Search CVE reports
71 – 80 of 47037 results
A flaw was found in Undertow. Servlets using a method that calls HttpServletRequestImpl.getParameterNames() can cause an OutOfMemoryError when the client sends a request with large parameter names. This issue can be exploited by...
1 affected package
undertow
| Package | 16.04 LTS |
|---|---|
| undertow | Needs evaluation |
Inciga Web 2.8.2 contains a client-side cross-site scripting vulnerability that allows remote attackers to inject malicious script codes through the icinga.min.js file. Attackers can exploit the EventListener.handleEvent method to...
1 affected package
icingaweb2
| Package | 16.04 LTS |
|---|---|
| icingaweb2 | Needs evaluation |
Code Blocks 17.12 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by crafting a malicious file name with Unicode characters. Attackers can trigger the vulnerability by pasting a...
1 affected package
codeblocks
| Package | 16.04 LTS |
|---|---|
| codeblocks | Needs evaluation |
Code Blocks 20.03 contains a denial of service vulnerability that allows attackers to crash the application by manipulating input in the FSymbols search field. Attackers can paste a large payload of 5000 repeated characters into...
1 affected package
codeblocks
| Package | 16.04 LTS |
|---|---|
| codeblocks | Needs evaluation |
Dolibarr 11.0.3 contains a persistent cross-site scripting vulnerability in LDAP synchronization settings that allows attackers to inject malicious scripts through multiple parameters. Attackers can exploit the host, slave, and...
1 affected package
dolibarr
| Package | 16.04 LTS |
|---|---|
| dolibarr | Needs evaluation |
(In libexpat before 2.7.4, the doContent function does not properly det ...)
23 affected packages
expat, coin3, apache2, apr-util, cmake...
| Package | 16.04 LTS |
|---|---|
| expat | Needs evaluation |
| coin3 | Needs evaluation |
| apache2 | Not affected |
| apr-util | Not affected |
| cmake | Not affected |
| ghostscript | Not affected |
| texlive-bin | Not affected |
| xmlrpc-c | Needs evaluation |
| vnc4 | Needs evaluation |
| wbxml2 | Needs evaluation |
| swish-e | Needs evaluation |
| insighttoolkit4 | Needs evaluation |
| cadaver | Needs evaluation |
| gdcm | Needs evaluation |
| ayttm | Needs evaluation |
| cableswig | Needs evaluation |
| matanza | Needs evaluation |
| tdom | Needs evaluation |
| vtk | Needs evaluation |
| smart | Needs evaluation |
| firefox | — |
| thunderbird | — |
| libxmltok | Needs evaluation |
alsa-lib versions 1.2.2 up to and including 1.2.15.2, prior to commit 5f7fe33, contain a heap-based buffer overflow in the topology mixer control decoder. The tplg_decode_control_mixer1() function reads the num_channels field from...
1 affected package
alsa-lib
| Package | 16.04 LTS |
|---|---|
| alsa-lib | Needs evaluation |
gradle-completion provides Bash and Zsh completion support for Gradle. A command injection vulnerability was found in gradle-completion up to and including 9.3.0 that allows arbitrary code execution when a user triggers Bash tab...
1 affected package
gradle
| Package | 16.04 LTS |
|---|---|
| gradle | Needs evaluation |
tcpflow is a TCP/IP packet demultiplexer. In versions up to and including 1.61, wifipcap parses 802.11 management frame elements and performs a length check on the wrong field when handling the TIM element. A crafted frame with a...
1 affected package
tcpflow
| Package | 16.04 LTS |
|---|---|
| tcpflow | Needs evaluation |
[Unknown description]
3 affected packages
freerdp, freerdp2, freerdp3
| Package | 16.04 LTS |
|---|---|
| freerdp | Needs evaluation |
| freerdp2 | — |
| freerdp3 | — |