It was discovered that PHP incorrectly handle certain inputs.
An attacker could possibly use this issue to cause a crash or
execute arbitrary code. (CVE-2024-11235)
It was discovered that PHP incorrectly handle certain folded headers.
An attacker could possibly use this issue to cause a crash or
execute arbritrary code. (CVE-2025-1217)
It was discovered that PHP incorrectly handled certain headers.
An attacker could possibly use this issue to expose sensitive information
or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS
Ubuntu 24.10, and Ubuntu 24.04 LTS. (CVE-2025-1219)
It was discovered that PHP incorrectly handle certain headers with invalid
name and no colon. An attacker could possibly use this issue to confuse
applications into accepting invalid headers causing code injection.
(CVE-2025-1734)
It was discovered that PHP incorrectly handled certain headers.
An attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 22.04 LTS, Ubuntu 24.10, and Ubuntu 24.04
LTS. (CVE-2025-1736)
It was discovered that PHP incorrectly handled certain inputs.
An attacker could possibly use this issue to expose sensitive
information. (CVE-2025-1861)
It was discovered that RabbitMQ Server’s management UI did not sanitize
certain input. An attacker could possibly use this issue to inject code
by performing a cross-site scripting (XSS) attack.
It was discovered that libtar may perform out-of-bounds reads when
processing specially crafted tar files. An attacker could possibly use
this issue to cause libtar to crash, resulting in a denial of service,
or execute arbitrary code. (CVE-2021-33643, CVE-2021-33644)
It was discovered that libtar contained a memory leak due to failing
to free a variable, causing performance degradation. An attacker
could possibly use this issue to cause libtar to crash, resulting in a
denial of service. (CVE-2021-33645, CVE-2021-33646)
Xiantong Hou discovered that AOM did not properly handle certain malformed
media files. If an application using AOM opened a specially crafted file, a
remote attacker could cause a denial of service, or possibly execute
arbitrary code.
Marius Berntsberg, Trygve Vea, Tore Anderson, Rodolfo Alonso, Jay Faulkner,
and Brian Haley discovered that OVN incorrectly handled certain crafted UDP
packets. A remote attacker could possibly use this issue to bypass egress
ACL rules.
Several security issues were discovered in the WebKitGTK Web and JavaScript
engines. If a user were tricked into viewing a malicious website, a remote
attacker could exploit a variety of issues related to web browser security,
including cross-site scripting attacks, denial of service attacks, and
arbitrary code execution.
Jonathan Clem and Justin Bull discovered that Doorkeeper could allow
arbitrary token revocation and replay attacks. An attacker could possibly
use this issue to gain unauthorized access to a system. (CVE-2016-6582)
It was discovered that Doorkeeper incorrectly handled storing client names.
An attacker could possibly use this issue to execute a cross-site
scripting (XSS) attack. (CVE-2018-1000088)
Prior to version 0.008, the Perl module Data::Entropy relied on Perl’s builtin rand function to choose an entropy source. Version 0.008 does away with this need.
Prior to version 0.008, the Perl module Data::Entropy relied on Perl’s builtin rand function to choose an entropy source. Version 0.008 does away with this need.
