Search CVE reports
16461 – 16470 of 48196 results
Design document functions which receive a user http request object may expose authorization or session cookie headers of the user who accesses the document. These design document functions are: * list * show * ...
1 affected package
couchdb
| Package | 16.04 LTS |
|---|---|
| couchdb | Needs evaluation |
Some fixes available 1 of 2
A flaw was found in xorg-server. A specially crafted request to RRChangeProviderProperty or RRChangeOutputProperty can trigger an integer overflow which may lead to a disclosure of sensitive information.
11 affected packages
xorg, xorg-server, xwayland, xorg-server-hwe-16.04, xorg-server-hwe-18.04...
| Package | 16.04 LTS |
|---|---|
| xorg | Not affected |
| xorg-server | Fixed |
| xwayland | Not in release |
| xorg-server-hwe-16.04 | Needs evaluation |
| xorg-server-hwe-18.04 | Not in release |
| xorg-hwe-16.04 | Not affected |
| xorg-hwe-18.04 | Not in release |
| xorg-server-lts-utopic | Not in release |
| xorg-server-lts-vivid | Not in release |
| xorg-server-lts-wily | Not in release |
| xorg-server-lts-xenial | Not in release |
Some fixes available 1 of 2
A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote...
11 affected packages
xorg, xorg-server, xwayland, xorg-server-hwe-16.04, xorg-server-hwe-18.04...
| Package | 16.04 LTS |
|---|---|
| xorg | Not affected |
| xorg-server | Fixed |
| xwayland | Not in release |
| xorg-server-hwe-16.04 | Needs evaluation |
| xorg-server-hwe-18.04 | Not in release |
| xorg-hwe-16.04 | Not affected |
| xorg-hwe-18.04 | Not in release |
| xorg-server-lts-utopic | Not in release |
| xorg-server-lts-vivid | Not in release |
| xorg-server-lts-wily | Not in release |
| xorg-server-lts-xenial | Not in release |
In Ubuntu, gnome-control-center did not properly reflect SSH remote login status when the system was configured to use systemd socket activation for openssh-server. This could unknowingly leave the local machine exposed to remote...
1 affected package
gnome-control-center
| Package | 16.04 LTS |
|---|---|
| gnome-control-center | Needs evaluation |
A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data. This issue could allow an attacker to use a specially crafted file to...
2 affected packages
ansible, ansible-core
| Package | 16.04 LTS |
|---|---|
| ansible | Fixed |
| ansible-core | Not in release |
A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size attribute in ajp-listener, JBoss EAP is marked in an error state by mod_cluster in httpd, causing JBoss EAP to close the TCP connection...
1 affected package
undertow
| Package | 16.04 LTS |
|---|---|
| undertow | Needs evaluation |
h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. In version 2.3.0-beta2 and prior, when h2o is configured to listen to multiple addresses or ports with each of them using different backend servers managed by...
1 affected package
h2o
| Package | 16.04 LTS |
|---|---|
| h2o | Ignored |
The NSS code used for checking PKCS#1 v1.5 was leaking information useful in mounting Bleichenbacher-like attacks. Both the overall correctness of the padding as well as the length of the encrypted message was leaking through...
1 affected package
nss
| Package | 16.04 LTS |
|---|---|
| nss | Vulnerable |
The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, macOS Sonoma 14.2, watchOS 10.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2. Processing web content may lead to arbitrary code execution.
5 affected packages
wpewebkit, webkitgtk, webkit2gtk, qtwebkit-source, qtwebkit-opensource-src
| Package | 16.04 LTS |
|---|---|
| wpewebkit | Ignored |
| webkitgtk | Ignored |
| webkit2gtk | Ignored |
| qtwebkit-source | Ignored |
| qtwebkit-opensource-src | Ignored |
NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().
1 affected package
ncurses
| Package | 16.04 LTS |
|---|---|
| ncurses | Fixed |