Search CVE reports
141 – 150 of 36661 results
Vim is an open source, command line text editor. Prior to version 9.2.0076, a heap-based buffer overflow WRITE and an out-of-bounds READ exist in Vim's terminal emulator when processing maximum combining characters from...
1 affected package
vim
| Package | 22.04 LTS |
|---|---|
| vim | Needs evaluation |
Vim is an open source, command line text editor. Prior to version 9.2.0075, a heap-based buffer underflow exists in Vim's Emacs-style tags file parsing logic. When processing a malformed tags file where a delimiter appears at the...
1 affected package
vim
| Package | 22.04 LTS |
|---|---|
| vim | Needs evaluation |
Vim is an open source, command line text editor. Prior to version 9.2.0074, a heap-based buffer overflow out-of-bounds read exists in Vim's Emacs-style tags file parsing logic. When processing a malformed tags file, Vim can...
1 affected package
vim
| Package | 22.04 LTS |
|---|---|
| vim | Needs evaluation |
Vim is an open source, command line text editor. Prior to version 9.2.0073, an OS command injection vulnerability exists in the `netrw` standard plugin bundled with Vim. By inducing a user to open a crafted URL (e.g., using...
1 affected package
vim
| Package | 22.04 LTS |
|---|---|
| vim | Needs evaluation |
pypdf is a free and open-source pure-python PDF library. Prior to version 6.7.4, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the content stream using...
2 affected packages
pypdf, pypdf2
| Package | 22.04 LTS |
|---|---|
| pypdf | Not in release |
| pypdf2 | Needs evaluation |
calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.4.0, the calibre Content Server's brute-force protection mechanism uses a ban key derived from both...
1 affected package
calibre
| Package | 22.04 LTS |
|---|---|
| calibre | Needs evaluation |
calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.4.0, an HTTP Response Header Injection vulnerability in the calibre Content Server allows any authenticated...
1 affected package
calibre
| Package | 22.04 LTS |
|---|---|
| calibre | Needs evaluation |
Uncontrolled Resource Consumption, Deserialization of Untrusted Data vulnerability in hexpm hex_core (hex_api modules), hexpm hex (mix_hex_api modules), erlang rebar3 (r3_hex_api modules) allows Object Injection, Excessive...
2 affected packages
rebar3, erlang-hex
| Package | 22.04 LTS |
|---|---|
| rebar3 | Needs evaluation |
| erlang-hex | Not in release |
A flaw was found in REXML. A remote attacker could exploit inefficient regular expression (regex) parsing when processing hex numeric character references (&#x...;) in XML documents. This could lead to a Regular Expression Denial...
7 affected packages
ruby2.3, ruby2.5, ruby2.7, ruby3.0, ruby3.2...
| Package | 22.04 LTS |
|---|---|
| ruby2.3 | Not in release |
| ruby2.5 | Not in release |
| ruby2.7 | Not in release |
| ruby3.0 | Vulnerable |
| ruby3.2 | Not in release |
| ruby3.3 | Not in release |
| jruby | Not in release |
PluXml CMS allows a user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behaviour enables an attacker to fix a session ID for a victim and later hijack...
1 affected package
pluxml
| Package | 22.04 LTS |
|---|---|
| pluxml | Needs evaluation |