Search CVE reports
101 – 110 of 39943 results
Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322.
16 affected packages
golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...
| Package | 20.04 LTS |
|---|---|
| golang | — |
| golang-1.6 | — |
| golang-1.8 | — |
| golang-1.9 | — |
| golang-1.10 | — |
| golang-1.13 | Needs evaluation |
| golang-1.14 | Needs evaluation |
| golang-1.16 | Needs evaluation |
| golang-1.17 | — |
| golang-1.18 | Needs evaluation |
| golang-1.20 | Needs evaluation |
| golang-1.21 | Needs evaluation |
| golang-1.22 | Needs evaluation |
| golang-1.23 | — |
| golang-1.24 | — |
| golang-1.25 | — |
Pillow is a Python imaging library. From version 10.3.0 to before version 12.2.0, processing a malicious PSD file could lead to memory corruption, potentially resulting in a crash or arbitrary code execution. This issue has been...
2 affected packages
pillow, pillow-python2
| Package | 20.04 LTS |
|---|---|
| pillow | Needs evaluation |
| pillow-python2 | Needs evaluation |
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. From versions 0.4.0 to before 0.4.24, 0.5.0 to before 0.5.14, and 0.6.0 to before 0.6.4, when authenticating a connection with SCRAM-SHA1...
7 affected packages
ruby2.3, ruby2.5, ruby2.7, ruby3.0, ruby3.2...
| Package | 20.04 LTS |
|---|---|
| ruby2.3 | — |
| ruby2.5 | — |
| ruby2.7 | Needs evaluation |
| ruby3.0 | — |
| ruby3.2 | — |
| ruby3.3 | — |
| jruby | Needs evaluation |
If a trusted template author were to write a <script> tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the <script> block.
16 affected packages
golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...
| Package | 20.04 LTS |
|---|---|
| golang | — |
| golang-1.6 | — |
| golang-1.8 | — |
| golang-1.9 | — |
| golang-1.10 | — |
| golang-1.13 | Needs evaluation |
| golang-1.14 | Needs evaluation |
| golang-1.16 | Needs evaluation |
| golang-1.17 | — |
| golang-1.18 | Needs evaluation |
| golang-1.20 | Needs evaluation |
| golang-1.21 | Needs evaluation |
| golang-1.22 | Needs evaluation |
| golang-1.23 | — |
| golang-1.24 | — |
| golang-1.25 | — |
The "go bug" command writes to two files with predictable names in the system temporary directory (for example, "/tmp"). An attacker with access to the temporary directory can create a symlink in one of these names, causing "go...
16 affected packages
golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...
| Package | 20.04 LTS |
|---|---|
| golang | — |
| golang-1.6 | — |
| golang-1.8 | — |
| golang-1.9 | — |
| golang-1.10 | — |
| golang-1.13 | Needs evaluation |
| golang-1.14 | Needs evaluation |
| golang-1.16 | Needs evaluation |
| golang-1.17 | — |
| golang-1.18 | Needs evaluation |
| golang-1.20 | Needs evaluation |
| golang-1.21 | Needs evaluation |
| golang-1.22 | Needs evaluation |
| golang-1.23 | — |
| golang-1.24 | — |
| golang-1.25 | — |
When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.
7 affected packages
golang-golang-x-net, google-guest-agent, containerd, golang-golang-x-net-dev, adsys...
| Package | 20.04 LTS |
|---|---|
| golang-golang-x-net | — |
| google-guest-agent | Needs evaluation |
| containerd | Needs evaluation |
| golang-golang-x-net-dev | Needs evaluation |
| adsys | Needs evaluation |
| juju-core | — |
| lxd | Needs evaluation |
(Spring MVC and WebFlux applications are vulnerable to cache poisoning ...)
1 affected package
libspring-java
| Package | 20.04 LTS |
|---|---|
| libspring-java | Needs evaluation |
In the Linux kernel, the following vulnerability has been resolved: Revert "arm64: zynqmp: Add an OP-TEE node to the device tree" This reverts commit 06d22ed6b6635b17551f386b50bb5aaff9b75fbe. OP-TEE logic in U-Boot automatically...
