Search CVE reports
31 – 40 of 51629 results
In NTFS-3G through 2026.2.25, a heap buffer overflow exists in ntfs_index_walk_down() in libntfs-3g/index.c that allows an attacker to corrupt heap memory in the SUID-root ntfs-3g binary by crafting a malicious NTFS image. The...
1 affected package
ntfs-3g
| Package | 16.04 LTS |
|---|---|
| ntfs-3g | Needs evaluation |
In NTFS-3G through 2026.2.25, a heap buffer overflow exists in ntfs_ib_copy_tail(), in libntfs-3g/index.c, that allows an attacker to corrupt heap memory in the SUID-root ntfs-3g binary by crafting a malicious NTFS image. The...
1 affected package
ntfs-3g
| Package | 16.04 LTS |
|---|---|
| ntfs-3g | Needs evaluation |
In NTFS-3G through 2026.2.25, a heap buffer overflow exists in ntfs_decompress() in compress.c that allows an attacker to corrupt one byte of heap memory in the SUID-root ntfs-3g binary by crafting a malicious NTFS image. The...
1 affected package
ntfs-3g
| Package | 16.04 LTS |
|---|---|
| ntfs-3g | Needs evaluation |
In NTFS-3G through 2026.2.25, a heap buffer overflow exists in ntfs_ir_to_ib() in index.c that allows an attacker to corrupt heap memory in the SUID-root ntfs-3g binary by crafting a malicious NTFS image. The overflow is triggered...
1 affected package
ntfs-3g
| Package | 16.04 LTS |
|---|---|
| ntfs-3g | Needs evaluation |
In NTFS-3G through 2026.2.25, a heap buffer overflow exists in cat() in cat.c that allows an attacker to corrupt heap memory in the ntfscat binary by crafting a malicious NTFS image. The overflow is triggered by reading a file.
1 affected package
ntfs-3g
| Package | 16.04 LTS |
|---|---|
| ntfs-3g | Needs evaluation |
Tornado is a Python web framework and asynchronous networking library. Prior to 6.5.6, Tornado gzip decompression routines processed limited-size chunks but did not enforce an overall limit on accumulated decompressed chunks,...
1 affected package
python-tornado
| Package | 16.04 LTS |
|---|---|
| python-tornado | Needs evaluation |
Tornado is a Python web framework and asynchronous networking library. Prior to 6.5.6, the optional native extension tornado.speedups implemented websocket_mask without validating that the mask argument is exactly four bytes,...
1 affected package
python-tornado
| Package | 16.04 LTS |
|---|---|
| python-tornado | Needs evaluation |
Tornado is a Python web framework and asynchronous networking library. Prior to 6.5.6, SimpleAsyncHTTPClient shallow-copied redirected requests and removed only the Host header, leaving Authorization, auth_username, auth_password,...
1 affected package
python-tornado
| Package | 16.04 LTS |
|---|---|
| python-tornado | Needs evaluation |
Not in release
Improper encoding or escaping of output in .NET allows an authorized attacker to perform spoofing over a network.
5 affected packages
dotnet6, dotnet7, dotnet8, dotnet9, dotnet10
| Package | 16.04 LTS |
|---|---|
| dotnet6 | Not in release |
| dotnet7 | Not in release |
| dotnet8 | Not in release |
| dotnet9 | Not in release |
| dotnet10 | Not in release |
Not in release
Allocation of resources without limits or throttling in .NET allows an unauthorized attacker to deny service over a network.
5 affected packages
dotnet6, dotnet7, dotnet8, dotnet9, dotnet10
| Package | 16.04 LTS |
|---|---|
| dotnet6 | Not in release |
| dotnet7 | Not in release |
| dotnet8 | Not in release |
| dotnet9 | Not in release |
| dotnet10 | Not in release |