Search CVE reports
131 – 140 of 51633 results
A sandbox escape vulnerability exists in the OpenJDK packages provided in Ubuntu. The .jar MIME handlers installed by these packages execute files marked as executable when the mailcap package is installed. A compromised or...
12 affected packages
mailcap, openjdk-8, openjdk-9, openjdk-lts, openjdk-13...
| Package | 16.04 LTS |
|---|---|
| mailcap | — |
| openjdk-8 | Not affected |
| openjdk-9 | — |
| openjdk-lts | — |
| openjdk-13 | — |
| openjdk-16 | — |
| openjdk-17 | — |
| openjdk-17-crac | — |
| openjdk-18 | — |
| openjdk-21 | — |
| openjdk-21-crac | — |
| openjdk-25 | — |
An issue in SQLite before Fossil check-in 869a51ae84df allows a local attacker to obtain sensitive information via the Session Extension changeset concat/changegroup merge path
2 affected packages
sqlite, sqlite3
| Package | 16.04 LTS |
|---|---|
| sqlite | — |
| sqlite3 | Needs evaluation |
A NULL pointer dereference in the SQLite Session Extension in SQLite 3.53.1 and SQLite trunk builds before check-in e807d4e3798efd53 allows an attacker who can supply a malformed changeset blob to cause a denial of service....
2 affected packages
sqlite, sqlite3
| Package | 16.04 LTS |
|---|---|
| sqlite | — |
| sqlite3 | Needs evaluation |
Handshakes which used Encrypted Client Hello could be de-anonymized by a passive network observer due to a disclosure of pre-shared key identities in the unencrypted client hello.
16 affected packages
golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...
| Package | 16.04 LTS |
|---|---|
| golang | — |
| golang-1.6 | Needs evaluation |
| golang-1.8 | — |
| golang-1.9 | — |
| golang-1.10 | Needs evaluation |
| golang-1.13 | — |
| golang-1.14 | — |
| golang-1.16 | — |
| golang-1.17 | — |
| golang-1.18 | — |
| golang-1.20 | — |
| golang-1.21 | — |
| golang-1.22 | — |
| golang-1.23 | — |
| golang-1.24 | — |
| golang-1.25 | — |
On Unix systems, opening a file in an os.Root improperly follows symlinks to locations outside of the Root when the final path component of the a path is a symbolic link and the path ends in /. For example, 'root.Open("symlink/")'...
16 affected packages
golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...
| Package | 16.04 LTS |
|---|---|
| golang | — |
| golang-1.6 | Needs evaluation |
| golang-1.8 | — |
| golang-1.9 | — |
| golang-1.10 | Needs evaluation |
| golang-1.13 | — |
| golang-1.14 | — |
| golang-1.16 | — |
| golang-1.17 | — |
| golang-1.18 | — |
| golang-1.20 | — |
| golang-1.21 | — |
| golang-1.22 | — |
| golang-1.23 | — |
| golang-1.24 | — |
| golang-1.25 | — |
U-Boot through 2026.04-rc3 contains a buffer overflow vulnerability in nfs_readlink_reply() (net/nfs-common.c) when CONFIG_CMD_NFS is enabled, allowing a malicious or compromised NFS server to overflow the 2048-byte nfs_path_buff...
2 affected packages
u-boot, u-boot-nezha
| Package | 16.04 LTS |
|---|---|
| u-boot | Needs evaluation |
| u-boot-nezha | — |
U-Boot through 2026.04-rc3 contains an integer underflow vulnerability in the tcp_rx_state_machine() function (net/tcp.c) that allows a network-adjacent attacker to crash the bootloader by sending a malformed TCP SYN+ACK packet...
2 affected packages
u-boot, u-boot-nezha
| Package | 16.04 LTS |
|---|---|
| u-boot | Needs evaluation |
| u-boot-nezha | — |
U-Boot through 2026.04-rc3 contains an out-of-bounds read vulnerability in tcp_rx_state_machine() (net/tcp.c) when CONFIG_PROT_TCP is enabled, allowing remote attackers to read beyond TCP segment boundaries by crafting a malicious...
2 affected packages
u-boot, u-boot-nezha
| Package | 16.04 LTS |
|---|---|
| u-boot | Needs evaluation |
| u-boot-nezha | — |
ImageMagick before 7.1.2-19 contains a heap buffer overflow vulnerability in the FTXT encoder due to missing boundary checks when parsing ftxt:format. Remote attackers can trigger an out of bounds read by crafting malicious FTXT...
1 affected package
imagemagick
| Package | 16.04 LTS |
|---|---|
| imagemagick | Needs evaluation |
ImageMagick before 7.1.2-15 contains a heap-buffer-overflow read vulnerability in GetPixelIndex caused by OpenPixelCache updating image channel metadata before pixel cache memory allocation. Attackers can trigger memory and disk...
1 affected package
imagemagick
| Package | 16.04 LTS |
|---|---|
| imagemagick | Needs evaluation |