Search CVE reports
151 – 160 of 27818 results
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP server can trigger a heap-buffer-overflow write in the FreeRDP client by sending crafted RDPGFX PDUs. The bug is...
3 affected packages
freerdp, freerdp2, freerdp3
| Package | 26.04 LTS |
|---|---|
| freerdp | Not in release |
| freerdp2 | Not in release |
| freerdp3 | Needs evaluation |
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP client can trigger a heap-buffer-overflow write in FreeRDP's server-side clipboard (cliprdr) channel by sending a CB_CLIP_CAPS PDU...
3 affected packages
freerdp, freerdp2, freerdp3
| Package | 26.04 LTS |
|---|---|
| freerdp | Not in release |
| freerdp2 | Not in release |
| freerdp3 | Needs evaluation |
Decoding a paletted BMP file with an out-of-range palette index results in a panic when accessing pixels in the invalid image.
1 affected package
golang-golang-x-image
| Package | 26.04 LTS |
|---|---|
| golang-golang-x-image | Needs evaluation |
GitHub CLI (gh) is GitHub’s official command line tool. Prior to 2.93.0, GitHub CLI incorrectly includes authorization header in API requests to TUF repository mirrors via gh attestation, gh release verify, and gh...
2 affected packages
golang-github-cli-go-gh, golang-github-cli-go-gh-v2
| Package | 26.04 LTS |
|---|---|
| golang-github-cli-go-gh | Needs evaluation |
| golang-github-cli-go-gh-v2 | Needs evaluation |
Not in release
Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, Mermaid's default configuration allows injecting CSS that applies outside of the Mermaid diagram...
1 affected package
node-mermaid
| Package | 26.04 LTS |
|---|---|
| node-mermaid | Not in release |
Not in release
Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, there is a denial-of-service attack when rendering gantt charts, if they use the excludes...
1 affected package
node-mermaid
| Package | 26.04 LTS |
|---|---|
| node-mermaid | Not in release |
Exim 4.88 before 4.99.4, in some proxy configurations, mishandles certain short payloads, leading to disclosure of uninitialized stack memory values to a client.
1 affected package
exim4
| Package | 26.04 LTS |
|---|---|
| exim4 | Fixed |
A flaw was found in libsoup. A remote attacker could exploit an unsigned to signed conversion error in the `soup_body_input_stream_read_chunked()` function by sending a malicious HTTP request. This vulnerability occurs when...
2 affected packages
libsoup2.4, libsoup3
| Package | 26.04 LTS |
|---|---|
| libsoup2.4 | Needs evaluation |
| libsoup3 | Needs evaluation |
[Unknown description]
1 affected package
php-guzzlehttp-psr7
| Package | 26.04 LTS |
|---|---|
| php-guzzlehttp-psr7 | Needs evaluation |
[Unknown description]
1 affected package
php-guzzlehttp-psr7
| Package | 26.04 LTS |
|---|---|
| php-guzzlehttp-psr7 | Needs evaluation |