Search CVE reports
521 – 530 of 50428 results
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the PDO Firebird driver improperly handles NUL bytes when preparing SQL queries. During token-by-token query construction, a...
8 affected packages
php8.5, php8.1, php8.3, php8.4, php5...
| Package | 16.04 LTS |
|---|---|
| php8.5 | — |
| php8.1 | — |
| php8.3 | — |
| php8.4 | — |
| php5 | — |
| php7.0 | Needs evaluation |
| php7.2 | — |
| php7.4 | — |
A vulnerability has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this issue is the function GDSDfldsrch of the file frmts/hdf4/hdf-eos/GDapi.c of the component Grid File Handler. The manipulation leads to heap-based...
1 affected package
gdal
| Package | 16.04 LTS |
|---|---|
| gdal | Ignored |
A flaw has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this vulnerability is the function SWSDfldsrch of the file frmts/hdf4/hdf-eos/SWapi.c. Executing a manipulation can lead to heap-based buffer overflow. The attack...
1 affected package
gdal
| Package | 16.04 LTS |
|---|---|
| gdal | Ignored |
Kdenlive before 26.04.1 allows dangerous proxy parameters when an attacker-controlled project file is used.
1 affected package
kdenlive
| Package | 16.04 LTS |
|---|---|
| kdenlive | Ignored |
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, symbol arguments to commands are vulnerable to a CRLF Injection / IMAP Command injection via...
7 affected packages
ruby2.3, ruby2.5, ruby2.7, ruby3.0, ruby3.2...
| Package | 16.04 LTS |
|---|---|
| ruby2.3 | Needs evaluation |
| ruby2.5 | — |
| ruby2.7 | — |
| ruby3.0 | — |
| ruby3.2 | — |
| ruby3.3 | — |
| jruby | Ignored |
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, several Net::IMAP commands accept a raw string argument that is sent to the server without...
7 affected packages
ruby2.5, ruby2.3, ruby2.7, ruby3.0, ruby3.2...
| Package | 16.04 LTS |
|---|---|
| ruby2.5 | — |
| ruby2.3 | Needs evaluation |
| ruby2.7 | — |
| ruby3.0 | — |
| ruby3.2 | — |
| ruby3.3 | — |
| jruby | Ignored |
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. From versions 0.4.0 to before 0.4.24, 0.5.0 to before 0.5.14, and 0.6.0 to before 0.6.4, when authenticating a connection with SCRAM-SHA1...
7 affected packages
ruby2.3, ruby2.5, ruby2.7, ruby3.0, ruby3.2...
| Package | 16.04 LTS |
|---|---|
| ruby2.3 | Needs evaluation |
| ruby2.5 | — |
| ruby2.7 | — |
| ruby3.0 | — |
| ruby3.2 | — |
| ruby3.3 | — |
| jruby | Ignored |
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4, a man-in-the-middle attacker can cause Net::IMAP#starttls to return "successfully",...
7 affected packages
ruby2.5, ruby2.3, ruby2.7, ruby3.0, ruby3.2...
| Package | 16.04 LTS |
|---|---|
| ruby2.5 | — |
| ruby2.3 | Needs evaluation |
| ruby2.7 | — |
| ruby3.0 | — |
| ruby3.2 | — |
| ruby3.3 | — |
| jruby | Ignored |
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, Net::IMAP::ResponseReader has quadratic time complexity when reading large responses...
7 affected packages
ruby2.5, ruby2.3, ruby2.7, ruby3.0, ruby3.2...
| Package | 16.04 LTS |
|---|---|
| ruby2.5 | — |
| ruby2.3 | Needs evaluation |
| ruby2.7 | — |
| ruby3.0 | — |
| ruby3.2 | — |
| ruby3.3 | — |
| jruby | Ignored |
Pillow is a Python imaging library. From version 10.3.0 to before version 12.2.0, processing a malicious PSD file could lead to memory corruption, potentially resulting in a crash or arbitrary code execution. This issue has been...
2 affected packages
pillow, pillow-python2
| Package | 16.04 LTS |
|---|---|
| pillow | Needs evaluation |
| pillow-python2 | — |