Search CVE reports
221 – 230 of 30756 results
GNU Wget does not validate the IP address provided by an FTP PASV response while operating in FTP passive mode. A malicious FTP server, or an HTTP server that redirects to an FTP URL, can exploit this behavior to redirect Wget’s...
1 affected package
wget
| Package | 26.04 LTS |
|---|---|
| wget | Vulnerable |
Apprise is an open source library which allows you to send a notification to almost all of the most popular notification services available. Prior to 1.11.0, Apprise HTTP-based notification plugins and HTTP attachment and config...
1 affected package
apprise
| Package | 26.04 LTS |
|---|---|
| apprise | Needs evaluation |
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. In affected Mbed TLS backend versions from 0.31.0 through 0.46.1 and wolfSSL backend versions from 0.33.0 through 0.46.1, when cpp-httplib is built...
1 affected package
cpp-httplib
| Package | 26.04 LTS |
|---|---|
| cpp-httplib | Needs evaluation |
ImageMagick before 7.1.2-15 contains a use-after-free vulnerability in the PDB decoder that uses a stale pointer when memory allocation fails. Attackers can trigger this vulnerability by processing malicious PDB files to cause...
1 affected package
imagemagick
| Package | 26.04 LTS |
|---|---|
| imagemagick | Not affected |
ImageMagick before 7.1.2-18 contains a memory leak vulnerability in the META reader when processing APP1JPEG input paths. Attackers can trigger this memory leak by providing specially crafted APP1JPEG image files, causing denial...
1 affected package
imagemagick
| Package | 26.04 LTS |
|---|---|
| imagemagick | Not affected |
mtr is vulnerable to Out-of-bound read vulnerability in ipinfo_lookup() function. An attacker who can influence the TXT response used for AS lookups can trigger this bug by returning a DNS response that is larger than 512 bytes...
1 affected package
mtr
| Package | 26.04 LTS |
|---|---|
| mtr | Needs evaluation |
In OpenStack Ironic before 37.0.1, an Ironic user with the ability to deploy nodes using the IPMI management interface can maliciously use the send_raw step to send arbitrary IPMI commands to a node, bypassing Ironic's access control.
1 affected package
ironic
| Package | 26.04 LTS |
|---|---|
| ironic | Needs evaluation |
OpenStack Ironic through before 37.0.1 allows creation or modification of nodes cross-project without authorization.
1 affected package
ironic
| Package | 26.04 LTS |
|---|---|
| ironic | Needs evaluation |
Vim is an open source, command line text editor. Prior to 9.2.0735, the C omni-completion script in runtime/autoload/ccomplete.vim interpolates the typeref: or typename: extension field of a tags entry, without escaping, into a...
1 affected package
vim
| Package | 26.04 LTS |
|---|---|
| vim | Fixed |
Vim is an open source, command line text editor. Prior to 9.2.0725, the single-byte branch of spell_soundfold_sal() in src/spell.c translates a word through a spell file's SAL sound-folding rules into a caller-owned result buffer,...
1 affected package
vim
| Package | 26.04 LTS |
|---|---|
| vim | Fixed |