Search CVE reports
381 – 390 of 41868 results
Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, a security control bypass vulnerability in Kanboard allows an authenticated administrator to achieve full Remote Code Execution...
2 affected packages
kanboard-cli, python-kanboard
| Package | 18.04 LTS |
|---|---|
| kanboard-cli | Needs evaluation |
| python-kanboard | Needs evaluation |
Redir 3.3 contains a stack overflow vulnerability in the doproxyconnect() function that allows attackers to crash the application by sending oversized input. Attackers can exploit the sprintf() buffer without proper length...
1 affected package
redir
| Package | 18.04 LTS |
|---|---|
| redir | Needs evaluation |
ajv (Another JSON Schema Validator) before 8.18.0 is vulnerable to Regular Expression Denial of Service (ReDoS) when the $data option is enabled. The pattern keyword accepts runtime data via JSON Pointer syntax ($data reference),...
1 affected package
node-ajv
| Package | 18.04 LTS |
|---|---|
| node-ajv | Needs evaluation |
Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13 allows Cascading Style Sheets (CSS) injection, e.g., because comments are mishandled.
1 affected package
roundcube
| Package | 18.04 LTS |
|---|---|
| roundcube | Needs evaluation |
PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a temporary view based on a function containing malicious code. When the anon.get_tablesample_ratio function is then...
8 affected packages
postgresql-18, postgresql-17, postgresql-16, postgresql-14, postgresql-12...
| Package | 18.04 LTS |
|---|---|
| postgresql-18 | — |
| postgresql-17 | — |
| postgresql-16 | — |
| postgresql-14 | — |
| postgresql-12 | — |
| postgresql-10 | Not affected |
| postgresql-9.5 | — |
| postgresql-9.3 | — |
[PSD loader: heap-buffer-overflow in fread_pascal_string() (no null terminator)]
1 affected package
gimp
| Package | 18.04 LTS |
|---|---|
| gimp | Needs evaluation |
A specially-crafted file can cause libjxl's decoder to write pixel data to uninitialized unallocated memory. Soon after that data from another uninitialized unallocated region is copied to pixel data. This can be done by...
1 affected package
graphicsmagick
| Package | 18.04 LTS |
|---|---|
| graphicsmagick | Needs evaluation |
A race condition vulnerability exists in MedusaJS Medusa v2.12.2 and earlier in the registerUsage() function of the promotion module. The function performs a non-atomic read-check-update operation when enforcing promotion usage...
1 affected package
medusa
| Package | 18.04 LTS |
|---|---|
| medusa | Needs evaluation |
A specially-crafted file can cause libjxl's decoder to read pixel data from uninitialized (but allocated) memory. This can be done by causing the decoder to reference an outside-image-bound area in a subsequent patches. An...
1 affected package
graphicsmagick
| Package | 18.04 LTS |
|---|---|
| graphicsmagick | Needs evaluation |
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to 46.0.5, the public_key_from_numbers (or...
1 affected package
python-cryptography
| Package | 18.04 LTS |
|---|---|
| python-cryptography | Needs evaluation |