Search CVE reports
721 – 730 of 50662 results
Not in release
A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to certain locations on a vulnerable...
5 affected packages
dotnet6, dotnet7, dotnet8, dotnet9, dotnet10
| Package | 16.04 LTS |
|---|---|
| dotnet6 | Not in release |
| dotnet7 | Not in release |
| dotnet8 | Not in release |
| dotnet9 | Not in release |
| dotnet10 | Not in release |
Wireshark MCP is an MCP Server that turns tshark into a structured analysis interface, then layers in optional Wireshark suite utilities. In 1.1.5 and earlier, wireshark-mcp exposes a wireshark_export_objects MCP tool that accepts...
1 affected package
wireshark
| Package | 16.04 LTS |
|---|---|
| wireshark | Ignored |
HTTP::Tiny versions before 0.093 for Perl do not validate CRLF in HTTP request lines or control field header values. The unvalidated inputs are the method and URI in the request line, the URL host that becomes the `Host:` header,...
1 affected package
libhttp-tiny-perl
| Package | 16.04 LTS |
|---|---|
| libhttp-tiny-perl | Ignored |
libcaca is a colour ASCII art library. In 0.99.beta20 and earlier, an integer overflow vulnerability in libcaca's canvas import functionality allows an attacker to cause a controlled heap out-of-bounds write (heap overflow) by...
1 affected package
libcaca
| Package | 16.04 LTS |
|---|---|
| libcaca | Needs evaluation |
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-21 and 6.9.13-46, a malicious MIFF file could trigger an overflow when a user opens it in the display tool and...
1 affected package
imagemagick
| Package | 16.04 LTS |
|---|---|
| imagemagick | Needs evaluation |
`xml.parsers.expat` and `xml.etree.ElementTree` use insufficient entropy for Expat hash-flooding protection, which allows a crafted XML document to trigger hash flooding.\r\n\r\nFully mitigating this vulnerability requires both...
12 affected packages
python2.7, python3.4, python3.5, python3.6, python3.7...
| Package | 16.04 LTS |
|---|---|
| python2.7 | Needs evaluation |
| python3.4 | — |
| python3.5 | Needs evaluation |
| python3.6 | — |
| python3.7 | — |
| python3.8 | — |
| python3.9 | — |
| python3.10 | — |
| python3.11 | — |
| python3.12 | — |
| python3.13 | — |
| python3.14 | — |
jq is a command-line JSON processor. In 1.8.2rc1 and earlier, the ordinary module loader recurses without cycle detection when two otherwise valid modules include each other.
1 affected package
jq
| Package | 16.04 LTS |
|---|---|
| jq | Ignored |
jq is a command-line JSON processor. In 1.8.1 and earlier, unbounded recursion in jv_object_merge_recursive() allows a crafted jq program to crash the process with a segfault. The function is reachable through the * operator when...
1 affected package
jq
| Package | 16.04 LTS |
|---|---|
| jq | Ignored |
jq is a command-line JSON processor. In 1.8.1 and earlier, jq accepts embedded NUL bytes in import paths at the jq-language level, but later resolves those paths through C string operations during module and data-file lookup. This...
1 affected package
jq
| Package | 16.04 LTS |
|---|---|
| jq | Ignored |
jq is a command-line JSON processor. In 1.8.1 and earlier, when decNumberFromString is given a number literal of INT_MAX-1 (2147483646) digits, the D2U() macro overflows during signed-int arithmetic. The wrapped negative value...
1 affected package
jq
| Package | 16.04 LTS |
|---|---|
| jq | Ignored |