Search CVE reports
201 – 210 of 30612 results
DBI versions before 1.650 for Perl are vulnerable to code injection via caller-influenced Profile. When a string is assigned to a DBI handle's Profile attribute, DBI splits it into path, package and arguments, and interpolates the...
1 affected package
libdbi-perl
| Package | 26.04 LTS |
|---|---|
| libdbi-perl | Needs evaluation |
Not in release
Anki is a program for creating and reviewing flashcards. Prior to 25.09.3, Anki launches a local HTTP server to serve media files and web pages for parts of its interface, but requests from other origins were not sufficiently...
1 affected package
anki
| Package | 26.04 LTS |
|---|---|
| anki | Not in release |
Not in release
Anki is a program for creating and reviewing flashcards. Prior to 25.09.4, Anki's webview-based pages communicate with the Rust backend using an internal localhost API, and user scripts included via iframes in the editor can...
1 affected package
anki
| Package | 26.04 LTS |
|---|---|
| anki | Not in release |
GNU Wget through 1.25.0, fixed in commit dd692d9, contains a heap buffer overflow vulnerability in the html_quote_string() function in src/convert.c that allows a remote attacker to trigger memory corruption by supplying a crafted...
1 affected package
wget
| Package | 26.04 LTS |
|---|---|
| wget | Vulnerable |
GNU Wget through 1.25.0, fixed in commit c2640fe, contains a heap buffer overflow vulnerability in the convert_fname() function within src/url.c that allows remote attackers to trigger memory corruption through a server-supplied...
1 affected package
wget
| Package | 26.04 LTS |
|---|---|
| wget | Vulnerable |
GNU Wget through 1.25.0, fixed in commit 43d3ba9, contains an integer overflow vulnerability in the parse_content_range() function within src/http.c that allows server-controlled values to cause signed integer arithmetic to...
1 affected package
wget
| Package | 26.04 LTS |
|---|---|
| wget | Vulnerable |
GNU Wget through 1.25.0, fixed in commit 37a40fc, contains a heap buffer underread vulnerability in the clean_metalink_string() function within src/metalink.c that allows a malicious server to trigger memory corruption by serving...
1 affected package
wget
| Package | 26.04 LTS |
|---|---|
| wget | Vulnerable |
calibre is an e-book manager. Prior to 9.10.0, a malicious EPUB, OPF, or PDF file can execute arbitrary Python code when its metadata is read by calibre, including through Add books or Edit books, by embedding a custom column...
1 affected package
calibre
| Package | 26.04 LTS |
|---|---|
| calibre | Needs evaluation |
HTTP::Tiny versions before 0.095 for Perl forward credential headers to cross-origin redirect targets. When the server returns a 3xx redirect, `_maybe_redirect` follows the `Location:` header and `_prepare_headers_and_cb`...
2 affected packages
libhttp-tiny-perl, perl
| Package | 26.04 LTS |
|---|---|
| libhttp-tiny-perl | Needs evaluation |
| perl | Needs evaluation |
A flaw was found in 389-ds-base where the LDBM backend attribute encryption uses a hardcoded static initialization vector for AES-CBC and 3DES-CBC operations, allowing an attacker with privileged filesystem access to detect...
1 affected package
389-ds-base
| Package | 26.04 LTS |
|---|---|
| 389-ds-base | Needs evaluation |