Search CVE reports
71 – 80 of 39437 results
ruby webrick through v1.9.2 WEBrick reparses trailer Content-Length into canonical request state, enabling request smuggling.
1 affected package
ruby-webrick
| Package | 24.04 LTS |
|---|---|
| ruby-webrick | Needs evaluation |
ntopng through 6.6 is vulnerable to Predictable Session Identifier which can lead to Session Hijacking. HTTP session identifiers in src/HTTPserver.cpp use weak time-seeded pseudo-randomness during session creation. As a result,...
1 affected package
ntopng
| Package | 24.04 LTS |
|---|---|
| ntopng | Needs evaluation |
Not in release
An unauthenticated remote attacker can exhaust server memory via the FindServers Discovery Service in open62541. The serverUris field of FindServersRequest is not validated for length or array size. An attacker can declare an...
1 affected package
open62541
| Package | 24.04 LTS |
|---|---|
| open62541 | Not in release |
A flaw was found in HPLIP (HP Linux Imaging and Printing Software). This vulnerability, an incomplete fix for CVE-2026-8631, may allow a remote attacker to escalate privileges or achieve arbitrary code execution. This can occur...
1 affected package
hplip
| Package | 24.04 LTS |
|---|---|
| hplip | Needs evaluation |
[PHP: ext/openssl: Memory corruption (zend_mm_heap corrupted) in openssl_encrypt with AES-WRAP-PAD]
8 affected packages
php5, php7.0, php7.2, php7.4, php8.1...
| Package | 24.04 LTS |
|---|---|
| php5 | Not in release |
| php7.0 | Not in release |
| php7.2 | Not in release |
| php7.4 | Not in release |
| php8.1 | Not in release |
| php8.3 | Needs evaluation |
| php8.4 | Not in release |
| php8.5 | Not in release |
Multiple unbounded alloca() calls in the PulseAudio protocol server.
2 affected packages
pipewire, pulseaudio
| Package | 24.04 LTS |
|---|---|
| pipewire | Needs evaluation |
| pulseaudio | Not affected |
A memory leak in OpenVPN version 2.5.0 through 2.5.11, 2.6.0 through 2.6.20 and 2.7_alpha1 through 2.7.4 allows remote attackers with a valid tls-crypt-v2 client key to potentially cause a denial of service
1 affected package
openvpn
| Package | 24.04 LTS |
|---|---|
| openvpn | Needs evaluation |
OpenVPN version 2.6.0 through 2.6.20 and 2.7_alpha1 through 2.7.4 allows remote attackers to cause a denial of service via a malformed authentication token that triggers a reachable assertion when external-auth is enabled
1 affected package
openvpn
| Package | 24.04 LTS |
|---|---|
| openvpn | Needs evaluation |
tls_wrap_reneg use after free
1 affected package
openvpn
| Package | 24.04 LTS |
|---|---|
| openvpn | Needs evaluation |
ack_write_buf use after free
1 affected package
openvpn
| Package | 24.04 LTS |
|---|---|
| openvpn | Needs evaluation |