Search CVE reports
11 – 20 of 42015 results
OpenSSH GSSAPI Key Exchange Pre-Authentication Uninitialized Pointer Dereference, Heap Corruption, and Privsep Boundary Violation
2 affected packages
openssh, openssh-ssh1
| Package | 18.04 LTS |
|---|---|
| openssh | Not affected |
| openssh-ssh1 | Ignored |
A vulnerability was identified in strukturag libheif up to 1.21.2. This impacts the function Track::load of the file libheif/sequences/track.cc of the component stsz/stts. The manipulation leads to out-of-bounds read. The attack...
1 affected package
libheif
| Package | 18.04 LTS |
|---|---|
| libheif | Vulnerable |
A vulnerability was determined in strukturag libheif up to 1.21.2. This affects the function vvdec_push_data2 of the file libheif/plugins/decoder_vvdec.cc of the component HEIF File Parser. Executing a manipulation of the argument...
1 affected package
libheif
| Package | 18.04 LTS |
|---|---|
| libheif | Needs evaluation |
(Calling NSS-backed functions that support caching via nscd may call th ...)
2 affected packages
glibc, eglibc
| Package | 18.04 LTS |
|---|---|
| glibc | Needs evaluation |
| eglibc | — |
Versions of the package spin.js before 3.0.0 are vulnerable to Cross-site Scripting (XSS) via the spin() function that allows a creation of more than 1 alert for each 'target' element. An attacker would need to set an arbitrary...
1 affected package
libjs-spin.js
| Package | 18.04 LTS |
|---|---|
| libjs-spin.js | Needs evaluation |
(yauzl (aka Yet Another Unzip Library) version 3.2.0 for Node.js contai ...)
1 affected package
node-yauzl
| Package | 18.04 LTS |
|---|---|
| node-yauzl | Needs evaluation |
(Tornado is a Python web framework and asynchronous networking library. ...)
1 affected package
python-tornado
| Package | 18.04 LTS |
|---|---|
| python-tornado | Needs evaluation |
(ImageMagick is free and open-source software used for editing and mani ...)
1 affected package
imagemagick
| Package | 18.04 LTS |
|---|---|
| imagemagick | Needs evaluation |
An improper sanitization of the compression_algorithm parameter in Canonical LXD allows an authenticated, unprivileged user to execute commands as the LXD daemon on the LXD server via API calls to the image and backup endpoints....
1 affected package
lxd
| Package | 18.04 LTS |
|---|---|
| lxd | Not affected |
(HashiCorp Consul and Consul Enterprise 1.18.20 up to 1.21.10 and 1.22. ...)
1 affected package
consul
| Package | 18.04 LTS |
|---|---|
| consul | Needs evaluation |