Search CVE reports
541 – 550 of 48446 results
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. Processing maliciously crafted web content may lead to an unexpected process crash.
5 affected packages
webkitgtk, webkit2gtk, qtwebkit-source, qtwebkit-opensource-src, wpewebkit
| Package | 16.04 LTS |
|---|---|
| webkitgtk | Ignored |
| webkit2gtk | Ignored |
| qtwebkit-source | Ignored |
| qtwebkit-opensource-src | Ignored |
| wpewebkit | — |
Sending a maliciously crafted message to the kea-ctrl-agent, kea-dhcp-ddns, kea-dhcp4, or kea-dhcp6 daemons over any configured API socket or HA listener can cause the receiving daemon to exit with a stack overflow error. This...
1 affected package
isc-kea
| Package | 16.04 LTS |
|---|---|
| isc-kea | Needs evaluation |
A use-after-return vulnerability exists in the `named` server when handling DNS queries signed with SIG(0). Using a specially-crafted DNS request, an attacker may be able to cause an ACL to improperly (mis)match an IP address. In...
3 affected packages
bind9, isc-dhcp, bind9-libs
| Package | 16.04 LTS |
|---|---|
| bind9 | Not affected |
| isc-dhcp | Not affected |
| bind9-libs | — |
Under certain conditions, `named` may crash when processing a correctly signed query containing a TKEY record. The affected code can only be reached if an incoming request has a valid transaction signature (TSIG) from a key...
3 affected packages
bind9, isc-dhcp, bind9-libs
| Package | 16.04 LTS |
|---|---|
| bind9 | Not affected |
| isc-dhcp | Not affected |
| bind9-libs | — |
A specially crafted domain can be used to cause a memory leak in a BIND resolver simply by querying this domain. This issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through...
3 affected packages
bind9, isc-dhcp, bind9-libs
| Package | 16.04 LTS |
|---|---|
| bind9 | Not affected |
| isc-dhcp | Not affected |
| bind9-libs | — |
If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume excessive CPU. Authoritative-only servers are generally unaffected, although there are circumstances where...
3 affected packages
bind9, isc-dhcp, bind9-libs
| Package | 16.04 LTS |
|---|---|
| bind9 | Needs evaluation |
| isc-dhcp | Not affected |
| bind9-libs | — |
Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vulnerability exists in Vim's glob() function on Unix-like systems. By including a newline character (\n) in a pattern passed to...
1 affected package
vim
| Package | 16.04 LTS |
|---|---|
| vim | Vulnerable |
Zabbix Agent 2 Docker plugin does not properly sanitize the 'docker.container_info' parameters when forwarding them to the Docker daemon. An attacker capable of invoking Agent 2 can read arbitrary files from running Docker...
1 affected package
zabbix
| Package | 16.04 LTS |
|---|---|
| zabbix | Needs evaluation |
A low privilege Zabbix user with API access can exploit a blind SQL injection vulnerability in include/classes/api/CApiService.php to execute arbitrary SQL selects via the sortfield parameter. Although query results are not...
1 affected package
zabbix
| Package | 16.04 LTS |
|---|---|
| zabbix | Needs evaluation |
Host and event action script input is validated with a regex (set by the administrator), but the validation runs in multiline mode. If ^ and $ anchors are used in user input validation, an injected newline lets authenticated users...
1 affected package
zabbix
| Package | 16.04 LTS |
|---|---|
| zabbix | Needs evaluation |