Search CVE reports
2281 – 2290 of 37984 results
When a user explicitly requested Thunderbird to decrypt an inline OpenPGP message that was embedded in a text section of an email that was formatted and styled with HTML and CSS, then the decrypted contents were rendered in a...
1 affected package
thunderbird
| Package | 22.04 LTS |
|---|---|
| thunderbird | Fixed |
Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial (hg) installed, downloading modules from non-standard sources (e.g., custom domains) can cause unexpected...
16 affected packages
golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...
| Package | 22.04 LTS |
|---|---|
| golang | Not in release |
| golang-1.6 | Not in release |
| golang-1.8 | Not in release |
| golang-1.9 | Not in release |
| golang-1.10 | Not in release |
| golang-1.13 | Needs evaluation |
| golang-1.14 | Not in release |
| golang-1.16 | Not in release |
| golang-1.17 | Needs evaluation |
| golang-1.18 | Needs evaluation |
| golang-1.20 | Needs evaluation |
| golang-1.21 | Needs evaluation |
| golang-1.22 | Needs evaluation |
| golang-1.23 | Needs evaluation |
| golang-1.24 | Needs evaluation |
| golang-1.25 | Not in release |
Building a malicious file with cmd/go can cause can cause a write to an attacker-controlled file with partial control of the file content. The "#cgo pkg-config:" directive in a Go source file provides command-line arguments to...
16 affected packages
golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...
| Package | 22.04 LTS |
|---|---|
| golang | Not in release |
| golang-1.6 | Not in release |
| golang-1.8 | Not in release |
| golang-1.9 | Not in release |
| golang-1.10 | Not in release |
| golang-1.13 | Needs evaluation |
| golang-1.14 | Not in release |
| golang-1.16 | Not in release |
| golang-1.17 | Needs evaluation |
| golang-1.18 | Needs evaluation |
| golang-1.20 | Needs evaluation |
| golang-1.21 | Needs evaluation |
| golang-1.22 | Needs evaluation |
| golang-1.23 | Needs evaluation |
| golang-1.24 | Needs evaluation |
| golang-1.25 | Not in release |
During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the...
16 affected packages
golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...
| Package | 22.04 LTS |
|---|---|
| golang | Not in release |
| golang-1.6 | Not in release |
| golang-1.8 | Not in release |
| golang-1.9 | Not in release |
| golang-1.10 | Not in release |
| golang-1.13 | Needs evaluation |
| golang-1.14 | Not in release |
| golang-1.16 | Not in release |
| golang-1.17 | Needs evaluation |
| golang-1.18 | Needs evaluation |
| golang-1.20 | Needs evaluation |
| golang-1.21 | Needs evaluation |
| golang-1.22 | Needs evaluation |
| golang-1.23 | Needs evaluation |
| golang-1.24 | Needs evaluation |
| golang-1.25 | Not in release |
archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive.
16 affected packages
golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...
| Package | 22.04 LTS |
|---|---|
| golang | Not in release |
| golang-1.6 | Not in release |
| golang-1.8 | Not in release |
| golang-1.9 | Not in release |
| golang-1.10 | Not in release |
| golang-1.13 | Needs evaluation |
| golang-1.14 | Not in release |
| golang-1.16 | Not in release |
| golang-1.17 | Needs evaluation |
| golang-1.18 | Needs evaluation |
| golang-1.20 | Needs evaluation |
| golang-1.21 | Needs evaluation |
| golang-1.22 | Needs evaluation |
| golang-1.23 | Needs evaluation |
| golang-1.24 | Needs evaluation |
| golang-1.25 | Not in release |
The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the...
16 affected packages
golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...
| Package | 22.04 LTS |
|---|---|
| golang | Not in release |
| golang-1.6 | Not in release |
| golang-1.8 | Not in release |
| golang-1.9 | Not in release |
| golang-1.10 | Not in release |
| golang-1.13 | Needs evaluation |
| golang-1.14 | Not in release |
| golang-1.16 | Not in release |
| golang-1.17 | Needs evaluation |
| golang-1.18 | Needs evaluation |
| golang-1.20 | Needs evaluation |
| golang-1.21 | Needs evaluation |
| golang-1.22 | Needs evaluation |
| golang-1.23 | Needs evaluation |
| golang-1.24 | Needs evaluation |
| golang-1.25 | Not in release |
Some fixes available 8 of 31
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause heap memory access after the memory is freed. A successful exploit of this vulnerability might lead to code execution,...
47 affected packages
nvidia-graphics-drivers-304, nvidia-graphics-drivers-304-updates, nvidia-graphics-drivers-340, nvidia-graphics-drivers-340-updates, nvidia-graphics-drivers-352...
