Search CVE reports
2851 – 2860 of 50764 results
A use-after-return vulnerability exists in the `named` server when handling DNS queries signed with SIG(0). Using a specially-crafted DNS request, an attacker may be able to cause an ACL to improperly (mis)match an IP address. In...
3 affected packages
bind9, bind9-libs, isc-dhcp
| Package | 16.04 LTS |
|---|---|
| bind9 | Not affected |
| bind9-libs | — |
| isc-dhcp | Not affected |
Under certain conditions, `named` may crash when processing a correctly signed query containing a TKEY record. The affected code can only be reached if an incoming request has a valid transaction signature (TSIG) from a key...
3 affected packages
bind9, bind9-libs, isc-dhcp
| Package | 16.04 LTS |
|---|---|
| bind9 | Not affected |
| bind9-libs | — |
| isc-dhcp | Not affected |
A specially crafted domain can be used to cause a memory leak in a BIND resolver simply by querying this domain. This issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through...
3 affected packages
bind9, bind9-libs, isc-dhcp
| Package | 16.04 LTS |
|---|---|
| bind9 | Not affected |
| bind9-libs | — |
| isc-dhcp | Not affected |
If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume excessive CPU. Authoritative-only servers are generally unaffected, although there are circumstances where...
3 affected packages
bind9, bind9-libs, isc-dhcp
| Package | 16.04 LTS |
|---|---|
| bind9 | Needs evaluation |
| bind9-libs | — |
| isc-dhcp | Not affected |
Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vulnerability exists in Vim's glob() function on Unix-like systems. By including a newline character (\n) in a pattern passed to...
1 affected package
vim
| Package | 16.04 LTS |
|---|---|
| vim | Fixed |
Zabbix Agent 2 Docker plugin does not properly sanitize the 'docker.container_info' parameters when forwarding them to the Docker daemon. An attacker capable of invoking Agent 2 can read arbitrary files from running Docker...
1 affected package
zabbix
| Package | 16.04 LTS |
|---|---|
| zabbix | Ignored |
A low privilege Zabbix user with API access can exploit a blind SQL injection vulnerability in include/classes/api/CApiService.php to execute arbitrary SQL selects via the sortfield parameter. Although query results are not...
1 affected package
zabbix
| Package | 16.04 LTS |
|---|---|
| zabbix | Ignored |
Host and event action script input is validated with a regex (set by the administrator), but the validation runs in multiline mode. If ^ and $ anchors are used in user input validation, an injected newline lets authenticated users...
1 affected package
zabbix
| Package | 16.04 LTS |
|---|---|
| zabbix | Ignored |
For performance reasons Zabbix Server/Proxy reuses JavaScript (Duktape) contexts (used in script items, JavaScript reprocessing, Webhooks). This can lead to confidentiality loss where a regular (non-super) Zabbix administrator...
1 affected package
zabbix
| Package | 16.04 LTS |
|---|---|
| zabbix | Ignored |
LibVNCServer versions 0.9.15 and prior (fixed in commit dc78dee) contain null pointer dereference vulnerabilities in the HTTP proxy handlers within httpProcessInput() in httpd.c that allow remote attackers to cause a denial of...
6 affected packages
italc, libvncserver, tightvnc, veyon, vino, x11vnc
| Package | 16.04 LTS |
|---|---|
| italc | Ignored |
| libvncserver | Needs evaluation |
| tightvnc | Ignored |
| veyon | — |
| vino | Needs evaluation |
| x11vnc | Ignored |