Search CVE reports
131 – 140 of 26524 results
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4, a man-in-the-middle attacker can cause Net::IMAP#starttls to return "successfully",...
7 affected packages
ruby2.3, ruby2.5, ruby2.7, ruby3.0, ruby3.2...
| Package | 26.04 LTS |
|---|---|
| ruby2.3 | Not in release |
| ruby2.5 | Not in release |
| ruby2.7 | Not in release |
| ruby3.0 | Not in release |
| ruby3.2 | Not in release |
| ruby3.3 | Needs evaluation |
| jruby | Needs evaluation |
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, Net::IMAP::ResponseReader has quadratic time complexity when reading large responses...
7 affected packages
ruby2.3, ruby2.5, ruby2.7, ruby3.0, ruby3.2...
| Package | 26.04 LTS |
|---|---|
| ruby2.3 | Not in release |
| ruby2.5 | Not in release |
| ruby2.7 | Not in release |
| ruby3.0 | Not in release |
| ruby3.2 | Not in release |
| ruby3.3 | Needs evaluation |
| jruby | Needs evaluation |
Pillow is a Python imaging library. From version 4.2.0 to before version 12.2.0, an attacker can supply a malicious PDF that causes the process to hang indefinitely, consuming 100% CPU and making the application unresponsive. This...
2 affected packages
pillow, pillow-python2
| Package | 26.04 LTS |
|---|---|
| pillow | Needs evaluation |
| pillow-python2 | Not in release |
Pillow is a Python imaging library. From version 11.2.1 to before version 12.2.0, passing nested lists as coordinates to APIs that accept coordinates such as ImagePath.Path, ImageDraw.ImageDraw.polygon and ImageDraw.ImageDraw.line...
2 affected packages
pillow, pillow-python2
| Package | 26.04 LTS |
|---|---|
| pillow | Needs evaluation |
| pillow-python2 | Not in release |
Pillow is a Python imaging library. Prior to version 12.2.0, if a font advances for each glyph by an exceeding large amount, when Pillow keeps track of the current position, it may lead to an integer overflow. This issue has been...
2 affected packages
pillow, pillow-python2
| Package | 26.04 LTS |
|---|---|
| pillow | Needs evaluation |
| pillow-python2 | Not in release |
PgBouncer before 1.25.2 did not perform an appropriate authorization check for the KILL_CLIENT admin command. All users with access to the administration console (which itself requires authorization) could run this command. It...
1 affected package
pgbouncer
| Package | 26.04 LTS |
|---|---|
| pgbouncer | Needs evaluation |
A possible null pointer reference in PgBouncer before 1.25.2 could lead to a crash, if a server sends an error response without SQLSTATE field.
1 affected package
pgbouncer
| Package | 26.04 LTS |
|---|---|
| pgbouncer | Needs evaluation |
The SCRAM code in PgBouncer before 1.25.2 did not check the return value of strlcat() correctly when building the contents of the SCRAM client-final-message. A malicious backend that sends a SCRAM server-final-message with a long...
1 affected package
pgbouncer
| Package | 26.04 LTS |
|---|---|
| pgbouncer | Needs evaluation |
An integer overflow in network packet parsing code in PgBouncer before 1.25.2 bypasses a boundary check and can lead to a crash. An unauthenticated remote attacker can crash PgBouncer with a malformed SCRAM authentication packet.
1 affected package
pgbouncer
| Package | 26.04 LTS |
|---|---|
| pgbouncer | Needs evaluation |
Vim is an open source, command line text editor. Prior to version 9.2.0450, a heap buffer overflow exists in read_compound() in src/spellfile.c when loading a crafted spell file (.spl) with UTF-8 encoding active....
1 affected package
vim
| Package | 26.04 LTS |
|---|---|
| vim | Needs evaluation |