| Package | 22.04 LTS |
|---|---|
| nvidia-graphics-drivers-304 | Not in release |
| nvidia-graphics-drivers-304-updates | Not in release |
| nvidia-graphics-drivers-340 | Not affected |
| nvidia-graphics-drivers-340-updates | Not in release |
| nvidia-graphics-drivers-352 | Not in release |
| nvidia-graphics-drivers-352-updates | Not in release |
| nvidia-graphics-drivers-361 | Not in release |
| nvidia-graphics-drivers-367 | Not in release |
| nvidia-graphics-drivers-375 | Not in release |
| nvidia-graphics-drivers-384 | Not in release |
| nvidia-graphics-drivers-390 | Ignored |
| nvidia-graphics-drivers-418-server | Ignored |
| nvidia-graphics-drivers-430 | Ignored |
| nvidia-graphics-drivers-435 | Ignored |
| nvidia-graphics-drivers-440 | Ignored |
| nvidia-graphics-drivers-440-server | Ignored |
| nvidia-graphics-drivers-450 | Ignored |
| nvidia-graphics-drivers-450-server | Ignored |
| nvidia-graphics-drivers-455 | Ignored |
| nvidia-graphics-drivers-460 | Ignored |
| nvidia-graphics-drivers-460-server | Not in release |
| nvidia-graphics-drivers-470 | Ignored |
| nvidia-graphics-drivers-470-server | Ignored |
| nvidia-graphics-drivers-495 | Not in release |
| nvidia-graphics-drivers-510 | Ignored |
| nvidia-graphics-drivers-510-server | Not affected |
| nvidia-graphics-drivers-515 | Ignored |
| nvidia-graphics-drivers-515-server | Ignored |
| nvidia-graphics-drivers-520 | Ignored |
| nvidia-graphics-drivers-525 | Not affected |
| nvidia-graphics-drivers-525-server | Not affected |
| nvidia-graphics-drivers-530 | Ignored |
| nvidia-graphics-drivers-535 | Fixed |
| nvidia-graphics-drivers-535-server | Fixed |
| nvidia-graphics-drivers-545 | Ignored |
| nvidia-graphics-drivers-550 | Ignored |
| nvidia-graphics-drivers-550-server | Ignored |
| nvidia-graphics-drivers-560 | Not in release |
| nvidia-graphics-drivers-565-server | Ignored |
| nvidia-graphics-drivers-570 | Fixed |
| nvidia-graphics-drivers-570-server | Fixed |
| nvidia-graphics-drivers-575 | Ignored |
| nvidia-graphics-drivers-575-server | Ignored |
| nvidia-graphics-drivers-580 | Fixed |
| nvidia-graphics-drivers-580-server | Fixed |
| nvidia-graphics-drivers-590 | Fixed |
| nvidia-graphics-drivers-590-server | Fixed |
Some fixes available 8 of 31
NVIDIA Display Driver for Linux contains a vulnerability in the NVIDIA kernel module where an attacker could cause an integer overflow or wraparound. A successful exploit of this vulnerability might lead to code execution,...
47 affected packages
nvidia-graphics-drivers-304, nvidia-graphics-drivers-304-updates, nvidia-graphics-drivers-340, nvidia-graphics-drivers-340-updates, nvidia-graphics-drivers-352...
| Package | 22.04 LTS |
|---|---|
| nvidia-graphics-drivers-304 | Not in release |
| nvidia-graphics-drivers-304-updates | Not in release |
| nvidia-graphics-drivers-340 | Not affected |
| nvidia-graphics-drivers-340-updates | Not in release |
| nvidia-graphics-drivers-352 | Not in release |
| nvidia-graphics-drivers-352-updates | Not in release |
| nvidia-graphics-drivers-361 | Not in release |
| nvidia-graphics-drivers-367 | Not in release |
| nvidia-graphics-drivers-375 | Not in release |
| nvidia-graphics-drivers-384 | Not in release |
| nvidia-graphics-drivers-390 | Ignored |
| nvidia-graphics-drivers-418-server | Ignored |
| nvidia-graphics-drivers-430 | Ignored |
| nvidia-graphics-drivers-435 | Ignored |
| nvidia-graphics-drivers-440 | Ignored |
| nvidia-graphics-drivers-440-server | Ignored |
| nvidia-graphics-drivers-450 | Ignored |
| nvidia-graphics-drivers-450-server | Ignored |
| nvidia-graphics-drivers-455 | Ignored |
| nvidia-graphics-drivers-460 | Ignored |
| nvidia-graphics-drivers-460-server | Not in release |
| nvidia-graphics-drivers-470 | Ignored |
| nvidia-graphics-drivers-470-server | Ignored |
| nvidia-graphics-drivers-495 | Not in release |
| nvidia-graphics-drivers-510 | Ignored |
| nvidia-graphics-drivers-510-server | Not affected |
| nvidia-graphics-drivers-515 | Ignored |
| nvidia-graphics-drivers-515-server | Ignored |
| nvidia-graphics-drivers-520 | Ignored |
| nvidia-graphics-drivers-525 | Not affected |
| nvidia-graphics-drivers-525-server | Not affected |
| nvidia-graphics-drivers-530 | Ignored |
| nvidia-graphics-drivers-535 | Fixed |
| nvidia-graphics-drivers-535-server | Fixed |
| nvidia-graphics-drivers-545 | Ignored |
| nvidia-graphics-drivers-550 | Ignored |
| nvidia-graphics-drivers-550-server | Ignored |
| nvidia-graphics-drivers-560 | Not in release |
| nvidia-graphics-drivers-565-server | Ignored |
| nvidia-graphics-drivers-570 | Fixed |
| nvidia-graphics-drivers-570-server | Fixed |
| nvidia-graphics-drivers-575 | Ignored |
| nvidia-graphics-drivers-575-server | Ignored |
| nvidia-graphics-drivers-580 | Fixed |
| nvidia-graphics-drivers-580-server | Fixed |
| nvidia-graphics-drivers-590 | Fixed |
| nvidia-graphics-drivers-590-server | Fixed |
M/Monit 3.7.4 contains a privilege escalation vulnerability that allows authenticated users to modify user permissions by manipulating the admin parameter. Attackers can send a POST request to the /api/1/admin/users/update...
1 affected package
monit
| Package | 22.04 LTS |
|---|---|
| monit | Needs evaluation |
M/Monit 3.7.4 contains an authentication vulnerability that allows authenticated attackers to retrieve user password hashes through an administrative API endpoint. Attackers can send requests to the /api/1/admin/users/list and...
1 affected package
monit
| Package | 22.04 LTS |
|---|---|
| monit | Needs evaluation |