157 affected packages
linux, linux-hwe, linux-hwe-5.4, linux-hwe-5.8, linux-hwe-5.11...
| Package | 20.04 LTS |
|---|---|
| linux | Needs evaluation |
| linux-hwe | — |
| linux-hwe-5.4 | — |
| linux-hwe-5.8 | Ignored |
| linux-hwe-5.11 | Ignored |
| linux-hwe-5.13 | Ignored |
| linux-hwe-5.15 | Needs evaluation |
| linux-hwe-5.19 | — |
| linux-hwe-6.2 | — |
| linux-hwe-6.5 | — |
| linux-hwe-6.8 | — |
| linux-hwe-6.11 | — |
| linux-hwe-6.14 | — |
| linux-hwe-6.17 | — |
| linux-hwe-edge | — |
| linux-lts-xenial | — |
| linux-kvm | Needs evaluation |
| linux-allwinner-5.19 | — |
| linux-aws | Needs evaluation |
| linux-aws-5.0 | — |
| linux-aws-5.3 | — |
| linux-aws-5.4 | — |
| linux-aws-5.8 | Ignored |
| linux-aws-5.11 | Ignored |
| linux-aws-5.13 | Ignored |
| linux-aws-5.15 | Needs evaluation |
| linux-aws-5.19 | — |
| linux-aws-6.2 | — |
| linux-aws-6.5 | — |
| linux-aws-6.8 | — |
| linux-aws-6.14 | — |
| linux-aws-6.17 | — |
| linux-aws-hwe | — |
| linux-azure | Needs evaluation |
| linux-azure-4.15 | — |
| linux-azure-5.3 | — |
| linux-azure-5.4 | — |
| linux-azure-5.8 | Ignored |
| linux-azure-5.11 | Ignored |
| linux-azure-5.13 | Ignored |
| linux-azure-5.15 | Needs evaluation |
| linux-azure-5.19 | — |
| linux-azure-6.2 | — |
| linux-azure-6.5 | — |
| linux-azure-6.8 | — |
| linux-azure-6.11 | — |
| linux-azure-6.14 | — |
| linux-azure-6.17 | — |
| linux-azure-fde | Ignored |
| linux-azure-fde-5.15 | Needs evaluation |
| linux-azure-fde-5.19 | — |
| linux-azure-fde-6.2 | — |
| linux-azure-fde-6.8 | — |
| linux-azure-fde-6.14 | — |
| linux-azure-fde-6.17 | — |
| linux-azure-nvidia | — |
| linux-azure-nvidia-6.14 | — |
| linux-bluefield | Needs evaluation |
| linux-azure-edge | — |
| linux-fips | Needs evaluation |
| linux-aws-fips | Needs evaluation |
| linux-azure-fips | Needs evaluation |
| linux-gcp-fips | Needs evaluation |
| linux-gcp | Needs evaluation |
| linux-gcp-4.15 | — |
| linux-gcp-5.3 | — |
| linux-gcp-5.4 | — |
| linux-gcp-5.8 | Ignored |
| linux-gcp-5.11 | Ignored |
| linux-gcp-5.13 | Ignored |
| linux-gcp-5.15 | Needs evaluation |
| linux-gcp-5.19 | — |
| linux-gcp-6.2 | — |
| linux-gcp-6.5 | — |
| linux-gcp-6.8 | — |
| linux-gcp-6.11 | — |
| linux-gcp-6.14 | — |
| linux-gcp-6.17 | — |
| linux-gke | Ignored |
| linux-gke-4.15 | — |
| linux-gke-5.4 | — |
| linux-gke-5.15 | Ignored |
| linux-gkeop | Ignored |
| linux-gkeop-5.4 | — |
| linux-gkeop-5.15 | Ignored |
| linux-ibm | Needs evaluation |
| linux-ibm-5.4 | — |
| linux-ibm-5.15 | Needs evaluation |
| linux-ibm-6.8 | — |
| linux-intel-5.13 | Ignored |
| linux-intel-iotg | — |
| linux-intel-iotg-5.15 | Needs evaluation |
| linux-iot | Needs evaluation |
| linux-intel-iot-realtime | — |
| linux-lowlatency | — |
| linux-lowlatency-hwe-5.15 | Needs evaluation |
| linux-lowlatency-hwe-5.19 | — |
