Search CVE reports
751 – 760 of 38499 results
A specially crafted domain can be used to cause a memory leak in a BIND resolver simply by querying this domain. This issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through...
3 affected packages
bind9, isc-dhcp, bind9-libs
| Package | 20.04 LTS |
|---|---|
| bind9 | Not affected |
| isc-dhcp | Not affected |
| bind9-libs | Needs evaluation |
If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume excessive CPU. Authoritative-only servers are generally unaffected, although there are circumstances where...
3 affected packages
bind9, isc-dhcp, bind9-libs
| Package | 20.04 LTS |
|---|---|
| bind9 | Needs evaluation |
| isc-dhcp | Not affected |
| bind9-libs | Needs evaluation |
A malicious mail server could send malformed strings with negative lengths, causing the parser to read memory outside the buffer. If a mail server or connection to a mail server were compromised, an attacker could cause the parser...
9 affected packages
firefox, thunderbird, mozjs38, mozjs52, mozjs68...
| Package | 20.04 LTS |
|---|---|
| firefox | — |
| thunderbird | — |
| mozjs38 | — |
| mozjs52 | Ignored |
| mozjs68 | Ignored |
| mozjs78 | — |
| mozjs91 | — |
| mozjs102 | — |
| mozjs115 | — |
Spoofing issue in Thunderbird. This vulnerability was fixed in Thunderbird 149 and Thunderbird 140.9.
9 affected packages
firefox, thunderbird, mozjs38, mozjs52, mozjs68...
| Package | 20.04 LTS |
|---|---|
| firefox | — |
| thunderbird | — |
| mozjs38 | — |
| mozjs52 | Ignored |
| mozjs68 | Ignored |
| mozjs78 | — |
| mozjs91 | — |
| mozjs102 | — |
| mozjs115 | — |
Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vulnerability exists in Vim's glob() function on Unix-like systems. By including a newline character (\n) in a pattern passed to...
1 affected package
vim
| Package | 20.04 LTS |
|---|---|
| vim | Fixed |
league/commonmark is a PHP Markdown parser. From version 2.3.0 to before version 2.8.2, the DomainFilteringAdapter in the Embed extension is vulnerable to an allowlist bypass due to a missing hostname boundary assertion in the...
1 affected package
php-league-commonmark
| Package | 20.04 LTS |
|---|---|
| php-league-commonmark | Needs evaluation |
Zabbix Agent 2 Docker plugin does not properly sanitize the 'docker.container_info' parameters when forwarding them to the Docker daemon. An attacker capable of invoking Agent 2 can read arbitrary files from running Docker...
1 affected package
zabbix
| Package | 20.04 LTS |
|---|---|
| zabbix | Needs evaluation |
A low privilege Zabbix user with API access can exploit a blind SQL injection vulnerability in include/classes/api/CApiService.php to execute arbitrary SQL selects via the sortfield parameter. Although query results are not...
1 affected package
zabbix
| Package | 20.04 LTS |
|---|---|
| zabbix | Needs evaluation |
Host and event action script input is validated with a regex (set by the administrator), but the validation runs in multiline mode. If ^ and $ anchors are used in user input validation, an injected newline lets authenticated users...
1 affected package
zabbix
| Package | 20.04 LTS |
|---|---|
| zabbix | Needs evaluation |
For performance reasons Zabbix Server/Proxy reuses JavaScript (Duktape) contexts (used in script items, JavaScript reprocessing, Webhooks). This can lead to confidentiality loss where a regular (non-super) Zabbix administrator...
1 affected package
zabbix
| Package | 20.04 LTS |
|---|---|
| zabbix | Needs evaluation |