Search CVE reports
641 – 650 of 28311 results
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.43.4, negative chunk-size in chunked Transfer-Encoding causes unbounded memory allocation and process crash....
1 affected package
cpp-httplib
| Package | 26.04 LTS |
|---|---|
| cpp-httplib | Needs evaluation |
The brace-expansion library generates arbitrary strings containing a common prefix and suffix. From 5.0.0 to before 5.0.6, the max option was being applied too late. When expanding a single large numeric range like {1..10000000},...
1 affected package
node-brace-expansion
| Package | 26.04 LTS |
|---|---|
| node-brace-expansion | Needs evaluation |
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, FreeRDP's RDPEAR NDR parser accepts one non-null NDR pointer ref-id for multiple logical pointer fields without tracking the pointed...
3 affected packages
freerdp, freerdp2, freerdp3
| Package | 26.04 LTS |
|---|---|
| freerdp | Not in release |
| freerdp2 | Not in release |
| freerdp3 | Needs evaluation |
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP server can trigger a heap-buffer-overflow write in the FreeRDP client by sending crafted RDPGFX PDUs. The bug is...
3 affected packages
freerdp, freerdp2, freerdp3
| Package | 26.04 LTS |
|---|---|
| freerdp | Not in release |
| freerdp2 | Not in release |
| freerdp3 | Needs evaluation |
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP client can trigger a heap-buffer-overflow write in FreeRDP's server-side clipboard (cliprdr) channel by sending a CB_CLIP_CAPS PDU...
3 affected packages
freerdp, freerdp2, freerdp3
| Package | 26.04 LTS |
|---|---|
| freerdp | Not in release |
| freerdp2 | Not in release |
| freerdp3 | Needs evaluation |
Decoding a paletted BMP file with an out-of-range palette index results in a panic when accessing pixels in the invalid image.
1 affected package
golang-golang-x-image
| Package | 26.04 LTS |
|---|---|
| golang-golang-x-image | Needs evaluation |
GitHub CLI (gh) is GitHub’s official command line tool. Prior to 2.93.0, GitHub CLI incorrectly includes authorization header in API requests to TUF repository mirrors via gh attestation, gh release verify, and gh...
2 affected packages
golang-github-cli-go-gh, golang-github-cli-go-gh-v2
| Package | 26.04 LTS |
|---|---|
| golang-github-cli-go-gh | Needs evaluation |
| golang-github-cli-go-gh-v2 | Needs evaluation |
Not in release
Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, Mermaid's default configuration allows injecting CSS that applies outside of the Mermaid diagram...
1 affected package
node-mermaid
| Package | 26.04 LTS |
|---|---|
| node-mermaid | Not in release |
Not in release
Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, there is a denial-of-service attack when rendering gantt charts, if they use the excludes...
1 affected package
node-mermaid
| Package | 26.04 LTS |
|---|---|
| node-mermaid | Not in release |
Exim 4.88 before 4.99.4, in some proxy configurations, mishandles certain short payloads, leading to disclosure of uninitialized stack memory values to a client.
1 affected package
exim4
| Package | 26.04 LTS |
|---|---|
| exim4 | Fixed |