Search CVE reports
1 – 10 of 46520 results
The OWASP core rule set (CRS) is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 4.22.0 and 3.3.8, the current rule 922110 has a bug when processing multipart requests...
1 affected package
modsecurity-crs
| Package | 16.04 LTS |
|---|---|
| modsecurity-crs | Needs evaluation |
Werkzeug is a comprehensive WSGI web application library. Prior to version 3.1.5, Werkzeug's safe_join function allows path segments with Windows device names that have file extensions or trailing spaces. On Windows, there are...
1 affected package
python-werkzeug
| Package | 16.04 LTS |
|---|---|
| python-werkzeug | Needs evaluation |
A flaw was found in libsoup's NTLM (NT LAN Manager) authentication module. When NTLM authentication is enabled, a local attacker can exploit a stack-based buffer overflow vulnerability in the md4sum() function. This allows the...
2 affected packages
libsoup2.4, libsoup3
| Package | 16.04 LTS |
|---|---|
| libsoup2.4 | Needs evaluation |
| libsoup3 | — |
OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load contains a heap buffer underflow vulnerability in the readline() function. When processing malformed input, an unsigned offset calculation can underflow a heap pointer,...
2 affected packages
openldap, lmdb
| Package | 16.04 LTS |
|---|---|
| openldap | Not affected |
| lmdb | Needs evaluation |
zlib versions up to and including 1.3.1.2 contain a global buffer overflow in the untgz utility. The TGZfname() function copies an attacker-supplied archive name from argv[] into a fixed-size 1024-byte static global buffer using...
4 affected packages
zlib, rsync, klibc, zsync
| Package | 16.04 LTS |
|---|---|
| zlib | Not affected |
| rsync | Vulnerable |
| klibc | Needs evaluation |
| zsync | Needs evaluation |
urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at...
2 affected packages
python-urllib3, python-pip
| Package | 16.04 LTS |
|---|---|
| python-urllib3 | Not affected |
| python-pip | Not affected |
[Unknown description]
1 affected package
tlp
| Package | 16.04 LTS |
|---|---|
| tlp | Needs evaluation |
[broken TLS options for threaded LDAPS]
1 affected package
curl
| Package | 16.04 LTS |
|---|---|
| curl | Needs evaluation |
Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.
1 affected package
libtasn1-6
| Package | 16.04 LTS |
|---|---|
| libtasn1-6 | Needs evaluation |
A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests.As a result, requests...
1 affected package
undertow
| Package | 16.04 LTS |
|---|---|
| undertow | Needs evaluation |