Search CVE reports
71 – 80 of 37304 results
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. In versions 1.2.1 through 1.6.55, `png_set_tRNS` and `png_set_PLTE` each alias a...
5 affected packages
libpng, libpng1.6, firefox, thunderbird, chromium-browser
| Package | 22.04 LTS |
|---|---|
| libpng | Not in release |
| libpng1.6 | Needs evaluation |
| firefox | Not affected |
| thunderbird | Not affected |
| chromium-browser | Not affected |
etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.42, 3.5.28, and 3.6.9, unauthorized users may bypass authentication or authorization checks and call certain etcd functions...
1 affected package
etcd
| Package | 22.04 LTS |
|---|---|
| etcd | Needs evaluation |
etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.42, 3.5.28, and 3.6.9, an authenticated user with RBAC restricted permissions on key ranges can use nested transactions to bypass...
1 affected package
etcd
| Package | 22.04 LTS |
|---|---|
| etcd | Needs evaluation |
calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.6.0, a path traversal vulnerability exists in Calibre' handling of images in Markdown and other similar...
1 affected package
calibre
| Package | 22.04 LTS |
|---|---|
| calibre | Needs evaluation |
calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.6.0, a Server-Side Request Forgery vulnerability in the background-image endpoint of calibre e-book reader's...
1 affected package
calibre
| Package | 22.04 LTS |
|---|---|
| calibre | Needs evaluation |
Boolean XPath expressions that evaluate to true can cause an infinite loop in logicalQuery.Select, leading to 100% CPU usage. This can be triggered by top-level selectors such as "1=1" or "true()".
1 affected package
golang-github-antchfx-xpath
| Package | 22.04 LTS |
|---|---|
| golang-github-antchfx-xpath | Needs evaluation |
Not in release
The DataRow.Decode function fails to properly validate field lengths. A malicious or compromised PostgreSQL server can send a DataRow message with a negative field length, causing a slice bounds out of range panic.
1 affected package
golang-github-jackc-pgproto3
| Package | 22.04 LTS |
|---|---|
| golang-github-jackc-pgproto3 | Not in release |
The Delete function fails to properly validate offsets when processing malformed JSON input. This can lead to a negative slice index and a runtime panic, allowing a denial of service attack.
1 affected package
golang-github-buger-jsonparser
| Package | 22.04 LTS |
|---|---|
| golang-github-buger-jsonparser | Needs evaluation |
5 affected packages
webkitgtk, webkit2gtk, qtwebkit-source, qtwebkit-opensource-src, wpewebkit
| Package | 22.04 LTS |
|---|---|
| webkitgtk | Not in release |
| webkit2gtk | Vulnerable |
| qtwebkit-source | Not in release |
| qtwebkit-opensource-src | Ignored |
| wpewebkit | Ignored |
5 affected packages
webkitgtk, webkit2gtk, qtwebkit-source, qtwebkit-opensource-src, wpewebkit
| Package | 22.04 LTS |
|---|---|
| webkitgtk | Not in release |
| webkit2gtk | Vulnerable |
| qtwebkit-source | Not in release |
| qtwebkit-opensource-src | Ignored |
| wpewebkit | Ignored |