Search CVE reports
81 – 90 of 40932 results
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.43.4, negative chunk-size in chunked Transfer-Encoding causes unbounded memory allocation and process crash....
1 affected package
cpp-httplib
| Package | 22.04 LTS |
|---|---|
| cpp-httplib | Needs evaluation |
The brace-expansion library generates arbitrary strings containing a common prefix and suffix. From 5.0.0 to before 5.0.6, the max option was being applied too late. When expanding a single large numeric range like {1..10000000},...
1 affected package
node-brace-expansion
| Package | 22.04 LTS |
|---|---|
| node-brace-expansion | Needs evaluation |
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, FreeRDP's RDPEAR NDR parser accepts one non-null NDR pointer ref-id for multiple logical pointer fields without tracking the pointed...
3 affected packages
freerdp, freerdp2, freerdp3
| Package | 22.04 LTS |
|---|---|
| freerdp | Not in release |
| freerdp2 | Needs evaluation |
| freerdp3 | Not in release |
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP server can trigger a heap-buffer-overflow write in the FreeRDP client by sending crafted RDPGFX PDUs. The bug is...
3 affected packages
freerdp, freerdp2, freerdp3
| Package | 22.04 LTS |
|---|---|
| freerdp | Not in release |
| freerdp2 | Needs evaluation |
| freerdp3 | Not in release |
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP client can trigger a heap-buffer-overflow write in FreeRDP's server-side clipboard (cliprdr) channel by sending a CB_CLIP_CAPS PDU...
3 affected packages
freerdp, freerdp2, freerdp3
| Package | 22.04 LTS |
|---|---|
| freerdp | Not in release |
| freerdp2 | Needs evaluation |
| freerdp3 | Not in release |
Decoding a paletted BMP file with an out-of-range palette index results in a panic when accessing pixels in the invalid image.
1 affected package
golang-golang-x-image
| Package | 22.04 LTS |
|---|---|
| golang-golang-x-image | Needs evaluation |
Not in release
GitHub CLI (gh) is GitHub’s official command line tool. Prior to 2.93.0, GitHub CLI incorrectly includes authorization header in API requests to TUF repository mirrors via gh attestation, gh release verify, and gh...
2 affected packages
golang-github-cli-go-gh, golang-github-cli-go-gh-v2
| Package | 22.04 LTS |
|---|---|
| golang-github-cli-go-gh | Not in release |
| golang-github-cli-go-gh-v2 | Not in release |
Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, Mermaid's default configuration allows injecting CSS that applies outside of the Mermaid diagram...
1 affected package
node-mermaid
| Package | 22.04 LTS |
|---|---|
| node-mermaid | Needs evaluation |
Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, there is a denial-of-service attack when rendering gantt charts, if they use the excludes...
1 affected package
node-mermaid
| Package | 22.04 LTS |
|---|---|
| node-mermaid | Needs evaluation |
Exim 4.88 before 4.99.4, in some proxy configurations, mishandles certain short payloads, leading to disclosure of uninitialized stack memory values to a client.
1 affected package
exim4
| Package | 22.04 LTS |
|---|---|
| exim4 | Fixed |