Search CVE reports
1 – 10 of 1068 results
A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests.As a result, requests...
1 affected package
undertow
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| undertow | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)
2 affected packages
gnupg2, gnupg
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| gnupg2 | Fixed | Fixed | Fixed | Fixed |
| gnupg | — | — | — | — |
Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client. This issue affects all MongoDB Server v7.0 prior to 7.0.28 versions, MongoDB Server v8.0...
1 affected package
mongodb
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| mongodb | Not in release | Not in release | Vulnerable | Vulnerable |
A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 26.2, Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, tvOS 26.2. Processing...
5 affected packages
webkitgtk, webkit2gtk, qtwebkit-source, qtwebkit-opensource-src, wpewebkit
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| webkitgtk | Not in release | Not in release | — | Ignored |
| webkit2gtk | Vulnerable | Vulnerable | Ignored | Ignored |
| qtwebkit-source | Not in release | Not in release | — | Ignored |
| qtwebkit-opensource-src | Ignored | Ignored | Ignored | Ignored |
| wpewebkit | Not in release | Ignored | Ignored | — |
Exim before 4.99.1, with certain non-default rate-limit configurations, allows a remote heap-based buffer overflow because database records are cast directly to internal structures without validation.
1 affected package
exim4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| exim4 | Not affected | Not affected | Not affected | Not affected |
Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499.110 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
6 affected packages
chromium-browser, webkitgtk, webkit2gtk, qtwebkit-source, qtwebkit-opensource-src, wpewebkit
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| chromium-browser | Not affected | Not affected | — | — |
| webkitgtk | Not in release | Not in release | — | Ignored |
| webkit2gtk | Vulnerable | Vulnerable | Ignored | Ignored |
| qtwebkit-source | Not in release | Not in release | — | Ignored |
| qtwebkit-opensource-src | Ignored | Ignored | Ignored | Ignored |
| wpewebkit | Not in release | Ignored | Ignored | — |
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.27.0, a vulnerability allows attacker-controlled HTTP headers to influence server-visible metadata, logging, and authorization decisions....
1 affected package
cpp-httplib
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| cpp-httplib | Needs evaluation | Needs evaluation | — | — |
Some fixes available 5 of 13
runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use...
3 affected packages
runc, runc-app, runc-stable
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| runc | Ignored | Ignored | Ignored | Ignored |
| runc-app | Fixed | Fixed | Ignored | — |
| runc-stable | Not in release | Not in release | Not in release | Not in release |
Some fixes available 5 of 13
runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks...
3 affected packages
runc, runc-app, runc-stable
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| runc | Ignored | Ignored | Ignored | Ignored |
| runc-app | Fixed | Fixed | Ignored | — |
| runc-stable | Not in release | Not in release | Not in release | Not in release |
Some fixes available 5 of 13
runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, 1.3.0-rc.1 through 1.3.1, 1.4.0-rc.1 and 1.4.0-rc.2 files, runc would not perform sufficient verification that...
3 affected packages
runc, runc-app, runc-stable
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| runc | Ignored | Ignored | Ignored | Ignored |
| runc-app | Fixed | Fixed | Ignored | — |
| runc-stable | Not in release | Not in release | Not in release | Not in release |