Search CVE reports
41 – 50 of 51519 results
DBI versions before 1.650 for Perl read one byte out-of-bounds in preparse when deleting an initial SQL comment. The preparse method normalises SQL and removes comments. When the SQL starts with a comment line, the deletion of...
1 affected package
libdbi-perl
| Package | 16.04 LTS |
|---|---|
| libdbi-perl | Needs evaluation |
DBI versions before 1.650 for Perl have a heap overflow when preparsing SQL statements with an extreme number of placeholders. The fix for CVE-2026-10879 did not allocate enough memory to handle approximately 1.2-million...
1 affected package
libdbi-perl
| Package | 16.04 LTS |
|---|---|
| libdbi-perl | Needs evaluation |
DBI versions before 1.650 for Perl are vulnerable to code injection via caller-influenced Profile. When a string is assigned to a DBI handle's Profile attribute, DBI splits it into path, package and arguments, and interpolates the...
1 affected package
libdbi-perl
| Package | 16.04 LTS |
|---|---|
| libdbi-perl | Needs evaluation |
GNU Wget through 1.25.0, fixed in commit dd692d9, contains a heap buffer overflow vulnerability in the html_quote_string() function in src/convert.c that allows a remote attacker to trigger memory corruption by supplying a crafted...
1 affected package
wget
| Package | 16.04 LTS |
|---|---|
| wget | Needs evaluation |
GNU Wget through 1.25.0, fixed in commit c2640fe, contains a heap buffer overflow vulnerability in the convert_fname() function within src/url.c that allows remote attackers to trigger memory corruption through a server-supplied...
1 affected package
wget
| Package | 16.04 LTS |
|---|---|
| wget | Needs evaluation |
GNU Wget through 1.25.0, fixed in commit 43d3ba9, contains an integer overflow vulnerability in the parse_content_range() function within src/http.c that allows server-controlled values to cause signed integer arithmetic to...
1 affected package
wget
| Package | 16.04 LTS |
|---|---|
| wget | Needs evaluation |
GNU Wget through 1.25.0, fixed in commit 37a40fc, contains a heap buffer underread vulnerability in the clean_metalink_string() function within src/metalink.c that allows a malicious server to trigger memory corruption by serving...
1 affected package
wget
| Package | 16.04 LTS |
|---|---|
| wget | Needs evaluation |
HTTP::Tiny versions before 0.095 for Perl forward credential headers to cross-origin redirect targets. When the server returns a 3xx redirect, `_maybe_redirect` follows the `Location:` header and `_prepare_headers_and_cb`...
2 affected packages
libhttp-tiny-perl, perl
| Package | 16.04 LTS |
|---|---|
| libhttp-tiny-perl | — |
| perl | Needs evaluation |
An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. `DomainNameValidator` does not prohibit newlines in domain names (unless used via a form field, since `CharField` strips newlines). If an application uses...
1 affected package
python-django
| Package | 16.04 LTS |
|---|---|
| python-django | Needs evaluation |
An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. `django.contrib.gis.gdal.GDALRaster` over-reads its in-memory buffer when constructed from a bytes object, which can disclose adjacent memory or cause...
1 affected package
python-django
| Package | 16.04 LTS |
|---|---|
| python-django | Needs evaluation |