Search CVE reports
141 – 150 of 51633 results
FreeRDP before 3.22.0 contains a use-after-free vulnerability in dvcman_channel_close and dvcman_call_on_receive due to improper synchronization of channel_callback access. A malicious RDP server can trigger a race condition by...
3 affected packages
freerdp, freerdp2, freerdp3
| Package | 16.04 LTS |
|---|---|
| freerdp | Needs evaluation |
| freerdp2 | — |
| freerdp3 | — |
A heap buffer overflow due to missing size checking in the property buffer when parsing PCF files in libXfont2 ComputeScaledProperties() before libXfont2 before 2.0.8 could be used by attackers using authenticated X clients to...
2 affected packages
libxfont, libxfont2
| Package | 16.04 LTS |
|---|---|
| libxfont | Needs evaluation |
| libxfont2 | Needs evaluation |
A heap bufferflow in pcfReadFont() due to missing glyph bounds checking in libXfont2 before 2.0.8 allows attackers authenticated as X client to execute code within the X server.
2 affected packages
libxfont, libxfont2
| Package | 16.04 LTS |
|---|---|
| libxfont | Needs evaluation |
| libxfont2 | Needs evaluation |
A heap buffer overflow in BitmapScaleBitmaps in libXfont2 before 2.0.8 due to an overflowing 32bit size could be used by attackers able to access the X Server to execute code within the X server cont
2 affected packages
libxfont, libxfont2
| Package | 16.04 LTS |
|---|---|
| libxfont | Needs evaluation |
| libxfont2 | Needs evaluation |
Local attackers with a X connection able to provide GLX commit to the X server xorg-server before 21.2.24 and xwayland before 24.1.13 could cause a Heap Use After Free, due to CommonMakeCurrent() pointing into...
7 affected packages
xorg, xorg-server, xwayland, xorg-server-hwe-16.04, xorg-server-hwe-18.04...
| Package | 16.04 LTS |
|---|---|
| xorg | Not affected |
| xorg-server | Needs evaluation |
| xwayland | — |
| xorg-server-hwe-16.04 | Needs evaluation |
| xorg-server-hwe-18.04 | — |
| xorg-hwe-16.04 | Not affected |
| xorg-hwe-18.04 | — |
Local attackers with a X connection able to provide PCX fonts to the X server xorg-server before 21.2.24 and xwayland before 24.1.13 could cause a heap buffer overflow via SetFont due to missing glyph boundary checks.
7 affected packages
xorg, xorg-server, xwayland, xorg-server-hwe-16.04, xorg-server-hwe-18.04...
| Package | 16.04 LTS |
|---|---|
| xorg | Not affected |
| xorg-server | Needs evaluation |
| xwayland | — |
| xorg-server-hwe-16.04 | Needs evaluation |
| xorg-server-hwe-18.04 | — |
| xorg-hwe-16.04 | Not affected |
| xorg-hwe-18.04 | — |
ssh in OpenSSH before 10.4 can have a use-after-free when a server changes its host key during a key re-exchange. (This outcome occurs only on the client side.)
2 affected packages
openssh, openssh-ssh1
| Package | 16.04 LTS |
|---|---|
| openssh | Needs evaluation |
| openssh-ssh1 | — |
sshd in OpenSSH before 10.4 does not always honor the minimum authentication delay.
2 affected packages
openssh, openssh-ssh1
| Package | 16.04 LTS |
|---|---|
| openssh | Needs evaluation |
| openssh-ssh1 | — |
sshd in OpenSSH before 10.4 allows remote attackers to cause a denial of service (resource consumption from excessive authentication attempts) because MaxAuthTries was mishandled for GSSAPIAuthentication.
2 affected packages
openssh, openssh-ssh1
| Package | 16.04 LTS |
|---|---|
| openssh | Needs evaluation |
| openssh-ssh1 | — |
In sshd in OpenSSH before 10.4, DisableForwarding=yes was supposed to take precedence over PermitTunnel=yes, but did not.
2 affected packages
openssh, openssh-ssh1
| Package | 16.04 LTS |
|---|---|
| openssh | Needs evaluation |
| openssh-ssh1 | — |