Search CVE reports
101 – 110 of 50028 results
A buffer overflow in dnsmasq’s extract_addresses() function allows an attacker to trigger a heap out-of-bounds read and crash by exploiting a malformed DNS response, enabling extract_name() to advance the pointer past the record’s end.
1 affected package
dnsmasq
| Package | 16.04 LTS |
|---|---|
| dnsmasq | Fixed |
An information disclosure vulnerability in dnsmasq allows remote attackers to bypass source checks via a crafted DNS packet with RFC 7871 client subnet information.
1 affected package
dnsmasq
| Package | 16.04 LTS |
|---|---|
| dnsmasq | Fixed |
A heap-based out-of-bounds write vulnerability in the DHCPv6 implementation of dnsmasq allows local attackers to execute arbitrary code with root privileges via a crafted DHCPv6 packet.
1 affected package
dnsmasq
| Package | 16.04 LTS |
|---|---|
| dnsmasq | Fixed |
A heap-based out-of-bounds read vulnerability in the DNSSEC validation of dnsmasq allows remote attackers to cause a denial of service via a crafted DNS packet.
1 affected package
dnsmasq
| Package | 16.04 LTS |
|---|---|
| dnsmasq | Fixed |
A Denial of Service (DoS) vulnerability in the DNSSEC validation of dnsmasq allows remote attackers to cause a denial of service via a crafted DNS packet.
1 affected package
dnsmasq
| Package | 16.04 LTS |
|---|---|
| dnsmasq | Fixed |
dnsmasqs extract_name() function can be abused to cause a heap buffer overflow, allowing an attacker to inject false DNS cache entries, which could result in DNS lookups to redirect to an attacker-controlled IP address, or to cause a DoS.
1 affected package
dnsmasq
| Package | 16.04 LTS |
|---|---|
| dnsmasq | Fixed |
The Elasticsearch logging provider, when configured with a `host` URL that embeds credentials (for example `https://user:password@server.example.com:9200`), wrote the full host URL — including the embedded credentials — into task...
1 affected package
elasticsearch
| Package | 16.04 LTS |
|---|---|
| elasticsearch | Ignored |
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present The DATA-packet handler in rxrpc_input_call_event() and the RESPONSE handler in...
157 affected packages
linux, linux-aws, linux-aws-5.15, linux-aws-5.4, linux-aws-hwe...
| Package | 16.04 LTS |
|---|---|
| linux | Needs evaluation |
| linux-aws | Needs evaluation |
| linux-aws-5.15 | Not in release |
| linux-aws-5.4 | Not in release |
| linux-aws-hwe | Needs evaluation |
| linux-azure | Needs evaluation |
| linux-azure-4.15 | Not in release |
| linux-azure-5.15 | Not in release |
| linux-azure-5.4 | Not in release |
| linux-azure-fde-5.15 | Not in release |
| linux-bluefield | Not in release |
| linux-gcp | Needs evaluation |
| linux-gcp-4.15 | Not in release |
| linux-gcp-5.15 | Not in release |
| linux-gcp-5.4 | Not in release |
| linux-hwe | Needs evaluation |
| linux-hwe-5.15 | Not in release |
| linux-hwe-5.4 | Not in release |
| linux-ibm | Not in release |
| linux-ibm-5.15 | Not in release |
| linux-ibm-5.4 | Not in release |
| linux-intel-iotg-5.15 | Not in release |
| linux-iot | Not in release |
| linux-kvm | Needs evaluation |
| linux-lowlatency-hwe-5.15 | Not in release |
| linux-lts-xenial | Not in release |
| linux-nvidia-tegra-5.15 | Not in release |
| linux-oracle | Needs evaluation |
| linux-oracle-5.15 | Not in release |
| linux-oracle-5.4 | Not in release |
| linux-raspi | Not in release |
| linux-raspi-5.4 | Not in release |
| linux-riscv-5.15 | Not in release |
| linux-hwe-5.8 | Not in release |
| linux-hwe-5.11 | Not in release |
| linux-hwe-5.13 | Not in release |
| linux-hwe-5.19 | Not in release |
| linux-hwe-6.2 | Not in release |
| linux-hwe-6.5 | Not in release |
| linux-hwe-6.8 | Not in release |
| linux-hwe-6.11 | Not in release |
| linux-hwe-6.14 | Not in release |
| linux-hwe-6.17 | Not in release |
| linux-hwe-edge | Ignored |
| linux-allwinner-5.19 | Not in release |
| linux-aws-5.0 | Not in release |
| linux-aws-5.3 | Not in release |
| linux-aws-5.8 | Not in release |
| linux-aws-5.11 | Not in release |
| linux-aws-5.13 | Not in release |
| linux-aws-5.19 | Not in release |
| linux-aws-6.2 | Not in release |
| linux-aws-6.5 | Not in release |
| linux-aws-6.8 | Not in release |
| linux-aws-6.14 | Not in release |
| linux-aws-6.17 | Not in release |
| linux-azure-5.3 | Not in release |
| linux-azure-5.8 | Not in release |
| linux-azure-5.11 | Not in release |
| linux-azure-5.13 | Not in release |
| linux-azure-5.19 | Not in release |
| linux-azure-6.2 | Not in release |
| linux-azure-6.5 | Not in release |
