Search CVE reports
1741 – 1750 of 60355 results
Some fixes available 6 of 8
In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* pgsql and pdo_pgsql escaping functions do not check if the underlying quoting functions returned errors. ThisĀ could cause crashes if Postgres...
7 affected packages
php8.1, php5, php7.0, php7.2, php7.4...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| php8.1 | Not in release | Fixed | — | — |
| php5 | Not in release | Not in release | — | — |
| php7.0 | Not in release | Not in release | — | — |
| php7.2 | Not in release | Not in release | — | Fixed |
| php7.4 | Not in release | Not in release | Fixed | — |
| php8.3 | Fixed | Not in release | — | — |
| php8.4 | Not in release | Not in release | — | — |
Some fixes available 6 of 8
In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* before 8.4.10 some functions like fsockopen() lack validation that the hostname supplied does not contain null characters. This may lead to other...
7 affected packages
php8.4, php5, php7.0, php7.2, php7.4...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| php8.4 | Not in release | Not in release | — | — |
| php5 | Not in release | Not in release | — | — |
| php7.0 | Not in release | Not in release | — | — |
| php7.2 | Not in release | Not in release | — | Fixed |
| php7.4 | Not in release | Not in release | Fixed | — |
| php8.1 | Not in release | Fixed | — | — |
| php8.3 | Fixed | Not in release | — | — |
A vulnerability, which was classified as problematic, has been found in GNU Binutils 2.45. Affected by this issue is the function bfd_elf_set_group_contents of the file bfd/elf.c. The manipulation leads to out-of-bounds write. It...
1 affected package
binutils
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| binutils | Vulnerable | Not affected | Not affected | Not affected |
Some fixes available 1 of 7
A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copy_section of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking...
1 affected package
binutils
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| binutils | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
Some fixes available 6 of 8
In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* before 8.4.10 when parsing XML data in SOAP extensions, overly large (>2Gb) XML namespace prefix may lead to null pointer dereference. This may...
7 affected packages
php5, php7.0, php7.2, php7.4, php8.1...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| php5 | Not in release | Not in release | — | — |
| php7.0 | Not in release | Not in release | — | — |
| php7.2 | Not in release | Not in release | — | Fixed |
| php7.4 | Not in release | Not in release | Fixed | — |
| php8.1 | Not in release | Fixed | — | — |
| php8.3 | Fixed | Not in release | — | — |
| php8.4 | Not in release | Not in release | — | — |
In Roundup before 2.5.0, XSS can occur via interaction between URLs and issue tracker templates (devel and responsive).
1 affected package
roundup
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| roundup | Not in release | Not in release | — | — |
A vulnerability classified as problematic has been found in osrg GoBGP up to 3.37.0. Affected is the function SplitRTR of the file pkg/packet/rtr/rtr.go. The manipulation leads to out-of-bounds read. It is possible to launch the...
1 affected package
gobgp
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| gobgp | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Some fixes available 3 of 6
A vulnerability was found in Artifex GhostPDL up to 3989415a5b8e99b9d1b87cc9902bde9b7cdea145. It has been classified as problematic. This affects the function pdf_ferror of the file devices/vector/gdevpdf.c of the component New...
1 affected package
ghostscript
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ghostscript | Fixed | Fixed | Needs evaluation | Needs evaluation |
Some fixes available 6 of 13
The attack vector is a potential Denial of Service (DoS). The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet. An attacker can craft a malicious DNS packet...
8 affected packages
ruby2.3, ruby2.5, ruby2.7, ruby3.0, ruby3.2...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ruby2.3 | Not in release | Not in release | — | — |
| ruby2.5 | Not in release | Not in release | — | Fixed |
| ruby2.7 | Not in release | Not in release | Fixed | — |
| ruby3.0 | Not in release | Fixed | — | — |
| ruby3.2 | Fixed | Not in release | — | — |
| ruby3.3 | Not in release | Not in release | — | — |
| jruby | Needs evaluation | Not in release | Needs evaluation | Needs evaluation |
| rubygems | Not affected | Not affected | — | — |
Not in release
In Canonical Multipass up to and including version 1.15.1 on macOS, incorrect default permissions allow a local attacker to escalate privileges by modifying files executed with administrative privileges by a Launch Daemon during...
1 affected package
multipass
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| multipass | Not in release | Not in release | — | — |