Search CVE reports
381 – 390 of 50428 results
In memcached before 1.6.42, username data for SASL password database authentication has a timing side channel because a loop exits as soon as a valid username is found by sasl_server_userdb_checkpass.
1 affected package
memcached
| Package | 16.04 LTS |
|---|---|
| memcached | Needs evaluation |
An unbounded resend loop vulnerability exists in the BIND 9 resolver state machine during bad-server handling, enabling a remote unauthenticated attacker to cause severe resource exhaustion by sending queries that trigger specific...
3 affected packages
bind9, isc-dhcp, bind9-libs
| Package | 16.04 LTS |
|---|---|
| bind9 | Needs evaluation |
| isc-dhcp | Not affected |
| bind9-libs | — |
Undefined behavior may result due to a race condition leading to a use-after-free violation. If BIND receives an incoming DNS message signed with SIG(0), it begins work to validate that signature. If, during that validation, the...
3 affected packages
bind9, isc-dhcp, bind9-libs
| Package | 16.04 LTS |
|---|---|
| bind9 | Not affected |
| isc-dhcp | Not affected |
| bind9-libs | — |
Multiple flaws have been identified in `named` related to the handling of DNS messages whose CLASS is not Internet (`IN`) — for example, `CHAOS` or `HESIOD`, or DNS messages that specify meta-classes (`ANY` or `NONE`) in the...
3 affected packages
bind9, isc-dhcp, bind9-libs
| Package | 16.04 LTS |
|---|---|
| bind9 | Needs evaluation |
| isc-dhcp | Not affected |
| bind9-libs | — |
PDF /GoToR action argv injection enables single-click RCE via --gtk-module dlopen
4 affected packages
atril, evince, evince-gtk3, papers
| Package | 16.04 LTS |
|---|---|
| atril | — |
| evince | Needs evaluation |
| evince-gtk3 | — |
| papers | — |
[Heap OOB Read in VLAN Decapsulation memmove]
2 affected packages
lldpd, openvswitch
| Package | 16.04 LTS |
|---|---|
| lldpd | — |
| openvswitch | Needs evaluation |
Rsync versions before 3.4.3 contain an off-by-one out-of-bounds stack write vulnerability in the establish_proxy_connection() function in socket.c that allows network attackers to corrupt stack memory by sending a malformed HTTP...
1 affected package
rsync
| Package | 16.04 LTS |
|---|---|
| rsync | Needs evaluation |
NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a locking inconsistency vulnerability that when certain conditions are met (multi-threaded, RPZ XFR reload, RPZ zone with 'rpz-nsip'/'rpz-nsdname' triggers) it could...
1 affected package
unbound
| Package | 16.04 LTS |
|---|---|
| unbound | Needs evaluation |
NLnet Labs Unbound up to and including version 1.25.0 has a vulnerability when handling replies with very large RRsets that Unbound needs to perform name compression for. Malicious upstream responses with very large RRsets with...
1 affected package
unbound
| Package | 16.04 LTS |
|---|---|
| unbound | Needs evaluation |
[Unknown description]
1 affected package
vim
| Package | 16.04 LTS |
|---|---|
| vim | Needs evaluation |