Search CVE reports
31 – 40 of 35767 results
Amplification vulnerabilities via self-pointed glue records
3 affected packages
bind9, isc-dhcp, bind9-libs
| Package | 24.04 LTS |
|---|---|
| bind9 | Needs evaluation |
| isc-dhcp | Needs evaluation |
| bind9-libs | Not in release |
NLnet Labs Unbound 1.6.2 up to and including version 1.25.0 has a denial of service vulnerability when compiled with DNSCrypt support ('--enable-dnscrypt'). A bad DNSCrypt query could underflow Unbound's DNSCrypt packet reading...
1 affected package
unbound
| Package | 24.04 LTS |
|---|---|
| unbound | Fixed |
BIND 9 server memory exhaustion during GSS-API TKEY negotiation
3 affected packages
bind9, isc-dhcp, bind9-libs
| Package | 24.04 LTS |
|---|---|
| bind9 | Needs evaluation |
| isc-dhcp | Needs evaluation |
| bind9-libs | Not in release |
libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, when decoding a HEIF grid image with strict_decoding=false (the default), a corrupted tile silently fails to decode and the library returns...
1 affected package
libheif
| Package | 24.04 LTS |
|---|---|
| libheif | Needs evaluation |
libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and prior contain a heap-buffer-overflow (write) vulnerability in the grid tile compositing, allowing an attacker to write 64 bytes of...
1 affected package
libheif
| Package | 24.04 LTS |
|---|---|
| libheif | Needs evaluation |
Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. Versions 2.0.0 through 2.14.1 still allow protocol-relative host override when the request target is passed as a URI object...
1 affected package
ruby-faraday
| Package | 24.04 LTS |
|---|---|
| ruby-faraday | Needs evaluation |
libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 792-byte HEIF sequence file with samples_per_chunk=0 in the stsc box causes an unsigned integer underflow in the Chunk constructor...
1 affected package
libheif
| Package | 24.04 LTS |
|---|---|
| libheif | Needs evaluation |
The JSONSerializer and CBORSerializer in APScheduler (all versions including 3.10.x and 4.0.0a5) are vulnerable to Remote Code Execution (RCE) via Insecure Deserialization. The unmarshal_object function allows for arbitrary class...
1 affected package
apscheduler
| Package | 24.04 LTS |
|---|---|
| apscheduler | Needs evaluation |
NGINX JavaScript has a vulnerability when the js_fetch_proxy directive is configured with at least one client-controlled NGINX variable (for example, $http_*, $arg_*, $cookie_*) and a location invoking the ngx.fetch() operation...
1 affected package
libnginx-mod-js
| Package | 24.04 LTS |
|---|---|
| libnginx-mod-js | Needs evaluation |
Privilege escalation in the Application Update component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.
9 affected packages
firefox, thunderbird, mozjs38, mozjs52, mozjs68...
| Package | 24.04 LTS |
|---|---|
| firefox | Not affected |
| thunderbird | Not affected |
| mozjs38 | Not in release |
| mozjs52 | Not in release |
| mozjs68 | Not in release |
| mozjs78 | Not in release |
| mozjs91 | Not in release |
| mozjs102 | Ignored |
| mozjs115 | Ignored |