Search CVE reports
91 – 100 of 42301 results
JavaScript::Minifier::XS versions before 0.16 for Perl leak memory on every call to minify(), allowing unbounded memory growth. In JsMinify (XS.xs) the cleanup frees only the NodeSet structures and never the per-token contents...
1 affected package
libjavascript-minifier-xs-perl
| Package | 20.04 LTS |
|---|---|
| libjavascript-minifier-xs-perl | Needs evaluation |
JavaScript::Minifier::XS versions before 0.16 for Perl crash with a NULL pointer dereference when the first meaningful token of the input is a slash. The regexp versus division disambiguator in JsTokenizeString (XS.xs) inspects...
1 affected package
libjavascript-minifier-xs-perl
| Package | 20.04 LTS |
|---|---|
| libjavascript-minifier-xs-perl | Needs evaluation |
CSS::Minifier::XS versions before 0.14 for Perl have a memory leak when the entire document is minified away. The minify function has a memory leak when processing a document containing only characters to be removed, such as...
1 affected package
libcss-minifier-xs-perl
| Package | 20.04 LTS |
|---|---|
| libcss-minifier-xs-perl | Needs evaluation |
A flaw was found in p11-kit. The RPC message attribute parsing functions p11_rpc_message_get_attribute() and p11_rpc_message_get_attribute_array_value() form a mutually-recursive call chain with no recursion depth limit when...
1 affected package
p11-kit
| Package | 20.04 LTS |
|---|---|
| p11-kit | Vulnerable |
A flaw was found in libtiff. A remote attacker could exploit this vulnerability by providing a specially crafted PixarLog-compressed TIFF image. This issue occurs when decoding Pixarlog codec images with...
5 affected packages
tiff, qtwebengine-opensource-src, texmaker, gdal, neuron
| Package | 20.04 LTS |
|---|---|
| tiff | Needs evaluation |
| qtwebengine-opensource-src | Needs evaluation |
| texmaker | Needs evaluation |
| gdal | Not affected |
| neuron | Needs evaluation |
A vulnerability was determined in llvm llvm-project up to 22.1.6. This impacts the function GCRelocateInst::getBasePtr in the library llvm/lib/IR/IntrinsicInst.cpp of the component Bitcode File Handler. This manipulation causes...
4 affected packages
llvm-toolchain-18, llvm-toolchain-19, llvm-toolchain-21, llvm-toolchain-22
| Package | 20.04 LTS |
|---|---|
| llvm-toolchain-18 | Needs evaluation |
| llvm-toolchain-19 | — |
| llvm-toolchain-21 | — |
| llvm-toolchain-22 | — |
A vulnerability was found in llvm llvm-project up to 22.1.6. This affects the function llvm::StringMap::insert in the library /lib/IR/ValueSymbolTable.cpp of the component ValueSymbolTable Module. The manipulation results in...
4 affected packages
llvm-toolchain-18, llvm-toolchain-19, llvm-toolchain-21, llvm-toolchain-22
| Package | 20.04 LTS |
|---|---|
| llvm-toolchain-18 | Needs evaluation |
| llvm-toolchain-19 | — |
| llvm-toolchain-21 | — |
| llvm-toolchain-22 | — |
attr before version 2.6.0 contains a symlink traversal vulnerability in the getfattr and setfattr utilities that allows local attackers to escalate privileges by replacing a pathname component with a symbolic link during directory...
1 affected package
attr
| Package | 20.04 LTS |
|---|---|
| attr | Needs evaluation |
acl before version 2.4.0 contains a time-of-check to time-of-use (TOCTOU) race condition vulnerability that allows local attackers to escalate privileges by replacing a pathname component with a symbolic link between an lstat()...
1 affected package
acl
| Package | 20.04 LTS |
|---|---|
| acl | Needs evaluation |
acl before version 2.4.0 contains a symlink traversal vulnerability in the libacl pathname-based functions acl_get_file(), acl_set_file(), acl_extended_file(), and acl_delete_def_file() that allows local attackers to escalate...
1 affected package
acl
| Package | 20.04 LTS |
|---|---|
| acl | Needs evaluation |