Search CVE reports
121 – 130 of 41630 results
PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, a buffer overflow vulnerability exists in PJNATH ICE Session when processing credentials with excessively long usernames.
1 affected package
pjproject
| Package | 18.04 LTS |
|---|---|
| pjproject | Needs evaluation |
Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, n out-of-bounds write may be triggered when loading a specially crafted PSD image. This vulnerability is fixed in 12.1.1.
2 affected packages
pillow, pillow-python2
| Package | 18.04 LTS |
|---|---|
| pillow | Not affected |
| pillow-python2 | — |
Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, a security control bypass vulnerability in Kanboard allows an authenticated administrator to achieve full Remote Code Execution...
2 affected packages
kanboard-cli, python-kanboard
| Package | 18.04 LTS |
|---|---|
| kanboard-cli | Needs evaluation |
| python-kanboard | Needs evaluation |
### Summary The `arrayLimit` option in qs does not enforce limits for comma-separated values when `comma: true` is enabled, allowing attackers to cause denial-of-service via memory exhaustion. This is a bypass of the array limit...
1 affected package
node-qs
| Package | 18.04 LTS |
|---|---|
| node-qs | Needs evaluation |
[Unknown description]
2 affected packages
libsoup2.4, libsoup3
| Package | 18.04 LTS |
|---|---|
| libsoup2.4 | Needs evaluation |
| libsoup3 | — |
[ICO import integer overflow bypass leads to heap buffer overflow]
1 affected package
gimp
| Package | 18.04 LTS |
|---|---|
| gimp | Needs evaluation |
[GIMP PSP File Parsing Integer Overflow Leading to Heap Corruption]
1 affected package
gimp
| Package | 18.04 LTS |
|---|---|
| gimp | Needs evaluation |
Heap buffer overflow in PostgreSQL pg_trgm allows a database user to achieve unknown impacts via a crafted input string. The attacker has limited control over the byte patterns to be written, but we have not ruled out the...
8 affected packages
postgresql-18, postgresql-17, postgresql-16, postgresql-14, postgresql-12...
| Package | 18.04 LTS |
|---|---|
| postgresql-18 | — |
| postgresql-17 | — |
| postgresql-16 | — |
| postgresql-14 | — |
| postgresql-12 | — |
| postgresql-10 | Not affected |
| postgresql-9.5 | — |
| postgresql-9.3 | — |
Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user...
8 affected packages
postgresql-18, postgresql-17, postgresql-16, postgresql-14, postgresql-12...
| Package | 18.04 LTS |
|---|---|
| postgresql-18 | — |
| postgresql-17 | — |
| postgresql-16 | — |
| postgresql-14 | — |
| postgresql-12 | — |
| postgresql-10 | Needs evaluation |
| postgresql-9.5 | — |
| postgresql-9.3 | — |
Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.
8 affected packages
postgresql-18, postgresql-17, postgresql-16, postgresql-14, postgresql-12...
| Package | 18.04 LTS |
|---|---|
| postgresql-18 | — |
| postgresql-17 | — |
| postgresql-16 | — |
| postgresql-14 | — |
| postgresql-12 | — |
| postgresql-10 | Needs evaluation |
| postgresql-9.5 | — |
| postgresql-9.3 | — |