Search CVE reports
91 – 100 of 33063 results
Action Pack is a Rubygem for building web applications on the Rails framework. In versions on the 8.1 branch prior to 8.1.2.1, the debug exceptions page does not properly escape exception messages. A carefully crafted exception...
1 affected package
rails
| Package | 24.04 LTS |
|---|---|
| rails | Needs evaluation |
Socket.IO is an open source, real-time, bidirectional, event-based, communication framework. Prior to versions 3.3.5, 3.4.4, and 4.2.6, a specially crafted Socket.IO packet can make the server wait for a large number of binary...
1 affected package
node-socket.io-parser
| Package | 24.04 LTS |
|---|---|
| node-socket.io-parser | Needs evaluation |
Not in release
PJSIP is a free and open source multimedia communication library written in C. Versions 2.16 and below have a cascading out-of-bounds heap read in pjsip_multipart_parse(). After boundary string matching, curptr is advanced past...
1 affected package
pjproject
| Package | 24.04 LTS |
|---|---|
| pjproject | Not in release |
fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. Versions 4.0.0-beta.3 through 5.5.5 contain a bypass vulnerability where numeric character references (&#NNN;, &#xHH;) and...
1 affected package
node-webfont
| Package | 24.04 LTS |
|---|---|
| node-webfont | Needs evaluation |
Not in release
PJSIP is a free and open source multimedia communication library written in C. Versions 2.16 and below have a Heap-based Buffer Overflowvulnerability in the DNS parser's name length handler. Thisimpacts applications using PJSIP's...
1 affected package
pjproject
| Package | 24.04 LTS |
|---|---|
| pjproject | Not in release |
Not in release
PJSIP is a free and open source multimedia communication library written in C. Versions 2.16 and below contain a heap use-after-free vulnerability in the ICE session that occurs when there are race conditions between...
1 affected package
pjproject
| Package | 24.04 LTS |
|---|---|
| pjproject | Not in release |
LibVNCServer versions 0.9.15 and prior (fixed in commit dc78dee) contain null pointer dereference vulnerabilities in the HTTP proxy handlers within httpProcessInput() in httpd.c that allow remote attackers to cause a denial of...
6 affected packages
libvncserver, vino, x11vnc, veyon, italc, tightvnc
| Package | 24.04 LTS |
|---|---|
| libvncserver | Needs evaluation |
| vino | Needs evaluation |
| x11vnc | Needs evaluation |
| veyon | Needs evaluation |
| italc | Not in release |
| tightvnc | Needs evaluation |
LibVNCServer versions 0.9.15 and prior (fixed in commit 009008e) contain a heap out-of-bounds read vulnerability in the UltraZip encoding handler that allows a malicious VNC server to cause information disclosure or application...
6 affected packages
veyon, libvncserver, vino, x11vnc, italc, tightvnc
| Package | 24.04 LTS |
|---|---|
| veyon | Needs evaluation |
| libvncserver | Needs evaluation |
| vino | Needs evaluation |
| x11vnc | Needs evaluation |
| italc | Not in release |
| tightvnc | Needs evaluation |
[Unknown description]
2 affected packages
squid, squid3
| Package | 24.04 LTS |
|---|---|
| squid | Needs evaluation |
| squid3 | Not in release |
pydicom is a pure Python package for working with DICOM files. Versions 2.0.0-rc.1 through 3.0.1 are vulnerable to Path Traversal through a maliciously crafted DICOMDIR ReferencedFileID when it is set to a path outside the...
1 affected package
pydicom
| Package | 24.04 LTS |
|---|---|
| pydicom | Needs evaluation |