Search CVE reports
481 – 490 of 35777 results
[qemu: Heap off-by-one in KVM Xen PHYSDEVOP_map_pirq]
1 affected package
qemu
| Package | 22.04 LTS |
|---|---|
| qemu | Not affected |
Some fixes available 1 of 2
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.26 to 1.6.53, there is an integer truncation in the libpng simplified write API...
5 affected packages
libpng, libpng1.6, firefox, thunderbird, chromium-browser
| Package | 22.04 LTS |
|---|---|
| libpng | Not in release |
| libpng1.6 | Fixed |
| firefox | Not affected |
| thunderbird | Needs evaluation |
| chromium-browser | Not affected |
Some fixes available 1 of 2
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.51 to 1.6.53, there is a heap buffer over-read in the libpng simplified API...
5 affected packages
libpng, libpng1.6, firefox, thunderbird, chromium-browser
| Package | 22.04 LTS |
|---|---|
| libpng | Not in release |
| libpng1.6 | Fixed |
| firefox | Not affected |
| thunderbird | Needs evaluation |
| chromium-browser | Not affected |
Not in release
Fulcio is a certificate authority for issuing code signing certificates for an OpenID Connect (OIDC) identity. Prior to 1.8.5, Fulcio's metaRegex() function uses unanchored regex, allowing attackers to bypass MetaIssuer...
1 affected package
golang-github-sigstore-fulcio
| Package | 22.04 LTS |
|---|---|
| golang-github-sigstore-fulcio | Not in release |
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.30.1, a Denial of Service (DoS) vulnerability exists in cpp-httplib due to the unsafe handling of compressed HTTP request bodies...
1 affected package
cpp-httplib
| Package | 22.04 LTS |
|---|---|
| cpp-httplib | Needs evaluation |
wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.0, wlc supported providing unscoped API keys in the setting. This practice was discouraged for years, but the code was never removed. This might cause...
1 affected package
wlc
| Package | 22.04 LTS |
|---|---|
| wlc | Fixed |
wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.0, the SSL verification would be skipped for some crafted URLs. This vulnerability is fixed in 1.17.0.
1 affected package
wlc
| Package | 22.04 LTS |
|---|---|
| wlc | Fixed |
Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, avahi-daemon can be crashed by sending 2 unsolicited announcements with CNAME resource records 2...
1 affected package
avahi
| Package | 22.04 LTS |
|---|---|
| avahi | Fixed |
Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, avahi-daemon can be crashed by sending unsolicited announcements containing CNAME resource...
1 affected package
avahi
| Package | 22.04 LTS |
|---|---|
| avahi | Fixed |
Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, an unprivileged local users can crash avahi-daemon (with wide-area disabled) by creating record...
1 affected package
avahi
| Package | 22.04 LTS |
|---|---|
| avahi | Fixed |