Search CVE reports
181 – 190 of 39382 results
ImageMagick before 7.1.2-22 contains a division by zero vulnerability in binomial kernel processing that allows attackers to cause denial of service. An attacker can supply a large binomial kernel value causing integer overflow,...
1 affected package
imagemagick
| Package | 24.04 LTS |
|---|---|
| imagemagick | Needs evaluation |
ImageMagick before 7.1.2-19 contains an off-by-one error in morphology validation allowing out-of-bounds heap buffer reads. Attackers can trigger heap buffer overflow by providing incorrect morphology parameters causing single...
1 affected package
imagemagick
| Package | 24.04 LTS |
|---|---|
| imagemagick | Needs evaluation |
c3p0 is a JDBC Connection pooling library. In versions prior to 0.14.0, c3p0 in combination with other libraries, can compose to a "sink" for deserialization gadgets. The JDBC spec's DataSource.getConnection()...
1 affected package
c3p0
| Package | 24.04 LTS |
|---|---|
| c3p0 | Needs evaluation |
Ruby JSON is a JSON implementation for Ruby. Versions 2.9.0 through 2.19.8 are vulnerable to heap buffer overflow when the JSON generator is provided with an oversized streamed object. When streaming to an IO JSON.dump(obj, io)...
8 affected packages
ruby2.3, ruby2.5, ruby2.7, ruby3.0, ruby3.2...
| Package | 24.04 LTS |
|---|---|
| ruby2.3 | Not in release |
| ruby2.5 | Not in release |
| ruby2.7 | Not in release |
| ruby3.0 | Not in release |
| ruby3.2 | Needs evaluation |
| ruby3.3 | Not in release |
| jruby | Needs evaluation |
| ruby-json | Needs evaluation |
Insufficient policy enforcement in StorageAccessAPI in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page....
1 affected package
chromium-browser
| Package | 24.04 LTS |
|---|---|
| chromium-browser | Not affected |
Insufficient policy enforcement in StorageAccessAPI in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
1 affected package
chromium-browser
| Package | 24.04 LTS |
|---|---|
| chromium-browser | Not affected |
Inappropriate implementation in DevTools in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. (Chromium security...
1 affected package
chromium-browser
| Package | 24.04 LTS |
|---|---|
| chromium-browser | Not affected |
Inappropriate implementation in Glic in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
1 affected package
chromium-browser
| Package | 24.04 LTS |
|---|---|
| chromium-browser | Not affected |
Out of bounds read and write in ANGLE in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security...
1 affected package
chromium-browser
| Package | 24.04 LTS |
|---|---|
| chromium-browser | Not affected |
Inappropriate implementation in AI in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security...
1 affected package
chromium-browser
| Package | 24.04 LTS |
|---|---|
| chromium-browser | Not affected |