Search CVE reports
81 – 90 of 30357 results
[Unknown description]
1 affected package
openvpn
| Package | 26.04 LTS |
|---|---|
| openvpn | Needs evaluation |
An invalidly formatted IKEv2 fragment causes the Libreswan pluto daemon to crash and restart. Continued exploitation would cause a denial of service. The function reassemble_v2_incoming_fragments() would ignore unknown...
1 affected package
libreswan
| Package | 26.04 LTS |
|---|---|
| libreswan | Needs evaluation |
security update
8 affected packages
php5, php7.0, php7.2, php7.4, php8.1...
| Package | 26.04 LTS |
|---|---|
| php5 | Not in release |
| php7.0 | Not in release |
| php7.2 | Not in release |
| php7.4 | Not in release |
| php8.1 | Not in release |
| php8.3 | Not in release |
| php8.4 | Not in release |
| php8.5 | Needs evaluation |
An unauthenticated remote attacker can exhaust server memory via the GetEndpoints Discovery Service in open62541. The endpointUrl field of GetEndpointsRequest is not validated for length. An attacker can declare an arbitrarily...
1 affected package
open62541
| Package | 26.04 LTS |
|---|---|
| open62541 | Needs evaluation |
[Unknown description]
1 affected package
openvpn
| Package | 26.04 LTS |
|---|---|
| openvpn | Needs evaluation |
Not in release
Netdata before 2.3.1 reflects the user-supplied love query parameter of the api/v2/ilove.svg and api/v3/ilove.svg endpoints verbatim into the generated SVG document (into a text element) without HTML or XML escaping, and...
1 affected package
netdata
| Package | 26.04 LTS |
|---|---|
| netdata | Not in release |
Not in release
Horde IMP before 7.0.1 contains a path traversal vulnerability in lib/Compose.php that allows authenticated attackers to read arbitrary files from the server filesystem by embedding traversal sequences after a CKEditor path prefix...
1 affected package
php-horde-imp
| Package | 26.04 LTS |
|---|---|
| php-horde-imp | Not in release |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program...
1 affected package
mediawiki
| Package | 26.04 LTS |
|---|---|
| mediawiki | Needs evaluation |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program...
1 affected package
mediawiki
| Package | 26.04 LTS |
|---|---|
| mediawiki | Needs evaluation |
Not in release
Allocation of Resources Without Limits or Throttling (CWE-770) in Elasticsearch can lead to a denial of service via Excessive Allocation (CAPEC-130). A user with elevated privileges can submit a specially crafted machine learning...
1 affected package
elasticsearch
| Package | 26.04 LTS |
|---|---|
| elasticsearch | Not in release |