Search CVE reports
16241 – 16250 of 44107 results
A relative path traversal vulnerability in a FileUtil class used by the PEAR management component of Apache UIMA allows an attacker to create files outside the designated target directory using carefully crafted ZIP entry names....
1 affected package
uimaj
| Package | 16.04 LTS |
|---|---|
| uimaj | Needs evaluation |
Alpine before 2.25 allows remote attackers to cause a denial of service (application crash) when LIST or LSUB is sent before STARTTLS.
1 affected package
alpine
| Package | 16.04 LTS |
|---|---|
| alpine | Fixed |
A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions starting from 15.2 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1 It was possible...
1 affected package
gitlab
| Package | 16.04 LTS |
|---|---|
| gitlab | Ignored |
xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. xmldom parses XML that is not well-formed because it contains multiple top level elements, and adds all root nodes to...
1 affected package
node-xmldom
| Package | 16.04 LTS |
|---|---|
| node-xmldom | Ignored |
Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked...
12 affected packages
golang-1.20, golang-1.13, golang-1.19, golang-1.18, golang...
| Package | 16.04 LTS |
|---|---|
| golang-1.20 | Ignored |
| golang-1.13 | Needs evaluation |
| golang-1.19 | Ignored |
| golang-1.18 | Needs evaluation |
| golang | Ignored |
| golang-1.10 | Needs evaluation |
| golang-1.14 | Not in release |
| golang-1.16 | Ignored |
| golang-1.17 | Ignored |
| golang-1.6 | Needs evaluation |
| golang-1.8 | Not in release |
| golang-1.9 | Not in release |
Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with...
1 affected package
sudo
| Package | 16.04 LTS |
|---|---|
| sudo | Not affected |
GPAC v2.1-DEV-rev368-gfd054169b-master was discovered to contain a memory leak via the component gf_odf_new_iod at odf/odf_code.c.
1 affected package
gpac
| Package | 16.04 LTS |
|---|---|
| gpac | Needs evaluation |
GPAC v2.1-DEV-rev368-gfd054169b-master was discovered to contain a memory leak via the component gf_list_new at utils/list.c.
1 affected package
gpac
| Package | 16.04 LTS |
|---|---|
| gpac | Needs evaluation |
Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_unweighted_pred_16_fallback in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.
1 affected package
libde265
| Package | 16.04 LTS |
|---|---|
| libde265 | Fixed |
Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_epel_16_fallback in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.
1 affected package
libde265
| Package | 16.04 LTS |
|---|---|
| libde265 | Fixed |