Search CVE reports
331 – 340 of 35526 results
cbor2 provides encoding and decoding for the Concise Binary Object Representation (CBOR) serialization format. Starting in version 3.0.0 and prior to version 5.8.0, whhen a CBORDecoder instance is reused across multiple decode...
1 affected package
cbor2
| Package | 22.04 LTS |
|---|---|
| cbor2 | Needs evaluation |
On Windows only, if libpcap needs to convert a Windows error message to UTF-8 and the message includes characters that UTF-8 represents using 4 bytes, utf_16le_to_utf_8_truncated() can write data beyond the end of the provided buffer.
1 affected package
libpcap
| Package | 22.04 LTS |
|---|---|
| libpcap | Not affected |
pcap_ether_aton() is an auxiliary function in libpcap, it takes a string argument and returns a fixed-size allocated buffer. The string argument must be a well-formed MAC-48 address in one of the supported formats, but this...
1 affected package
libpcap
| Package | 22.04 LTS |
|---|---|
| libpcap | Needs evaluation |
Rejected reason: This candidate is a duplicate of CVE-2017-11359.
1 affected package
sox
| Package | 22.04 LTS |
|---|---|
| sox | Not affected |
URI is a module providing classes to handle Uniform Resource Identifiers. In versions prior to 0.12.5, 0.13.3, and 1.0.4, a bypass exists for the fix to CVE-2025-27221 that can expose user credentials. When using the `+` operator...
7 affected packages
ruby2.3, ruby2.5, ruby2.7, ruby3.0, ruby3.2...
| Package | 22.04 LTS |
|---|---|
| ruby2.3 | Not in release |
| ruby2.5 | Not in release |
| ruby2.7 | Not in release |
| ruby3.0 | Needs evaluation |
| ruby3.2 | Not in release |
| ruby3.3 | Not in release |
| jruby | Not in release |
Not in release
WasmEdge is a WebAssembly runtime. Prior to version 0.16.0-alpha.3, a multiplication in `WasmEdge/include/runtime/instance/memory.h` can wrap, causing `checkAccessBound()` to incorrectly allow the access. This leads to a...
1 affected package
wasmedge
| Package | 22.04 LTS |
|---|---|
| wasmedge | Not in release |
An issue was discovered in matio 1.5.28. A heap-based memory corruption can occur in Mat_VarCreateStruct() when the nfields value does not match the actual number of strings in the fields array. This leads to out-of-bounds reads...
1 affected package
libmatio
| Package | 22.04 LTS |
|---|---|
| libmatio | Vulnerable |
A NULL pointer dereference in the src/path.c component of GNU Unrtf v0.21.10 allows attackers to cause a Denial of Service (DoS) via injecting a crafted payload into the search_path parameter.
1 affected package
unrtf
| Package | 22.04 LTS |
|---|---|
| unrtf | Needs evaluation |
A divide-by-zero in the encryption/decryption routines of GNU Recutils v1.9 allows attackers to cause a Denial of Service (DoS) via inputting an empty value as a password.
1 affected package
recutils
| Package | 22.04 LTS |
|---|---|
| recutils | Needs evaluation |
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-12, in the WriteSVGImage function, using an int variable to store number_attributes caused an integer overflow....
1 affected package
imagemagick
| Package | 22.04 LTS |
|---|---|
| imagemagick | Needs evaluation |