Search CVE reports
611 – 620 of 38252 results
DeepDiff is a project focused on Deep Difference and search of any Python data. From version 5.0.0 to before version 8.6.2, the pickle unpickler _RestrictedUnpickler validates which classes can be loaded but does not limit their...
1 affected package
deepdiff
| Package | 20.04 LTS |
|---|---|
| deepdiff | Needs evaluation |
Socket.IO is an open source, real-time, bidirectional, event-based, communication framework. Prior to versions 3.3.5, 3.4.4, and 4.2.6, a specially crafted Socket.IO packet can make the server wait for a large number of binary...
1 affected package
node-socket.io-parser
| Package | 20.04 LTS |
|---|---|
| node-socket.io-parser | Needs evaluation |
libfuse is the reference implementation of the Linux FUSE. From version 3.18.0 to before version 3.18.2, a use-after-free vulnerability in the io_uring subsystem of libfuse allows a local attacker to crash FUSE filesystem...
2 affected packages
fuse, fuse3
| Package | 20.04 LTS |
|---|---|
| fuse | Not affected |
| fuse3 | Not affected |
GPAC is an open-source multimedia framework. Prior to commit 86b0e36, a heap-based buffer overflow (write) vulnerability was discovered in GPAC MP4Box. The vulnerability exists in the gf_xml_parse_bit_sequence_bs function in...
1 affected package
gpac
| Package | 20.04 LTS |
|---|---|
| gpac | Needs evaluation |
AWStats 8.0 is vulnerable to Command Injection via the open function
1 affected package
awstats
| Package | 20.04 LTS |
|---|---|
| awstats | Needs evaluation |
Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the...
2 affected packages
glibc, eglibc
| Package | 20.04 LTS |
|---|---|
| glibc | Needs evaluation |
| eglibc | — |
Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server,...
2 affected packages
glibc, eglibc
| Package | 20.04 LTS |
|---|---|
| glibc | Needs evaluation |
| eglibc | — |
MariaDB server is a community developed fork of MySQL server. An authenticated user can crash MariaDB versions 11.4 before 11.4.10 and 11.8 before 11.8.6 via a bug in JSON_SCHEMA_VALID() function. Under certain conditions it might...
5 affected packages
mariadb, mariadb-10.0, mariadb-10.1, mariadb-10.3, mariadb-10.6
| Package | 20.04 LTS |
|---|---|
| mariadb | — |
| mariadb-10.0 | — |
| mariadb-10.1 | — |
| mariadb-10.3 | Needs evaluation |
| mariadb-10.6 | — |
The webbrowser.open() API would accept leading dashes in the URL which could be handled as command line options for certain web browsers. New behavior rejects leading dashes. Users are recommended to sanitize URLs prior to passing...
14 affected packages
jython, pypy3, python2.7, python3.4, python3.5...
| Package | 20.04 LTS |
|---|---|
| jython | Needs evaluation |
| pypy3 | Needs evaluation |
| python2.7 | Needs evaluation |
| python3.4 | — |
| python3.5 | — |
| python3.6 | — |
| python3.7 | — |
| python3.8 | Needs evaluation |
| python3.9 | Needs evaluation |
| python3.10 | — |
| python3.11 | — |
| python3.12 | — |
| python3.13 | — |
| python3.14 | — |
pydicom is a pure Python package for working with DICOM files. Versions 2.0.0-rc.1 through 3.0.1 are vulnerable to Path Traversal through a maliciously crafted DICOMDIR ReferencedFileID when it is set to a path outside the...
1 affected package
pydicom
| Package | 20.04 LTS |
|---|---|
| pydicom | Needs evaluation |