Search CVE reports
271 – 280 of 43971 results
GitHub CLI (gh) is GitHub’s official command line tool. From 2.10.0 through 2.95.0, connecting to a malicious Codespace with gh codespace jupyter can allow command execution because the command opens a JupyterLab URL supplied by a...
1 affected package
gh
| Package | 22.04 LTS |
|---|---|
| gh | Needs evaluation |
An integer overflow in the jbig2_arith_iaid_ctx_new() function of Artifex commit cc37d0 allows attackers to cause a Denial of Service (DoS) via a crafted input.
1 affected package
jbig2dec
| Package | 22.04 LTS |
|---|---|
| jbig2dec | Needs evaluation |
Not in release
A flaw has been found in pdeljanov Symphonia up to 0.6.0. This vulnerability affects unknown code of the component Metadata Handler. This manipulation causes denial of service. The attack needs to be launched locally. The exploit...
1 affected package
rust-symphonia
| Package | 22.04 LTS |
|---|---|
| rust-symphonia | Not in release |
gpsd through release-3.27.5, fixed at commit 4c06658, contains a command injection vulnerability in gpsprof that allows attackers who control the GPS device subtype value to execute arbitrary shell commands by embedding backtick...
1 affected package
gpsd
| Package | 22.04 LTS |
|---|---|
| gpsd | Needs evaluation |
The incremental HTML parser (html.parser.HTMLParser) allows for CPU denial-of-service through repeated unterminated markup declarations when processing uncontrolled data.
11 affected packages
python2.7, python3.4, python3.5, python3.6, python3.7...
| Package | 22.04 LTS |
|---|---|
| python2.7 | Needs evaluation |
| python3.4 | Not in release |
| python3.5 | Not in release |
| python3.6 | Not in release |
| python3.7 | Not in release |
| python3.8 | Not in release |
| python3.9 | Not in release |
| python3.10 | Needs evaluation |
| python3.11 | Needs evaluation |
| python3.12 | Not in release |
| python3.14 | Not in release |
When oxenstored is tearing a domain down, the node data is cleaned up but the usage counts are leaked. When the domain ID is eventually reused, the new domain can create fewer nodes before beeing deemed to be over quota.
1 affected package
xen
| Package | 22.04 LTS |
|---|---|
| xen | Needs evaluation |
Not in release
Cesanta Mongoose before 7.22 contains an out-of-bounds read in the built-in TLS server function mg_tls_server_recv_hello(), which uses an attacker-controlled session_id_len byte from a TLS ClientHello as a buffer index without...
1 affected package
mongoose
| Package | 22.04 LTS |
|---|---|
| mongoose | Not in release |
A vulnerability was determined in GPAC 26.03-DEV. This affects the function vobsub_read_idx of the file /src/media_tools/vobsub.c of the component MP4Box. Executing a manipulation of the argument num_langs can lead...
1 affected package
gpac
| Package | 22.04 LTS |
|---|---|
| gpac | Needs evaluation |
httplib2 is a comprehensive HTTP client library for Python. Prior to 0.32.0, httplib2 performs unbounded decompression of HTTP response bodies encoded with Content-Encoding: gzip or deflate in _decompressContent...
1 affected package
python-httplib2
| Package | 22.04 LTS |
|---|---|
| python-httplib2 | Fixed |
A stack buffer overflow vulnerability was found in GStreamer's DTLS plugin. During a DTLS handshake, the peer certificate Subject Distinguished Name is printed into a fixed-size 2048-byte stack buffer without bounds checking....
1 affected package
gst-plugins-bad1.0
| Package | 22.04 LTS |
|---|---|
| gst-plugins-bad1.0 | Needs evaluation |