Search CVE reports
1 – 10 of 33913 results
Rhino is an open-source implementation of JavaScript written entirely in Java. Prior to 1.8.1, 1.7.15.1, and 1.7.14.1, when an application passed an attacker controlled float poing number into the toFixed() function, it might lead...
1 affected package
rhino
| Package | 22.04 LTS |
|---|---|
| rhino | Needs evaluation |
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng's simplified API allows...
5 affected packages
libpng, libpng1.6, firefox, thunderbird, chromium-browser
| Package | 22.04 LTS |
|---|---|
| libpng | Not in release |
| libpng1.6 | Needs evaluation |
| firefox | Not affected |
| thunderbird | Needs evaluation |
| chromium-browser | Not affected |
User enumeration in Nagvis' Checkmk MultisiteAuth before version 1.9.48 allows an unauthenticated attacker to enumerate Checkmk usernames.
1 affected package
nagvis
| Package | 22.04 LTS |
|---|---|
| nagvis | Needs evaluation |
Not in release
A flaw was found in WebKitGTK. This vulnerability allows remote, user-assisted information disclosure that can reveal any file the user is permitted to read via abusing the file drag-and-drop mechanism where WebKitGTK does not...
1 affected package
webkitgtk
| Package | 22.04 LTS |
|---|---|
| webkitgtk | Not in release |
Untrusted search path in auth_query connection handler in PgBouncer before 1.25.1 allows an unauthenticated attacker to execute arbitrary SQL during authentication via a malicious search_path parameter in the StartupMessage.
1 affected package
pgbouncer
| Package | 22.04 LTS |
|---|---|
| pgbouncer | Needs evaluation |
When building nested elements using xml.dom.minidom methods such as appendChild() that have a dependency on _clear_id_cache() the algorithm is quadratic. Availability can be impacted when building excessively nested documents.
14 affected packages
jython, pypy3, python2.7, python3.4, python3.5...
| Package | 22.04 LTS |
|---|---|
| jython | Needs evaluation |
| pypy3 | Needs evaluation |
| python2.7 | Needs evaluation |
| python3.4 | Not in release |
| python3.5 | Not in release |
| python3.6 | Not in release |
| python3.7 | Not in release |
| python3.8 | Not in release |
| python3.9 | Not in release |
| python3.10 | Needs evaluation |
| python3.11 | Needs evaluation |
| python3.12 | Not in release |
| python3.13 | Not in release |
| python3.14 | Not in release |
A flaw was found in Undertow that can cause remote denial of service attacks. When the server uses the FormEncodedDataDefinition.doParse(StreamSourceChannel) method to parse large form data encoding with...
1 affected package
undertow
| Package | 22.04 LTS |
|---|---|
| undertow | Needs evaluation |
Not in release
[Unknown description]
2 affected packages
golang-1.24, golang-1.25
| Package | 22.04 LTS |
|---|---|
| golang-1.24 | Not in release |
| golang-1.25 | Not in release |
(MEGACO dissector infinite loop in Wireshark 4.6.0 to 4.6.1 and 4.4.0 t ...)
1 affected package
wireshark
| Package | 22.04 LTS |
|---|---|
| wireshark | Needs evaluation |
(HTTP3 dissector crash in Wireshark 4.6.0 and 4.6.1 allows denial of se ...)
1 affected package
wireshark
| Package | 22.04 LTS |
|---|---|
| wireshark | Needs evaluation |