Search CVE reports
1 – 10 of 35200 results
c-ares is an asynchronous resolver library. Versions 1.32.3 through 1.34.5 terminate a query after maximum attempts when using read_answer() and process_answer(), which can cause a Denial of Service. This issue is fixed in version 1.34.6.
1 affected package
c-ares
| Package | 20.04 LTS |
|---|---|
| c-ares | Not affected |
A memory disclosure vulnerability exists in libcoap's OSCORE configuration parser in libcoap before release-4.3.5-patches. An out-of-bounds read may occur when parsing certain configuration values, allowing an attacker to infer or...
3 affected packages
libcoap, libcoap2, libcoap3
| Package | 20.04 LTS |
|---|---|
| libcoap | — |
| libcoap2 | Needs evaluation |
| libcoap3 | — |
[Insufficient validation of incoming notifies over TCP can lead to a denial of service in Recursor]
1 affected package
pdns-recursor
| Package | 20.04 LTS |
|---|---|
| pdns-recursor | Needs evaluation |
[Internal logic flaw in cache management can lead to a denial of service in Recursor]
1 affected package
pdns-recursor
| Package | 20.04 LTS |
|---|---|
| pdns-recursor | Needs evaluation |
yawkat LZ4 Java provides LZ4 compression for Java. Insufficient clearing of the output buffer in Java-based decompressor implementations in lz4-java 1.10.0 and earlier allows remote attackers to read previous buffer contents via...
1 affected package
lz4-java
| Package | 20.04 LTS |
|---|---|
| lz4-java | Needs evaluation |
Nextcloud Desktop is the desktop sync client for Nextcloud. Prior to 3.16.5, when trying to manually lock a file inside an end-to-end encrypted directory, the path of the file was sent to the server unencrypted, making it possible...
1 affected package
nextcloud-desktop
| Package | 20.04 LTS |
|---|---|
| nextcloud-desktop | Needs evaluation |
urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior to 2.6.0, the Streaming API improperly handles highly compressed data. urllib3's streaming API is designed for the efficient handling of...
2 affected packages
python-urllib3, python-pip
| Package | 20.04 LTS |
|---|---|
| python-urllib3 | Needs evaluation |
| python-pip | Needs evaluation |
urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited...
2 affected packages
python-urllib3, python-pip
| Package | 20.04 LTS |
|---|---|
| python-urllib3 | Needs evaluation |
| python-pip | Needs evaluation |
(This issue was addressed through improved state management. This issue ...)
5 affected packages
webkitgtk, webkit2gtk, qtwebkit-source, qtwebkit-opensource-src, wpewebkit
| Package | 20.04 LTS |
|---|---|
| webkitgtk | — |
| webkit2gtk | Ignored |
| qtwebkit-source | — |
| qtwebkit-opensource-src | Ignored |
| wpewebkit | Ignored |
(Multiple issues were addressed by disabling array allocation sinking. ...)
5 affected packages
webkitgtk, webkit2gtk, qtwebkit-source, qtwebkit-opensource-src, wpewebkit
| Package | 20.04 LTS |
|---|---|
| webkitgtk | — |
| webkit2gtk | Ignored |
| qtwebkit-source | — |
| qtwebkit-opensource-src | Ignored |
| wpewebkit | Ignored |