Search CVE reports
581 – 590 of 35777 results
libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point, mishandles checks for whether an elliptic curve point is valid because it sometimes...
1 affected package
libsodium
| Package | 22.04 LTS |
|---|---|
| libsodium | Fixed |
cbor2 provides encoding and decoding for the Concise Binary Object Representation (CBOR) serialization format. Starting in version 3.0.0 and prior to version 5.8.0, whhen a CBORDecoder instance is reused across multiple decode...
1 affected package
cbor2
| Package | 22.04 LTS |
|---|---|
| cbor2 | Needs evaluation |
On Windows only, if libpcap needs to convert a Windows error message to UTF-8 and the message includes characters that UTF-8 represents using 4 bytes, utf_16le_to_utf_8_truncated() can write data beyond the end of the provided buffer.
1 affected package
libpcap
| Package | 22.04 LTS |
|---|---|
| libpcap | Not affected |
pcap_ether_aton() is an auxiliary function in libpcap, it takes a string argument and returns a fixed-size allocated buffer. The string argument must be a well-formed MAC-48 address in one of the supported formats, but this...
1 affected package
libpcap
| Package | 22.04 LTS |
|---|---|
| libpcap | Needs evaluation |
Rejected reason: This candidate is a duplicate of CVE-2017-11359.
1 affected package
sox
| Package | 22.04 LTS |
|---|---|
| sox | Not affected |
URI is a module providing classes to handle Uniform Resource Identifiers. In versions prior to 0.12.5, 0.13.3, and 1.0.4, a bypass exists for the fix to CVE-2025-27221 that can expose user credentials. When using the `+` operator...
7 affected packages
ruby2.3, ruby2.5, ruby2.7, ruby3.0, ruby3.2...
| Package | 22.04 LTS |
|---|---|
| ruby2.3 | Not in release |
| ruby2.5 | Not in release |
| ruby2.7 | Not in release |
| ruby3.0 | Needs evaluation |
| ruby3.2 | Not in release |
| ruby3.3 | Not in release |
| jruby | Not in release |
Not in release
WasmEdge is a WebAssembly runtime. Prior to version 0.16.0-alpha.3, a multiplication in `WasmEdge/include/runtime/instance/memory.h` can wrap, causing `checkAccessBound()` to incorrectly allow the access. This leads to a...
1 affected package
wasmedge
| Package | 22.04 LTS |
|---|---|
| wasmedge | Not in release |
An issue was discovered in matio 1.5.28. A heap-based memory corruption can occur in Mat_VarCreateStruct() when the nfields value does not match the actual number of strings in the fields array. This leads to out-of-bounds reads...
1 affected package
libmatio
| Package | 22.04 LTS |
|---|---|
| libmatio | Vulnerable |
A NULL pointer dereference in the src/path.c component of GNU Unrtf v0.21.10 allows attackers to cause a Denial of Service (DoS) via injecting a crafted payload into the search_path parameter.
1 affected package
unrtf
| Package | 22.04 LTS |
|---|---|
| unrtf | Needs evaluation |
A divide-by-zero in the encryption/decryption routines of GNU Recutils v1.9 allows attackers to cause a Denial of Service (DoS) via inputting an empty value as a password.
1 affected package
recutils
| Package | 22.04 LTS |
|---|---|
| recutils | Needs evaluation |