Search CVE reports
421 – 430 of 38661 results
Issue summary: Applications using AES-CFB128 encryption or decryption on systems with AVX-512 and VAES support can trigger an out-of-bounds read of up to 15 bytes when processing partial cipher blocks. Impact summary: This...
5 affected packages
openssl, openssl-fips, openssl1.0, nodejs, edk2
| Package | 20.04 LTS |
|---|---|
| openssl | Not affected |
| openssl-fips | — |
| openssl1.0 | — |
| nodejs | Not affected |
| edk2 | Not affected |
SDL_image is a library to load images of various formats as SDL surfaces. In do_layer_surface() in src/IMG_xcf.c, pixel index values from decoded XCF tile data are used directly as colormap indices without validating them against...
3 affected packages
libsdl2-image, libsdl3-image, sdl-image1.2
| Package | 20.04 LTS |
|---|---|
| libsdl2-image | Needs evaluation |
| libsdl3-image | — |
| sdl-image1.2 | Needs evaluation |
OCS Inventory NG Server version 2.12.3 and prior contain a stored cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript by submitting malicious User-Agent HTTP headers to the...
1 affected package
ocsinventory-server
| Package | 20.04 LTS |
|---|---|
| ocsinventory-server | Needs evaluation |
Discount is an implementation of John Gruber's Markdown markup language in C. From 1.3.1.1 to before 2.2.7.4, a signed length truncation bug causes an out-of-bounds read in the default Markdown parse path. Inputs larger...
1 affected package
discount
| Package | 20.04 LTS |
|---|---|
| discount | Needs evaluation |
Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.0, distribution can restore read access in repo a after an explicit delete when storage.cache.blobdescriptor: redis...
1 affected package
docker-registry
| Package | 20.04 LTS |
|---|---|
| docker-registry | Needs evaluation |
Rejected reason: CVE confirmed to be a false positive
2 affected packages
golang-github-coreos-bbolt, golang-github-boltdb-bolt
| Package | 20.04 LTS |
|---|---|
| golang-github-coreos-bbolt | Not affected |
| golang-github-boltdb-bolt | Not affected |
Vim is an open source, command line text editor. Prior to 9.2.0280, a path traversal bypass in Vim's zip.vim plugin allows overwriting of arbitrary files when opening specially crafted zip archives, circumventing the previous fix...
1 affected package
vim
| Package | 20.04 LTS |
|---|---|
| vim | Needs evaluation |
Hugo is a static site generator. From 0.60.0 to before 0.159.2, links and image links in the default markdown to HTML renderer are not properly escaped. Hugo users who trust their Markdown content or have custom render hooks for...
1 affected package
hugo
| Package | 20.04 LTS |
|---|---|
| hugo | Needs evaluation |
Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards. Prior to...
3 affected packages
golang-github-go-jose-go-jose, golang-github-go-jose-go-jose.v3, golang-gopkg-square-go-jose.v2
| Package | 20.04 LTS |
|---|---|
| golang-github-go-jose-go-jose | — |
| golang-github-go-jose-go-jose.v3 | — |
| golang-gopkg-square-go-jose.v2 | Needs evaluation |
A flaw was found in tar. A remote attacker could exploit this vulnerability by crafting a malicious archive, leading to hidden file injection with fully attacker-controlled content. This bypasses pre-extraction...
1 affected package
tar
| Package | 20.04 LTS |
|---|---|
| tar | Needs evaluation |