| linux-lowlatency-hwe-6.2 | — |
| linux-lowlatency-hwe-6.5 | — |
| linux-lowlatency-hwe-6.8 | — |
| linux-lowlatency-hwe-6.11 | — |
| linux-nvidia | — |
| linux-nvidia-6.2 | — |
| linux-nvidia-6.5 | — |
| linux-nvidia-6.8 | — |
| linux-nvidia-6.11 | — |
| linux-nvidia-lowlatency | — |
| linux-nvidia-tegra | — |
| linux-nvidia-tegra-5.15 | Needs evaluation |
| linux-nvidia-tegra-igx | — |
| linux-oracle | Needs evaluation |
| linux-oracle-5.0 | — |
| linux-oracle-5.3 | — |
| linux-oracle-5.4 | — |
| linux-oracle-5.8 | Ignored |
| linux-oracle-5.11 | Ignored |
| linux-oracle-5.13 | Ignored |
| linux-oracle-5.15 | Needs evaluation |
| linux-oracle-6.5 | — |
| linux-oracle-6.8 | — |
| linux-oracle-6.14 | — |
| linux-oracle-6.17 | — |
| linux-oem | — |
| linux-oem-5.6 | Ignored |
| linux-oem-5.10 | Ignored |
| linux-oem-5.13 | Ignored |
| linux-oem-5.14 | Ignored |
| linux-oem-5.17 | — |
| linux-oem-6.0 | — |
| linux-oem-6.1 | — |
| linux-oem-6.5 | — |
| linux-oem-6.8 | — |
| linux-oem-6.11 | — |
| linux-oem-6.14 | — |
| linux-oem-6.17 | — |
| linux-raspi | Needs evaluation |
| linux-raspi2 | Ignored |
| linux-raspi-5.4 | — |
| linux-raspi-realtime | — |
| linux-realtime | — |
| linux-realtime-6.8 | — |
| linux-realtime-6.14 | — |
| linux-riscv | Ignored |
| linux-riscv-5.8 | Ignored |
| linux-riscv-5.11 | Ignored |
| linux-riscv-5.15 | Needs evaluation |
| linux-riscv-5.19 | — |
| linux-riscv-6.5 | — |
| linux-riscv-6.8 | — |
| linux-riscv-6.14 | — |
| linux-riscv-6.17 | — |
| linux-starfive-5.19 | — |
| linux-starfive-6.2 | — |
| linux-starfive-6.5 | — |
| linux-xilinx | — |
| linux-xilinx-zynqmp | Needs evaluation |
| linux-realtime-6.17 | — |
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the PDO Firebird driver improperly handles NUL bytes when preparing SQL queries. During token-by-token query construction, a...
7 affected packages
php5, php7.0, php7.2, php7.4, php8.1...
| Package | 20.04 LTS |
|---|---|
| php5 | — |
| php7.0 | — |
| php7.2 | — |
| php7.4 | Needs evaluation |
| php8.1 | — |
| php8.3 | — |
| php8.4 | — |
In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via moderately sized crafted XML input.
23 affected packages
expat, apache2, apr-util, cmake, ghostscript...
| Package | 20.04 LTS |
|---|---|
| expat | Needs evaluation |
| apache2 | Not affected |
| apr-util | Not affected |
| cmake | Not affected |
| ghostscript | Not affected |
| texlive-bin | Not affected |
| xmlrpc-c | Needs evaluation |
| vnc4 | — |
| wbxml2 | Needs evaluation |
| swish-e | Needs evaluation |
| insighttoolkit4 | Needs evaluation |
| cadaver | Needs evaluation |
| gdcm | Not affected |
| ayttm | — |
| cableswig | — |
| coin3 | Not affected |
| matanza | Ignored |
| tdom | Needs evaluation |
| vtk | — |
| smart | — |
| firefox | — |
| thunderbird | — |
| libxmltok | Needs evaluation |