Search CVE reports
411 – 420 of 43971 results
App::Ack versions through 3.10.0 for Perl print unsanitised terminal escape sequences from filenames in several output modes. When ack prints a filename whose basename contains terminal control bytes such as ANSI escape sequences,...
1 affected package
ack
| Package | 22.04 LTS |
|---|---|
| ack | Needs evaluation |
App::Ack versions before 3.10.0 for Perl allow memory exhaustion via an unbounded context value in a project .ackrc. ack searches up the directory hierarchy from the current directory for a project .ackrc and loads its options....
1 affected package
ack
| Package | 22.04 LTS |
|---|---|
| ack | Needs evaluation |
App::Ack versions through 3.10.0 for Perl read arbitrary files via --files-from in a project .ackrc. ack searches up the directory hierarchy from the current directory for a project .ackrc and loads its options. The project-source...
1 affected package
ack
| Package | 22.04 LTS |
|---|---|
| ack | Needs evaluation |
ImageMagick before 7.1.2-19 contains a heap buffer overflow vulnerability in the FTXT encoder due to missing boundary checks when parsing ftxt:format. Remote attackers can trigger an out of bounds read by crafting malicious FTXT...
1 affected package
imagemagick
| Package | 22.04 LTS |
|---|---|
| imagemagick | Needs evaluation |
ImageMagick before 7.1.2-15 contains a heap-buffer-overflow read vulnerability in GetPixelIndex caused by OpenPixelCache updating image channel metadata before pixel cache memory allocation. Attackers can trigger memory and disk...
1 affected package
imagemagick
| Package | 22.04 LTS |
|---|---|
| imagemagick | Needs evaluation |
FreeRDP before 3.22.0 contains a use-after-free vulnerability in dvcman_channel_close and dvcman_call_on_receive due to improper synchronization of channel_callback access. A malicious RDP server can trigger a race condition by...
3 affected packages
freerdp, freerdp2, freerdp3
| Package | 22.04 LTS |
|---|---|
| freerdp | Not in release |
| freerdp2 | Needs evaluation |
| freerdp3 | Not in release |
Imager versions before 1.033 for Perl treat unsigned EXIF IFD entry counts as signed. Imager mishandled large EXIF IFD entry count values, treating them as negative numbers. This could lead to an attempt to allocate a block...
1 affected package
libimager-perl
| Package | 22.04 LTS |
|---|---|
| libimager-perl | Needs evaluation |
A flaw was found in 389 Directory Server. The PBKDF2-SHA256 password verification function uses standard memcmp() for comparing password hashes instead of a constant-time comparison function. A remote attacker could potentially...
1 affected package
389-ds-base
| Package | 22.04 LTS |
|---|---|
| 389-ds-base | Needs evaluation |
A heap buffer overflow due to missing size checking in the property buffer when parsing PCF files in libXfont2 ComputeScaledProperties() before libXfont2 before 2.0.8 could be used by attackers using authenticated X clients to...
2 affected packages
libxfont, libxfont2
| Package | 22.04 LTS |
|---|---|
| libxfont | Needs evaluation |
| libxfont2 | Not in release |
A heap bufferflow in pcfReadFont() due to missing glyph bounds checking in libXfont2 before 2.0.8 allows attackers authenticated as X client to execute code within the X server.
2 affected packages
libxfont, libxfont2
| Package | 22.04 LTS |
|---|---|
| libxfont | Needs evaluation |
| libxfont2 | Not in release |