Search CVE reports
641 – 650 of 37556 results
gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 `:path` pseudo-header. The gRPC-Go server was too lenient in...
2 affected packages
golang-google-grpc, google-guest-agent
| Package | 22.04 LTS |
|---|---|
| golang-google-grpc | Needs evaluation |
| google-guest-agent | Needs evaluation |
libfuse is the reference implementation of the Linux FUSE. From version 3.18.0 to before version 3.18.2, a NULL pointer dereference and memory leak in fuse_uring_init_queue allows a local user to crash the FUSE daemon or cause...
2 affected packages
fuse, fuse3
| Package | 22.04 LTS |
|---|---|
| fuse | Not affected |
| fuse3 | Not affected |
libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.17, a crafted HEVC bitstream causes an out-of-bounds heap write confirmed by AddressSanitizer. The trigger is a stale ctb_info.log2unitSize...
1 affected package
libde265
| Package | 22.04 LTS |
|---|---|
| libde265 | Needs evaluation |
libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.17, a malformed H.265 PPS NAL unit causes a segmentation fault in pic_parameter_set::set_derived_values(). This issue has been patched in...
1 affected package
libde265
| Package | 22.04 LTS |
|---|---|
| libde265 | Needs evaluation |
DeepDiff is a project focused on Deep Difference and search of any Python data. From version 5.0.0 to before version 8.6.2, the pickle unpickler _RestrictedUnpickler validates which classes can be loaded but does not limit their...
1 affected package
deepdiff
| Package | 22.04 LTS |
|---|---|
| deepdiff | Needs evaluation |
dynaconf is a configuration management tool for Python. Prior to version 3.2.13, Dynaconf is vulnerable to Server-Side Template Injection (SSTI) due to unsafe template evaluation in the @Jinja resolver. When the jinja2 package is...
1 affected package
python-dynaconf
| Package | 22.04 LTS |
|---|---|
| python-dynaconf | Needs evaluation |
Socket.IO is an open source, real-time, bidirectional, event-based, communication framework. Prior to versions 3.3.5, 3.4.4, and 4.2.6, a specially crafted Socket.IO packet can make the server wait for a large number of binary...
1 affected package
node-socket.io-parser
| Package | 22.04 LTS |
|---|---|
| node-socket.io-parser | Needs evaluation |
libfuse is the reference implementation of the Linux FUSE. From version 3.18.0 to before version 3.18.2, a use-after-free vulnerability in the io_uring subsystem of libfuse allows a local attacker to crash FUSE filesystem...
2 affected packages
fuse, fuse3
| Package | 22.04 LTS |
|---|---|
| fuse | Not affected |
| fuse3 | Not affected |
GPAC is an open-source multimedia framework. Prior to commit 86b0e36, a heap-based buffer overflow (write) vulnerability was discovered in GPAC MP4Box. The vulnerability exists in the gf_xml_parse_bit_sequence_bs function in...
1 affected package
gpac
| Package | 22.04 LTS |
|---|---|
| gpac | Needs evaluation |
AWStats 8.0 is vulnerable to Command Injection via the open function
1 affected package
awstats
| Package | 22.04 LTS |
|---|---|
| awstats | Needs evaluation |