |
| python3.8 | Not in release |
| python3.9 | Not in release |
| python3.10 | Not in release |
| python3.11 | Not in release |
| python3.12 | Needs evaluation |
| python3.13 | Not in release |
| python3.14 | Not in release |
An issue was discovered in HAProxy before 3.3.6. The HTTP/3 parser does not check that the received body length matches a previously announced content-length when the stream is closed via a frame with an empty payload. This can...
1 affected package
haproxy
| Package | 24.04 LTS |
|---|---|
| haproxy | Needs evaluation |
The bson_validate function may return early on specific inputs and incorrectly report success. This behavior could result in skipping validation for BSON data, allowing malformed or invalid UTF-8 sequences to bypass validation and...
1 affected package
mongo-c-driver
| Package | 24.04 LTS |
|---|---|
| mongo-c-driver | Needs evaluation |
An improper resource deallocation and closure vulnerability in the tools/zmqsend.c component of FFmpeg v8.0.1 allows attackers to cause a Denial of Service (DoS) via supplying a crafted input file.
2 affected packages
ffmpeg, libav
| Package | 24.04 LTS |
|---|---|
| ffmpeg | Needs evaluation |
| libav | Not in release |
A stack overflow in the experimental/tinyobj_loader_opt.h file of tinyobjloader commit d56555b allows attackers to cause a Denial of Service (DoS) via supplying a crafted .mtl file.
1 affected package
tinyobjloader
| Package | 24.04 LTS |
|---|---|
| tinyobjloader | Needs evaluation |
NASM contains a heap use after free vulnerability in response file (-@) processing where a dangling pointer to freed memory is stored in the global depend_file and later dereferenced, as the response-file buffer is freed before...
1 affected package
nasm
| Package | 24.04 LTS |
|---|---|
| nasm | Needs evaluation |
Varnish Cache 9 before 9.0.1 and Varnish Enterprise before 6.0.16r11 allows a "workspace overflow" denial of service (daemon panic) for certain amounts of prefetched data. The setup of an HTTP/2 session starts with a speculative...
1 affected package
varnish
| Package | 24.04 LTS |
|---|---|
| varnish | Needs evaluation |
In Mesa before 25.3.6 and 26 before 26.0.1, out-of-bounds memory access can occur in WebGPU because the amount of to-be-allocated data depends on an untrusted party, and is then used for alloca.
1 affected package
mesa
| Package | 24.04 LTS |
|---|---|
| mesa | Needs evaluation |
In libexif through 0.6.25, an integer underflow in size checking for Fuji and Olympus MakerNote decoding could be used by attackers to crash or leak information out of libexif-using programs.
1 affected package
libexif
| Package | 24.04 LTS |
|---|---|
| libexif | Needs evaluation |