Search CVE reports
161 – 170 of 30617 results
CVE-2024-40658
Medium priorityIn getConfig of SoftVideoDecoderOMXComponent.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User...
2 affected packages
android-platform-frameworks-native, android-platform-tools
Package | 18.04 LTS |
---|---|
android-platform-frameworks-native | Not affected |
android-platform-tools | — |
CVE-2024-8096
Medium priorityWhen curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it might fail to detect some OCSP problems and instead wrongly consider the...
1 affected packages
curl
Package | 18.04 LTS |
---|---|
curl | Needs evaluation |
CVE-2024-45409
Medium priorityThe Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in <= 12.2 and 1.13.0 <= 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to...
1 affected packages
ruby-saml
Package | 18.04 LTS |
---|---|
ruby-saml | Needs evaluation |
CVE-2024-45590
Medium prioritybody-parser is Node.js body parsing middleware. body-parser <1.20.3 is vulnerable to denial of service when url encoding is enabled. A malicious actor using a specially crafted payload could flood the server with a large number of...
1 affected packages
node-body-parser
Package | 18.04 LTS |
---|---|
node-body-parser | Needs evaluation |
CVE-2024-43800
Medium priorityserve-static serves static files. serve-static passes untrusted user input - even after sanitizing it - to redirect() may execute untrusted code. This issue is patched in serve-static 1.16.0.
1 affected packages
node-serve-static
Package | 18.04 LTS |
---|---|
node-serve-static | Needs evaluation |
CVE-2024-43799
Medium prioritySend is a library for streaming files from the file system as a http response. Send passes untrusted user input to SendStream.redirect() which executes untrusted code. This issue is patched in send 0.19.0.
1 affected packages
node-send
Package | 18.04 LTS |
---|---|
node-send | Needs evaluation |
CVE-2024-43796
Medium priorityExpress.js minimalist web framework for node. In express < 4.20.0, passing untrusted user input - even after sanitizing it - to response.redirect() may execute untrusted code. This issue is patched in express 4.20.0.
1 affected packages
node-express
Package | 18.04 LTS |
---|---|
node-express | Needs evaluation |
CVE-2024-8654
Medium priorityMongoDB Server may access non-initialized region of memory leading to unexpected behaviour when zero arguments are called in internal aggregation stage. This issue affected MongoDB Server v6.0 version 6.0.3.
1 affected packages
mongodb
Package | 18.04 LTS |
---|---|
mongodb | Needs evaluation |
CVE-2024-8443
Medium priorityA heap-based buffer overflow vulnerability was found in the libopensc OpenPGP driver. A crafted USB device or smart card with malicious responses to the APDUs during the card enrollment process using the `pkcs15-init` tool may...
1 affected packages
opensc
Package | 18.04 LTS |
---|---|
opensc | Needs evaluation |
CVE-2024-8645
Low prioritySPRT dissector crash in Wireshark 4.2.0 to 4.0.5 and 4.0.0 to 4.0.15 allows denial of service via packet injection or crafted capture file
1 affected packages
wireshark
Package | 18.04 LTS |
---|---|
wireshark | Needs evaluation |