Search CVE reports
31 – 40 of 49955 results
A Denial of Service (DoS) vulnerability in the DNSSEC validation of dnsmasq allows remote attackers to cause a denial of service via a crafted DNS packet.
1 affected package
dnsmasq
| Package | 16.04 LTS |
|---|---|
| dnsmasq | Fixed |
dnsmasqs extract_name() function can be abused to cause a heap buffer overflow, allowing an attacker to inject false DNS cache entries, which could result in DNS lookups to redirect to an attacker-controlled IP address, or to cause a DoS.
1 affected package
dnsmasq
| Package | 16.04 LTS |
|---|---|
| dnsmasq | Fixed |
A security flaw has been discovered in OSGeo gdal up to 3.13.0dev-4. Impacted is the function GDnentries of the file frmts/hdf4/hdf-eos/GDapi.c. Performing a manipulation of the argument DataFieldName results in heap-based buffer...
1 affected package
gdal
| Package | 16.04 LTS |
|---|---|
| gdal | Needs evaluation |
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the metaphone() function in ext/standard/metaphone.c uses a signed int variable to track the current position within the input...
7 affected packages
php5, php7.0, php7.2, php7.4, php8.1...
| Package | 16.04 LTS |
|---|---|
| php5 | — |
| php7.0 | Needs evaluation |
| php7.2 | — |
| php7.4 | — |
| php8.1 | — |
| php8.3 | — |
| php8.4 | — |
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, a mismatch between encoding lists in Oniguruma and mbfl leads to a NULL pointer dereference, resulting in a segmentation fault...
7 affected packages
php5, php7.0, php7.2, php7.4, php8.1...
| Package | 16.04 LTS |
|---|---|
| php5 | — |
| php7.0 | Needs evaluation |
| php7.2 | — |
| php7.4 | — |
| php8.1 | — |
| php8.3 | — |
| php8.4 | — |
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, some functions, including urldecode(), pass signed char to ctype functions (like isxdigit()). On the systems with default...
7 affected packages
php5, php7.0, php7.2, php7.4, php8.1...
| Package | 16.04 LTS |
|---|---|
| php5 | — |
| php7.0 | Needs evaluation |
| php7.2 | — |
| php7.4 | — |
| php8.1 | — |
| php8.3 | — |
| php8.4 | — |
A type confusion vulnerability in Qt SVG allows an attacker to cause an application crash via a crafted SVG image. When processing SVG marker references, the renderer retrieves a node by its id attribute and casts it to...
2 affected packages
qt6-svg, qtsvg-opensource-src
| Package | 16.04 LTS |
|---|---|
| qt6-svg | — |
| qtsvg-opensource-src | Needs evaluation |
In PHP versions 8.4.* before 8.4.21 and 8.5.* before 8.5.6, when an encoding name containing an embedded NUL byte is passed to mb_convert_encoding() or related mbstring functions, the code incorrectly assumes that...
7 affected packages
php5, php7.0, php7.2, php7.4, php8.1...
| Package | 16.04 LTS |
|---|---|
| php5 | — |
| php7.0 | Needs evaluation |
| php7.2 | — |
| php7.4 | — |
| php8.1 | — |
| php8.3 | — |
| php8.4 | — |
In uriparser before 1.0.2, the function family EqualsUri can misclassify two unequal URIs as equal.
1 affected package
uriparser
| Package | 16.04 LTS |
|---|---|
| uriparser | Needs evaluation |
Vim is an open source, command line text editor. Prior to version 9.2.0435, an OS command injection vulnerability exists in Vim's :find command-line completion. When the path option contains backtick-enclosed shell commands, those...
1 affected package
vim
| Package | 16.04 LTS |
|---|---|
| vim | Needs evaluation |