Search CVE reports
971 – 980 of 37641 results
Not in release
Undici allows duplicate HTTP Content-Length headers when they are provided in an array with case-variant names (e.g., Content-Length and content-length). This produces malformed HTTP/1.1 requests with multiple...
1 affected package
node-undici
| Package | 22.04 LTS |
|---|---|
| node-undici | Not in release |
An information disclosure issue in the zipfileInflate function in the zipfile extension in SQLite v3.51.1 and earlier allows attackers to obtain heap memory via supplying a crafted ZIP file.
2 affected packages
sqlite, sqlite3
| Package | 22.04 LTS |
|---|---|
| sqlite | Not affected |
| sqlite3 | Not affected |
flatted is a circular JSON parser. Prior to 3.4.0, flatted's parse() function uses a recursive revive() phase to resolve circular references in deserialized JSON. When given a crafted payload with deeply nested or self-referential...
1 affected package
node-flatted
| Package | 22.04 LTS |
|---|---|
| node-flatted | Needs evaluation |
Magic Wormhole makes it possible to get arbitrary-sized files and directories from one computer to another. From 0.21.0 to before 0.23.0, receiving a file (wormhole receive) from a malicious party could result in overwriting...
1 affected package
magic-wormhole
| Package | 22.04 LTS |
|---|---|
| magic-wormhole | Needs evaluation |
The "tarfile" module would still apply normalization of AREGTYPE (\x00) blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPE_LONGNAME or GNUTYPE_LONGLINK. This could result in a crafted tar archive being...
12 affected packages
python2.7, python3.4, python3.5, python3.6, python3.7...
| Package | 22.04 LTS |
|---|---|
| python2.7 | Needs evaluation |
| python3.4 | Not in release |
| python3.5 | Not in release |
| python3.6 | Not in release |
| python3.7 | Not in release |
| python3.8 | Not in release |
| python3.9 | Not in release |
| python3.10 | Needs evaluation |
| python3.11 | Needs evaluation |
| python3.12 | Not in release |
| python3.13 | Not in release |
| python3.14 | Not in release |
Some fixes available 1 of 2
Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions and does not affect the OpenSSH upstream project itself. The...
2 affected packages
openssh, openssh-ssh1
| Package | 22.04 LTS |
|---|---|
| openssh | Fixed |
| openssh-ssh1 | Ignored |
Not in release
multipart is a fast multipart/form-data parser for python. Prior to 1.2.2, 1.3.1 and 1.4.0-dev, the parse_options_header() function in multipart.py uses a regular expression with an ambiguous alternation, which can...
1 affected package
multipart
| Package | 22.04 LTS |
|---|---|
| multipart | Not in release |
Not in release
llama.cpp is an inference of several LLM models in C/C++. Prior to b8146, the gguf_init_from_file_impl() in gguf.cpp is vulnerable to an Integer overflow, leading to an undersized heap allocation. Using the subsequent fread()...
1 affected package
llama.cpp
| Package | 22.04 LTS |
|---|---|
| llama.cpp | Not in release |
A flaw was found in Libsoup. The server-side digest authentication implementation in the SoupAuthDomainDigest class does not properly track issued nonces or enforce the required incrementing nonce-count (nc) attribute. This...
2 affected packages
libsoup2.4, libsoup3
| Package | 22.04 LTS |
|---|---|
| libsoup2.4 | Vulnerable |
| libsoup3 | Vulnerable |
A security vulnerability has been detected in GPAC 26.03-DEV. Affected by this vulnerability is the function svgin_process of the file src/filters/load_svg.c of the component SVG Parser. The manipulation leads to out-of-bounds...
1 affected package
gpac
| Package | 22.04 LTS |
|---|---|
| gpac | Needs evaluation |