Search CVE reports
201 – 210 of 42899 results
AES-GCM encryption/decryption with extremely large cumulative single message sizes (>64 GiB) were not properly rejected by the streaming APIs, allowing counter wrap, keystream reuse, and consequent plaintext recovery.
1 affected package
wolfssl
| Package | 22.04 LTS |
|---|---|
| wolfssl | Needs evaluation |
wolfSSL_PKCS7_verify() returning success for a degenerate (certs-only) PKCS#7 object that contains no signer. Such an object has empty signerInfos, so the underlying signed-data verification succeeds without authenticating any...
1 affected package
wolfssl
| Package | 22.04 LTS |
|---|---|
| wolfssl | Needs evaluation |
jq is a command-line JSON processor. Prior to 1.8.2, on 32bit system, jvp_string_append has a chance of integer/multiple overflowing and then causing a massive buffer overrun. This vulnerability is fixed in 1.8.2.
1 affected package
jq
| Package | 22.04 LTS |
|---|---|
| jq | Needs evaluation |
jq is a command-line JSON processor. Prior to 1.8.2,` jq --rawfile` can turn a handled oversized-string error into invalid-state reuse and a real heap out-of-bounds write in assertion-disabled builds. When jv_load_file(raw=1)...
1 affected package
jq
| Package | 22.04 LTS |
|---|---|
| jq | Needs evaluation |
jq is a command-line JSON processor. Prior to 1.8.2, comparing two sufficiently deeply nested arrays with the == operator exhausts the C stack on jq's ordinary command-line surface, resulting in denial of service via stack...
1 affected package
jq
| Package | 22.04 LTS |
|---|---|
| jq | Needs evaluation |
X.509 trust-chain bypass (path-depth exhaustion) in the OpenSSL compatibility certificate verifier (wolfSSL_X509_verify_cert()). This affects only builds with --enable-opensslextra whose application calls X509_verify_cert() with...
1 affected package
wolfssl
| Package | 22.04 LTS |
|---|---|
| wolfssl | Needs evaluation |
socat versions 1.8.0.0 through 1.8.1.1 contain a heap-based buffer overflow vulnerability that allows a malicious SOCKS5 proxy server to overwrite adjacent heap memory by exploiting a sign-extension flaw in the DOMAINNAME reply...
1 affected package
socat
| Package | 22.04 LTS |
|---|---|
| socat | Needs evaluation |
Vim is an open source, command line text editor. Prior to 9.2.0699, Vim's Python omni-completion (runtime/autoload/python3complete.vim and the legacy pythoncomplete.vim) executes reconstructed function and class definitions from...
1 affected package
vim
| Package | 22.04 LTS |
|---|---|
| vim | Vulnerable |
Vim is an open source, command line text editor. Prior to 9.2.0698, the single-byte branch of spell_soundfold_sofo() in src/spell.c translates a word through a spell file's SOFO (sound-folding) byte map into a caller-owned result...
1 affected package
vim
| Package | 22.04 LTS |
|---|---|
| vim | Vulnerable |
Vim is an open source, command line text editor. From 9.2.0320 until 9.2.0679, a crafted undo or swap file can store a virtual-text property whose offset and length point outside the line's property data. When Vim restores or...
1 affected package
vim
| Package | 22.04 LTS |
|---|---|
| vim | Not affected |