| linux-azure-6.8 | Not in release |
| linux-azure-6.11 | Not in release |
| linux-azure-6.14 | Not in release |
| linux-azure-6.17 | Not in release |
| linux-azure-fde | Not in release |
| linux-azure-fde-5.19 | Not in release |
| linux-azure-fde-6.2 | Not in release |
| linux-azure-fde-6.8 | Not in release |
| linux-azure-fde-6.14 | Not in release |
| linux-azure-fde-6.17 | Not in release |
| linux-azure-nvidia | Not in release |
| linux-azure-nvidia-6.14 | Not in release |
| linux-azure-edge | Not in release |
| linux-fips | Not in release |
| linux-aws-fips | Not in release |
| linux-azure-fips | Not in release |
| linux-gcp-fips | Not in release |
| linux-gcp-5.3 | Not in release |
| linux-gcp-5.8 | Not in release |
| linux-gcp-5.11 | Not in release |
| linux-gcp-5.13 | Not in release |
| linux-gcp-5.19 | Not in release |
| linux-gcp-6.2 | Not in release |
| linux-gcp-6.5 | Not in release |
| linux-gcp-6.8 | Not in release |
| linux-gcp-6.11 | Not in release |
| linux-gcp-6.14 | Not in release |
| linux-gcp-6.17 | Not in release |
| linux-gke | Ignored |
| linux-gke-4.15 | Not in release |
| linux-gke-5.4 | Not in release |
| linux-gke-5.15 | Not in release |
| linux-gkeop | Not in release |
| linux-gkeop-5.4 | Not in release |
| linux-gkeop-5.15 | Not in release |
| linux-ibm-6.8 | Not in release |
| linux-intel-5.13 | Not in release |
| linux-intel-iotg | Not in release |
| linux-intel-iot-realtime | Not in release |
| linux-lowlatency | Not in release |
| linux-lowlatency-hwe-5.19 | Not in release |
| linux-lowlatency-hwe-6.2 | Not in release |
| linux-lowlatency-hwe-6.5 | Not in release |
| linux-lowlatency-hwe-6.8 | Not in release |
| linux-lowlatency-hwe-6.11 | Not in release |
| linux-nvidia | Not in release |
| linux-nvidia-6.2 | Not in release |
| linux-nvidia-6.5 | Not in release |
| linux-nvidia-6.8 | Not in release |
| linux-nvidia-6.11 | Not in release |
| linux-nvidia-lowlatency | Not in release |
| linux-nvidia-tegra | Not in release |
| linux-nvidia-tegra-igx | Not in release |
| linux-oracle-5.0 | Not in release |
| linux-oracle-5.3 | Not in release |
| linux-oracle-5.8 | Not in release |
| linux-oracle-5.11 | Not in release |
| linux-oracle-5.13 | Not in release |
| linux-oracle-6.5 | Not in release |
| linux-oracle-6.8 | Not in release |
| linux-oracle-6.14 | Not in release |
| linux-oracle-6.17 | Not in release |
| linux-oem | Ignored |
| linux-oem-5.6 | Not in release |
| linux-oem-5.10 | Not in release |
| linux-oem-5.13 | Not in release |
| linux-oem-5.14 | Not in release |
| linux-oem-5.17 | Not in release |
| linux-oem-6.0 | Not in release |
| linux-oem-6.1 | Not in release |
| linux-oem-6.5 | Not in release |
| linux-oem-6.8 | Not in release |
| linux-oem-6.11 | Not in release |
| linux-oem-6.14 | Not in release |
| linux-oem-6.17 | Not in release |
| linux-raspi2 | Ignored |
| linux-raspi-realtime | Not in release |
| linux-realtime | Not in release |
| linux-realtime-6.8 | Not in release |
| linux-realtime-6.14 | Not in release |
| linux-riscv | Not in release |
| linux-riscv-5.8 | Not in release |
| linux-riscv-5.11 | Not in release |
| linux-riscv-5.19 | Not in release |
| linux-riscv-6.5 | Not in release |
| linux-riscv-6.8 | Not in release |
| linux-riscv-6.14 | Not in release |
| linux-riscv-6.17 | Not in release |
| linux-starfive-5.19 | Not in release |
| linux-starfive-6.2 | Not in release |
| linux-starfive-6.5 | Not in release |
| linux-xilinx | Not in release |
| linux-xilinx-zynqmp | Not in release |
| linux-realtime-6.17 | Not in release |
Moodle LMS 4.0 contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting payloads through the search parameter. Attackers can inject JavaScript code via the...
1 affected package
moodle
| Package | 16.04 LTS |
|---|---|
| moodle | Ignored |
In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via moderately sized crafted XML input.
23 affected packages
ayttm, cableswig, cadaver, coin3, gdcm...
| Package | 16.04 LTS |
|---|---|
| ayttm | Ignored |
| cableswig | Ignored |
| cadaver | Ignored |
| coin3 | Ignored |
| gdcm | Ignored |
| insighttoolkit4 | Ignored |
| libxmltok | Ignored |
| matanza | Ignored |
| smart | Ignored |
| swish-e | Ignored |
| tdom | Ignored |
| vnc4 | Ignored |
| vtk | Ignored |
| wbxml2 | Ignored |
| xmlrpc-c | Ignored |
| expat | Needs evaluation |
| apache2 | Not affected |
| apr-util | Not affected |
| cmake | Not affected |
| ghostscript | Not affected |
| texlive-bin | Not affected |
| firefox | — |
| thunderbird | — |