Search CVE reports
91 – 100 of 30357 results
Not in release
Uncontrolled Recursion (CWE-674) in Elasticsearch can lead to a denial of service via Excessive Allocation (CAPEC-130). An authenticated user can submit a specially crafted query that causes excessive resource consumption while...
1 affected package
elasticsearch
| Package | 26.04 LTS |
|---|---|
| elasticsearch | Not in release |
The AsyncHttpClient (AHC) library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. In versions from 2.0.0 prior to 2.16.0 and from 3.0.0.Beta1 prior to...
1 affected package
async-http-client
| Package | 26.04 LTS |
|---|---|
| async-http-client | Needs evaluation |
In versions prior to 7.1.2-26he, the `-concatenate` operation is missing policy checks, potentially resulting in both reading and writing to paths disallowed by the security policy. This issue has been fixed in version 7.1.2-26.
1 affected package
imagemagick
| Package | 26.04 LTS |
|---|---|
| imagemagick | Needs evaluation |
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-26, an incorrect handling of arguments can cause a heap buffer over-write in the JP2 encoder. This issue has...
1 affected package
imagemagick
| Package | 26.04 LTS |
|---|---|
| imagemagick | Needs evaluation |
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, when providing invalid arguments to the connected-components option an infinite loop will...
1 affected package
imagemagick
| Package | 26.04 LTS |
|---|---|
| imagemagick | Needs evaluation |
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, a missing depth check in the MVG decoder will result in a stack overflow when a crafted image...
1 affected package
imagemagick
| Package | 26.04 LTS |
|---|---|
| imagemagick | Needs evaluation |
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, a heap buffer overflow occurs in the MVG decoder that could result in an out of bounds write...
1 affected package
imagemagick
| Package | 26.04 LTS |
|---|---|
| imagemagick | Needs evaluation |
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, when identifying an image with a crafted 8BIM profile with a specific format string a...
1 affected package
imagemagick
| Package | 26.04 LTS |
|---|---|
| imagemagick | Needs evaluation |
mchange-commons-java is a Java library of shared utility classes used by mchange projects like the c3p0 connection pool. Prior to version 0.6.0, its JNDI ObjectFactory implementation (com.mchange.v2.naming.JavaBeanObjectFactory)...
1 affected package
c3p0
| Package | 26.04 LTS |
|---|---|
| c3p0 | Needs evaluation |
Pion DTLS is a Go implementation of Datagram Transport Layer Security. Versions prior to 3.1.4 are vulnerable to Remote Denial of Service via panic while parsing a crafted ECDHE_PSK ServerKeyExchange message. This issue has been...
2 affected packages
golang-github-pion-dtls-v3, golang-github-pion-dtls.v2
| Package | 26.04 LTS |
|---|---|
| golang-github-pion-dtls-v3 | Needs evaluation |
| golang-github-pion-dtls.v2 | Needs evaluation |