Search CVE reports
1 – 10 of 1067 results
In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)
1 affected package
gnupg2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| gnupg2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client. This issue affects all MongoDB Server v7.0 prior to 7.0.28 versions, MongoDB Server v8.0...
1 affected package
mongodb
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| mongodb | Not in release | Not in release | Vulnerable | Vulnerable |
A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 26.2, Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, tvOS 26.2. Processing...
5 affected packages
webkitgtk, webkit2gtk, qtwebkit-source, qtwebkit-opensource-src, wpewebkit
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| webkitgtk | Not in release | Not in release | — | Ignored |
| webkit2gtk | Needs evaluation | Needs evaluation | Ignored | Ignored |
| qtwebkit-source | Not in release | Not in release | — | Ignored |
| qtwebkit-opensource-src | Ignored | Ignored | Ignored | Ignored |
| wpewebkit | Not in release | Ignored | Ignored | — |
Exim before 4.99.1, with certain non-default rate-limit configurations, allows a remote heap-based buffer overflow because database records are cast directly to internal structures without validation.
1 affected package
exim4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| exim4 | Not affected | Not affected | Not affected | Not affected |
Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499.110 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
6 affected packages
chromium-browser, webkitgtk, webkit2gtk, qtwebkit-source, qtwebkit-opensource-src, wpewebkit
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| chromium-browser | Not affected | Not affected | — | — |
| webkitgtk | Not in release | Not in release | — | Ignored |
| webkit2gtk | Needs evaluation | Needs evaluation | Ignored | Ignored |
| qtwebkit-source | Not in release | Not in release | — | Ignored |
| qtwebkit-opensource-src | Ignored | Ignored | Ignored | Ignored |
| wpewebkit | Not in release | Ignored | Ignored | — |
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.27.0, a vulnerability allows attacker-controlled HTTP headers to influence server-visible metadata, logging, and authorization decisions....
1 affected package
cpp-httplib
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| cpp-httplib | Needs evaluation | Needs evaluation | — | — |
Some fixes available 5 of 13
runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use...
3 affected packages
runc, runc-app, runc-stable
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| runc | Ignored | Ignored | Ignored | Ignored |
| runc-app | Fixed | Fixed | Ignored | — |
| runc-stable | Not in release | Not in release | Not in release | Not in release |
Some fixes available 5 of 13
runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks...
3 affected packages
runc, runc-app, runc-stable
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| runc | Ignored | Ignored | Ignored | Ignored |
| runc-app | Fixed | Fixed | Ignored | — |
| runc-stable | Not in release | Not in release | Not in release | Not in release |
Some fixes available 5 of 13
runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, 1.3.0-rc.1 through 1.3.1, 1.4.0-rc.1 and 1.4.0-rc.2 files, runc would not perform sufficient verification that...
3 affected packages
runc, runc-app, runc-stable
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| runc | Ignored | Ignored | Ignored | Ignored |
| runc-app | Fixed | Fixed | Ignored | — |
| runc-stable | Not in release | Not in release | Not in release | Not in release |
Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate the garbage collector, trigger a use-after-free...
3 affected packages
redict, redis, valkey
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| redict | Not in release | Not in release | — | — |
| redis | Fixed | Fixed | Fixed | Fixed |
| valkey | Fixed | Not in release | — | — |