Search CVE reports
1491 – 1500 of 39983 results
A security vulnerability has been detected in libvips up to 8.18.2. The affected element is the function im_minpos_vec of the file libvips/deprecated/vips7compat.c of the component nip2 Handler. Such manipulation of the argument n...
1 affected package
vips
| Package | 20.04 LTS |
|---|---|
| vips | Needs evaluation |
A flaw was found in dnsmasq. A remote attacker could exploit an out-of-bounds write vulnerability by sending a specially crafted BOOTREPLY (Bootstrap Protocol Reply) packet to a dnsmasq server configured with...
1 affected package
dnsmasq
| Package | 20.04 LTS |
|---|---|
| dnsmasq | Needs evaluation |
In OCaml opam before 2.5.1, a .install field containing a destination filepath can use ../ to reach a parent directory.
1 affected package
opam
| Package | 20.04 LTS |
|---|---|
| opam | Fixed |
pypdf is a free and open-source pure-python PDF library. In versions prior to 6.10.0, manipulated XMP metadata entity declarations can exhaust RAM. An attacker who exploits this vulnerability can craft a PDF which leads to large...
2 affected packages
pypdf, pypdf2
| Package | 20.04 LTS |
|---|---|
| pypdf | — |
| pypdf2 | Needs evaluation |
Pillow is a Python imaging library. Versions 10.3.0 through 12.1.1 did not limit the amount of GZIP-compressed data read when decoding a FITS image, making them vulnerable to decompression bomb attacks. A specially crafted FITS...
2 affected packages
pillow, pillow-python2
| Package | 20.04 LTS |
|---|---|
| pillow | Not affected |
| pillow-python2 | Not affected |
openCryptoki is a PKCS#11 library and provides tooling for Linux and AIX. In versions 3.26.0 and below, the BER/DER decoding functions in the shared common library (asn1.c) accept a raw pointer but no buffer length parameter, and...
1 affected package
opencryptoki
| Package | 20.04 LTS |
|---|---|
| opencryptoki | Needs evaluation |
Insufficient checks of the RMP on host buffer access in IOMMU may allow an attacker with privileges and a compromised hypervisor to trigger an out of bounds condition without RMP checks, resulting in a potential loss...
1 affected package
amd64-microcode
| Package | 20.04 LTS |
|---|---|
| amd64-microcode | Needs evaluation |
zlib is a Ruby interface for the zlib compression/decompression library. Versions 3.0.0 and below, 3.1.0, 3.1.1, 3.2.0 and 3.2.1 contain a buffer overflow vulnerability in the Zlib::GzipReader. The zstream_buffer_ungets function...
7 affected packages
ruby2.3, ruby2.5, ruby2.7, ruby3.0, ruby3.2...
| Package | 20.04 LTS |
|---|---|
| ruby2.3 | — |
| ruby2.5 | — |
| ruby2.7 | Needs evaluation |
| ruby3.0 | — |
| ruby3.2 | — |
| ruby3.3 | — |
| jruby | Needs evaluation |
libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.
23 affected packages
expat, apache2, apr-util, cmake, ghostscript...
| Package | 20.04 LTS |
|---|---|
| expat | Needs evaluation |
| apache2 | Not affected |
| apr-util | Not affected |
| cmake | Not affected |
| ghostscript | Not affected |
| texlive-bin | Not affected |
| xmlrpc-c | Needs evaluation |
| vnc4 | — |
| wbxml2 | Needs evaluation |
| swish-e | Needs evaluation |
| insighttoolkit4 | Needs evaluation |
| cadaver | Needs evaluation |
| gdcm | Not affected |
| ayttm | — |
| cableswig | — |
| coin3 | Not affected |
| matanza | Ignored |
| tdom | Needs evaluation |
| vtk | — |
| smart | — |
| firefox | — |
| thunderbird | — |
| libxmltok | Needs evaluation |
A Denial of Service (DoS) vulnerability exists in the Protobuf PHP library during the parsing of untrusted input. Maliciously structured messages—specifically those containing negative varints or deep recursion—can be used to...
1 affected package
protobuf
| Package | 20.04 LTS |
|---|---|
| protobuf | Vulnerable |