Search CVE reports
71 – 80 of 42015 results
CRLF injection in soup_message_headers_set_content_type()
2 affected packages
libsoup2.4, libsoup3
| Package | 18.04 LTS |
|---|---|
| libsoup2.4 | Vulnerable |
| libsoup3 | — |
CRLF injection in soup_message_new() when method is user provided
2 affected packages
libsoup2.4, libsoup3
| Package | 18.04 LTS |
|---|---|
| libsoup2.4 | Vulnerable |
| libsoup3 | — |
CRLF injection in hostname leading to request smuggling via URL
2 affected packages
libsoup2.4, libsoup3
| Package | 18.04 LTS |
|---|---|
| libsoup2.4 | Vulnerable |
| libsoup3 | — |
A weakness has been identified in libssh up to 0.11.3. The impacted element is the function sftp_extensions_get_name/sftp_extensions_get_data of the file src/sftp.c of the component SFTP Extension Name Handler. Executing...
1 affected package
libssh
| Package | 18.04 LTS |
|---|---|
| libssh | Vulnerable |
A flaw has been found in pnggroup libpng up to 1.6.55. Affected by this vulnerability is the function do_pnm2png of the file contrib/pngminus/pnm2png.c of the component pnm2png. This manipulation of the argument width/height...
5 affected packages
libpng, libpng1.6, firefox, thunderbird, chromium-browser
| Package | 18.04 LTS |
|---|---|
| libpng | — |
| libpng1.6 | Not affected |
| firefox | — |
| thunderbird | — |
| chromium-browser | — |
A vulnerability was determined in mkj Dropbear up to 2025.89. Impacted is the function unpackneg of the file src/curve25519.c of the component S Range Check. This manipulation causes improper verification of cryptographic...
1 affected package
dropbear
| Package | 18.04 LTS |
|---|---|
| dropbear | Needs evaluation |
node-tar is a full-featured Tar for Node.js. Prior to version 7.5.10, tar can be tricked into creating a hardlink that points outside the extraction directory by using a drive-relative link target such as C:../target.txt, which...
1 affected package
node-tar
| Package | 18.04 LTS |
|---|---|
| node-tar | Needs evaluation |
Improper handling of configuration values in ZKConfig in Apache ZooKeeper 3.8.5 and 3.9.4 on all platforms allows an attacker to expose sensitive information stored in client configuration in the client's logfile. Configuration...
1 affected package
zookeeper
| Package | 18.04 LTS |
|---|---|
| zookeeper | Needs evaluation |
Hostname verification in Apache ZooKeeper ZKTrustManager falls back to reverse DNS (PTR) when IP SAN validation fails, allowing attackers who control or spoof PTR records to impersonate ZooKeeper servers or clients with a valid...
1 affected package
zookeeper
| Package | 18.04 LTS |
|---|---|
| zookeeper | Needs evaluation |
It was discovered that dpkg-deb (a component of dpkg, the Debian package management system) does not properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive, which may result in denial of...
1 affected package
dpkg
| Package | 18.04 LTS |
|---|---|
| dpkg | Needs evaluation |