Search CVE reports
41 – 50 of 42301 results
ImageMagick before 7.1.2-13 contains a memory leak vulnerability in LoadOpenCLDeviceBenchmark() function when parsing malformed OpenCL device profile XML files with unclosed device elements. Attackers with write access to the...
1 affected package
imagemagick
| Package | 20.04 LTS |
|---|---|
| imagemagick | Needs evaluation |
ImageMagick before 7.1.2-22 contains a division by zero vulnerability in binomial kernel processing that allows attackers to cause denial of service. An attacker can supply a large binomial kernel value causing integer overflow,...
1 affected package
imagemagick
| Package | 20.04 LTS |
|---|---|
| imagemagick | Needs evaluation |
ImageMagick before 7.1.2-19 contains an off-by-one error in morphology validation allowing out-of-bounds heap buffer reads. Attackers can trigger heap buffer overflow by providing incorrect morphology parameters causing single...
1 affected package
imagemagick
| Package | 20.04 LTS |
|---|---|
| imagemagick | Needs evaluation |
c3p0 is a JDBC Connection pooling library. In versions prior to 0.14.0, c3p0 in combination with other libraries, can compose to a "sink" for deserialization gadgets. The JDBC spec's DataSource.getConnection()...
1 affected package
c3p0
| Package | 20.04 LTS |
|---|---|
| c3p0 | Needs evaluation |
Ruby JSON is a JSON implementation for Ruby. Versions 2.9.0 through 2.19.8 are vulnerable to heap buffer overflow when the JSON generator is provided with an oversized streamed object. When streaming to an IO JSON.dump(obj, io)...
8 affected packages
ruby2.3, ruby2.5, ruby2.7, ruby3.0, ruby3.2...
| Package | 20.04 LTS |
|---|---|
| ruby2.3 | — |
| ruby2.5 | — |
| ruby2.7 | Needs evaluation |
| ruby3.0 | — |
| ruby3.2 | — |
| ruby3.3 | — |
| jruby | Needs evaluation |
| ruby-json | Needs evaluation |
Out of bounds read in FFmpeg in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted video file. (Chromium security severity: Medium)
3 affected packages
chromium-browser, ffmpeg, libav
| Package | 20.04 LTS |
|---|---|
| chromium-browser | — |
| ffmpeg | Needs evaluation |
| libav | — |
MessagePack is the serializer implementation for Python msgpack.org. Prior to 1.2.1, there is an Out-of-bounds read/crash on Unpacker reuse after a caught error, potentially leading to a DoS attack. If the Unpacker is...
3 affected packages
python-msgpack, python-pip, python-srsly
| Package | 20.04 LTS |
|---|---|
| python-msgpack | Needs evaluation |
| python-pip | Needs evaluation |
| python-srsly | — |
An unauthenticated attacker can read worklist records from a directory outside the intended per-AE worklist storage area. In a multi-area deployment, this can cross departmental or clinic data separation.
1 affected package
dcmtk
| Package | 20.04 LTS |
|---|---|
| dcmtk | Needs evaluation |
An unauthenticated remote attacker can repeatedly send a single crafted connection request to leak memory. Against storescp in its default single-process mode, memory grows quickly and the service is eventually killed, after which...
1 affected package
dcmtk
| Package | 20.04 LTS |
|---|---|
| dcmtk | Needs evaluation |
A malicious or compromised server can make a DCMTK client using bit-preserving C-GET storage mode write files outside the chosen output directory, using both relative (../) paths and absolute paths.
1 affected package
dcmtk
| Package | 20.04 LTS |
|---|---|
| dcmtk | Needs evaluation |