Search CVE reports
81 – 90 of 39594 results
A Stored Cross Site Scripting vulnerability exists in CiviCRM before v6.7 in the Accounting Batches field. An authenticated user can inject malicious JavaScript into this field and it executes whenever the page is viewed.
1 affected package
civicrm
| Package | 18.04 LTS |
|---|---|
| civicrm | Needs evaluation |
An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. Algorithmic complexity in `django.core.serializers.xml_serializer.getInnerText()` allows a remote attacker to cause a potential...
1 affected package
python-django
| Package | 18.04 LTS |
|---|---|
| python-django | Fixed |
An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. `FilteredRelation` is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the...
1 affected package
python-django
| Package | 18.04 LTS |
|---|---|
| python-django | Not affected |
A use-after-free in the MPEG1or2Demux::newElementaryStream() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MPEG Program stream.
1 affected package
liblivemedia
| Package | 18.04 LTS |
|---|---|
| liblivemedia | Needs evaluation |
When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues
12 affected packages
python2.7, python3.4, python3.5, python3.6, python3.7...
| Package | 18.04 LTS |
|---|---|
| python2.7 | Needs evaluation |
| python3.4 | — |
| python3.5 | — |
| python3.6 | Needs evaluation |
| python3.7 | Needs evaluation |
| python3.8 | Needs evaluation |
| python3.9 | — |
| python3.10 | — |
| python3.11 | — |
| python3.12 | — |
| python3.13 | — |
| python3.14 | — |
When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory,...
12 affected packages
python2.7, python3.4, python3.5, python3.6, python3.7...
| Package | 18.04 LTS |
|---|---|
| python2.7 | Needs evaluation |
| python3.4 | — |
| python3.5 | — |
| python3.6 | Needs evaluation |
| python3.7 | Needs evaluation |
| python3.8 | Needs evaluation |
| python3.9 | — |
| python3.10 | — |
| python3.11 | — |
| python3.12 | — |
| python3.13 | — |
| python3.14 | — |
A NULL pointer dereference in the ADTSAudioFileServerMediaSubsession::createNewRTPSink() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via supplying a crafted ADTS file.
1 affected package
liblivemedia
| Package | 18.04 LTS |
|---|---|
| liblivemedia | Needs evaluation |
A heap overflow in the MatroskaFile::createRTPSinkForTrackNumber() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MKV file.
1 affected package
liblivemedia
| Package | 18.04 LTS |
|---|---|
| liblivemedia | Needs evaluation |
A use-after-free in the ADTSAudioFileSource::samplingFrequency() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via supplying a crafted ADTS/AAC file.
1 affected package
liblivemedia
| Package | 18.04 LTS |
|---|---|
| liblivemedia | Needs evaluation |
A buffer overflow in the getSideInfo2() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via a crafted MP3 stream.
1 affected package
liblivemedia
| Package | 18.04 LTS |
|---|---|
| liblivemedia | Needs evaluation |