Search CVE reports
41 – 50 of 36050 results
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API...
5 affected packages
libpng, libpng1.6, firefox, thunderbird, chromium-browser
| Package | 22.04 LTS |
|---|---|
| libpng | Not in release |
| libpng1.6 | Needs evaluation |
| firefox | Not affected |
| thunderbird | Not affected |
| chromium-browser | Not affected |
Not in release
The internal locking mechanism of the MongoDB server uses an internal encoding of the resources in order to choose what lock to take. Collections may inadvertently collide with one another in this representation...
1 affected package
mongodb
| Package | 22.04 LTS |
|---|---|
| mongodb | Not in release |
Not in release
A series of specifically crafted, unauthenticated messages can exhaust available memory and crash a MongoDB server.
1 affected package
mongodb
| Package | 22.04 LTS |
|---|---|
| mongodb | Not in release |
Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, the getSwimlane API method lacks project-level authorization, allowing authenticated users to access swimlane data from projects they cannot...
2 affected packages
kanboard-cli, python-kanboard
| Package | 22.04 LTS |
|---|---|
| kanboard-cli | Needs evaluation |
| python-kanboard | Needs evaluation |
Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, a Cross-Site Request Forgery (CSRF) vulnerability exists in the ProjectPermissionController within the Kanboard application. The application...
2 affected packages
kanboard-cli, python-kanboard
| Package | 22.04 LTS |
|---|---|
| kanboard-cli | Needs evaluation |
| python-kanboard | Needs evaluation |
A security vulnerability has been detected in ckolivas lrzip up to 0.651. This vulnerability affects the function ucompthread of the file stream.c. Such manipulation leads to null pointer dereference. The attack can only...
1 affected package
lrzip
| Package | 22.04 LTS |
|---|---|
| lrzip | Needs evaluation |
A vulnerability was found in ckolivas lrzip up to 0.651. This impacts the function lzma_decompress_buf of the file stream.c. Performing a manipulation results in use after free. Attacking locally is a requirement. The exploit has...
1 affected package
lrzip
| Package | 22.04 LTS |
|---|---|
| lrzip | Needs evaluation |
A flaw has been found in Artifex MuPDF up to 1.26.1 on Windows. The impacted element is the function get_system_dpi of the file platform/x11/win_main.c. This manipulation causes uncontrolled search path. The attack requires local...
1 affected package
mupdf
| Package | 22.04 LTS |
|---|---|
| mupdf | Ignored |
Observable Timing Discrepancy vulnerability in Apache Shiro. This issue affects Apache Shiro: from 1.*, 2.* before 2.0.7. Users are recommended to upgrade to version 2.0.7 or later, which fixes the issue. Prior to Shiro 2.0.7,...
1 affected package
shiro
| Package | 22.04 LTS |
|---|---|
| shiro | Needs evaluation |
Some fixes available 1 of 3
Improper handling of missing special element in .NET allows an unauthorized attacker to perform spoofing over a network.
5 affected packages
dotnet6, dotnet7, dotnet8, dotnet9, dotnet10
| Package | 22.04 LTS |
|---|---|
| dotnet6 | Needs evaluation |
| dotnet7 | Ignored |
| dotnet8 | Fixed |
| dotnet9 | Not in release |
| dotnet10 | Not in release |