Search CVE reports
181 – 190 of 39796 results
Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.12.0, the coturn HTTPS admin panel passes HTTP query parameters directly into SQL queries via snprintf string interpolation without sanitization. The...
1 affected package
coturn
| Package | 24.04 LTS |
|---|---|
| coturn | Needs evaluation |
GNU Wget does not validate the IP address provided by an FTP PASV response while operating in FTP passive mode. A malicious FTP server, or an HTTP server that redirects to an FTP URL, can exploit this behavior to redirect Wget’s...
1 affected package
wget
| Package | 24.04 LTS |
|---|---|
| wget | Needs evaluation |
Apprise is an open source library which allows you to send a notification to almost all of the most popular notification services available. Prior to 1.11.0, Apprise HTTP-based notification plugins and HTTP attachment and config...
1 affected package
apprise
| Package | 24.04 LTS |
|---|---|
| apprise | Needs evaluation |
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. In affected Mbed TLS backend versions from 0.31.0 through 0.46.1 and wolfSSL backend versions from 0.33.0 through 0.46.1, when cpp-httplib is built...
1 affected package
cpp-httplib
| Package | 24.04 LTS |
|---|---|
| cpp-httplib | Needs evaluation |
ImageMagick before 7.1.2-15 contains a use-after-free vulnerability in the PDB decoder that uses a stale pointer when memory allocation fails. Attackers can trigger this vulnerability by processing malicious PDB files to cause...
1 affected package
imagemagick
| Package | 24.04 LTS |
|---|---|
| imagemagick | Needs evaluation |
ImageMagick before 7.1.2-18 contains a memory leak vulnerability in the META reader when processing APP1JPEG input paths. Attackers can trigger this memory leak by providing specially crafted APP1JPEG image files, causing denial...
1 affected package
imagemagick
| Package | 24.04 LTS |
|---|---|
| imagemagick | Needs evaluation |
mtr is vulnerable to Out-of-bound read vulnerability in ipinfo_lookup() function. An attacker who can influence the TXT response used for AS lookups can trigger this bug by returning a DNS response that is larger than 512 bytes...
1 affected package
mtr
| Package | 24.04 LTS |
|---|---|
| mtr | Needs evaluation |
In OpenStack Ironic before 37.0.1, an Ironic user with the ability to deploy nodes using the IPMI management interface can maliciously use the send_raw step to send arbitrary IPMI commands to a node, bypassing Ironic's access control.
1 affected package
ironic
| Package | 24.04 LTS |
|---|---|
| ironic | Needs evaluation |
OpenStack Ironic through before 37.0.1 allows creation or modification of nodes cross-project without authorization.
1 affected package
ironic
| Package | 24.04 LTS |
|---|---|
| ironic | Needs evaluation |
Vim is an open source, command line text editor. Prior to 9.2.0735, the C omni-completion script in runtime/autoload/ccomplete.vim interpolates the typeref: or typename: extension field of a tags entry, without escaping, into a...
1 affected package
vim
| Package | 24.04 LTS |
|---|---|
| vim | Fixed |