Search CVE reports
121 – 130 of 29881 results
Werkzeug is a comprehensive WSGI web application library. Prior to version 3.1.4, Werkzeug's safe_join function allows path segments with Windows device names. On Windows, there are special device names such as CON, AUX, etc that...
1 affected package
python-werkzeug
| Package | 24.04 LTS |
|---|---|
| python-werkzeug | Needs evaluation |
fontTools is a library for manipulating fonts, written in Python. In versions from 4.33.0 to before 4.60.2, the fonttools varLib (or python3 -m fontTools.varLib) script has an arbitrary file write vulnerability that leads to...
1 affected package
fonttools
| Package | 24.04 LTS |
|---|---|
| fonttools | Needs evaluation |
Not in release
Keras version 3.11.3 is affected by a path traversal vulnerability in the keras.utils.get_file() function when extracting tar archives. The vulnerability arises because the function uses Python's tarfile.extractall() method...
1 affected package
keras
| Package | 24.04 LTS |
|---|---|
| keras | Not in release |
In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time.
23 affected packages
expat, apache2, apr-util, cmake, ghostscript...
| Package | 24.04 LTS |
|---|---|
| expat | Needs evaluation |
| apache2 | Not affected |
| apr-util | Not affected |
| cmake | Not affected |
| ghostscript | Not affected |
| texlive-bin | Not affected |
| xmlrpc-c | Needs evaluation |
| vnc4 | Not in release |
| wbxml2 | Needs evaluation |
| swish-e | Needs evaluation |
| insighttoolkit4 | Not in release |
| cadaver | Needs evaluation |
| gdcm | Not affected |
| ayttm | Not in release |
| cableswig | Not in release |
| coin3 | Not affected |
| matanza | Ignored |
| tdom | Needs evaluation |
| vtk | Not in release |
| smart | Not in release |
| firefox | Not affected |
| thunderbird | Not affected |
| libxmltok | Needs evaluation |
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to version 2.4.15, a user in the lpadmin group can use the cups web ui to change the config and insert a malicious line....
1 affected package
cups
| Package | 24.04 LTS |
|---|---|
| cups | Fixed |
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to version 2.4.15, a client that connects to cupsd but sends slow messages, e.g. only one byte per second, delays cupsd as...
1 affected package
cups
| Package | 24.04 LTS |
|---|---|
| cups | Fixed |
security update
2 affected packages
kdeconnect, gnome-shell-extension-gsconnect
| Package | 24.04 LTS |
|---|---|
| kdeconnect | Not affected |
| gnome-shell-extension-gsconnect | Not affected |
Not in release
Spotipy is a Python library for the Spotify Web API. Prior to version 2.25.2, there is a cross-site scripting (XSS) vulnerability in the OAuth callback server that allows for JavaScript injection through the unsanitized error...
1 affected package
spotipy
| Package | 24.04 LTS |
|---|---|
| spotipy | Not in release |
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage...
1 affected package
angular.js
| Package | 24.04 LTS |
|---|---|
| angular.js | Needs evaluation |
Not in release
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to...
1 affected package
node-node-forge
| Package | 24.04 LTS |
|---|---|
| node-node-forge | Not in release |