Search CVE reports
21 – 30 of 39691 results
ImageMagick before 7.1.2-18 contains a memory leak vulnerability in the META reader when processing APP1JPEG input paths. Attackers can trigger this memory leak by providing specially crafted APP1JPEG image files, causing denial...
1 affected package
imagemagick
| Package | 24.04 LTS |
|---|---|
| imagemagick | Needs evaluation |
h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. Prior to commit edd7a120bfc4af11ac0cbebce2a43cc1f93f9af1, when h2o processes a QPACK instruction sent from the peer over HTTP/3, lib/http3/qpack.c might allocate...
2 affected packages
h2o, dnsdist
| Package | 24.04 LTS |
|---|---|
| h2o | Needs evaluation |
| dnsdist | Needs evaluation |
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. In affected Mbed TLS backend versions from 0.31.0 through 0.46.1 and wolfSSL backend versions from 0.33.0 through 0.46.1, when cpp-httplib is built...
1 affected package
cpp-httplib
| Package | 24.04 LTS |
|---|---|
| cpp-httplib | Needs evaluation |
Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.13.0, coturn rejects loopback peers by default unless allow-loopback-peers is enabled, but the default loopback guard can be bypassed by using the...
1 affected package
coturn
| Package | 24.04 LTS |
|---|---|
| coturn | Needs evaluation |
Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.13.0, the psd print sessions dump CLI command in coturn takes a filename argument and directly passes it to fopen with no path validation. An...
1 affected package
coturn
| Package | 24.04 LTS |
|---|---|
| coturn | Needs evaluation |
Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.12.0, the coturn HTTPS admin panel passes HTTP query parameters directly into SQL queries via snprintf string interpolation without sanitization. The...
1 affected package
coturn
| Package | 24.04 LTS |
|---|---|
| coturn | Needs evaluation |
ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. From 3.0.0 through 3.0.15, the t:utf8toUnicode transformation in src/actions/transformations/utf8_to_unicode.cc...
1 affected package
modsecurity
| Package | 24.04 LTS |
|---|---|
| modsecurity | Needs evaluation |
ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Prior to 3.0.16, the multipart/form-data request body parser in libmodsecurity silently removes embedded line breaks...
1 affected package
modsecurity
| Package | 24.04 LTS |
|---|---|
| modsecurity | Needs evaluation |
Improper encoding of non-finite floating-point values during MapMessage JSON serialization in Apache Log4j API produces output that is not valid JSON. This issue affects Apache Log4j API versions 2.13.1 through 2.25.4 and version...
1 affected package
apache-log4j2
| Package | 24.04 LTS |
|---|---|
| apache-log4j2 | Needs evaluation |
(In MariaDB server version through 11.8.5, when server audit plugin is ...)
5 affected packages
mariadb, mariadb-10.0, mariadb-10.1, mariadb-10.3, mariadb-10.6
| Package | 24.04 LTS |
|---|---|
| mariadb | Needs evaluation |
| mariadb-10.0 | Not in release |
| mariadb-10.1 | Not in release |
| mariadb-10.3 | Not in release |
| mariadb-10.6 | Not in release |